CVE-2020-0023

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description The issue is related to a missing permission check in the setPhonebookAccessPermission function of AdapterService.java. This could lead to the disclosure of user contacts over Bluetooth if a malicious app enables contacts over a Bluetooth connection. The exploitation requires user execution privileges and does not need user interaction.

Recommendations For Android version Android-10, consider restricting access to the setPhonebookAccessPermission function in AdapterService.java to prevent unauthorized disclosure of user contacts over Bluetooth. As a temporary workaround, consider disabling Bluetooth connectivity for contacts until a patch is available.