Information disclosure

In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. Us...

CVE-2021-1034

CVE-2021-1034 affects Android 12 via the PhoneInterfaceManager.getLine1NumberForDisplay path. A missing permission check enables an app to infer whether another app is installed, causing local information disclosure without requiring additional execution privileges. The vulnerability stems from i...

CVE-2021-1014

CVE-2021-1014 affects Android 12 via the getNetworkTypeForSubscriber path in PhoneInterfaceManager.java. The vulnerability arises from a side-channel that lets a local attacker determine whether an app is installed without query permissions, enabling local information disclosure without additiona...

CVE-2020-27032

In CVE-2020-27032, a missing permission check in getRadioAccessFamily() of PhoneInterfaceManager.java allows a local attacker to read privileged radio data on Android-11, potentially leading to information disclosure without user interaction. Affected component is the Android framework (PhoneInte...

CVE-2020-0106

CVE-2020-0106 affects Android 10. The issue is in PhoneInterfaceManager.getCellLocation, where a missing SDK version check allows a local attacker to bypass a permission check and disclose information without extra privileges. Impacted: local information disclosure; no user interaction required. ...