CVE-2026-28586

In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45614

Name of the Vulnerable Software and Affected Versions AppOpsService affected versions not specified Description A permissions bypass exists in multiple functions of AppOpsService.java, resulting in a missing permission check. This flaw allows for local information disclosure without requiring...

CVE-2026-0014

In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0015

In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-201766

In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is...

CVE-2025-48590

In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is...

Google Android Denial of Service Vulnerability (CNVD-2025-23030)

Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which is caused due to incorrect input validation of multiple functions in AppOpsService.java. An attacker can exploit this vulnerability to cause a denial of...

CVE-2025-48559

In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-34738

In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

CVE-2024-23712

In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appopsaccesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-243376549

In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

ASB-A-208662370

In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2020-0121

In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-0080

In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. This could lead to local escalation of privilege with User execution privileges needed. User interaction is...

Google Kills Privacy Feature

UPDATE: Google has removed a pivotal privacy feature from its Android operating system that gave users the ability to deny permissions in and regulate information collection attempts by installed applications. The feature, which users could control with a tool called AppOps Launcher, first appear...