CVE-2016-6910

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version are affected, specifically on Samsung Galaxy S6 Edge devices, including versions 5.0.2, 5.1.1, and 6.0.1.

Description The issue allows an unprivileged third-party app to obtain the text of the user's notifications, which can contain personal data. This is possible because a non-existent notification listener vulnerability gives a non-existent app the ability to read notifications from the device. A third-party app can exploit this by using the package name com.samsung.android.app.portalservicewidget.

Recommendations For Android 5.0.2, consider restricting access to the notification system until a patch is available. For Android 5.1.1 and 6.0.1, avoid using the package name com.samsung.android.app.portalservicewidget in third-party apps to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.