CVE-2009-1754

Name of the Vulnerable Software and Affected Versions: Android versions 1.5 through 1.5 CRB42

Description: The issue arises from improper checking of developer certificates by the PackageManagerService class during the installation of applications that specify a shared user ID. This allows attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.

Recommendations: For Android versions 1.5 through 1.5 CRB42, consider restricting the use of shared user IDs until a proper fix is implemented to ensure developer certificates are correctly validated during application installation.