App can read default sms application package without requiring any permission.

2021-09-0100:00:00

Google

osv.dev

information security

default sms

permission check

local information disclosure

exploitation

EPSS

Percentile

5.1%

JSON

In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.