Google · Android · CVE-2019-2114
**Name of the Vulnerable Software and Affected Versions**
Android versions 8.0 through 9
**Description**
The issue is related to a default permission in NFC that allows for a local bypass of user interaction requirements on package installation. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is required for exploitation.
**Recommendations**
For Android versions 8.0 through 9, consider restricting the use of NFC beaming to minimize the risk of exploitation until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.