CVE-2020-0121

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description A logic error in the updateUidProcState of AppOpsService.java could lead to a permission bypass, resulting in local information disclosure of location data. This issue requires User execution privileges and does not need user interaction for exploitation.

Recommendations For Android version Android-10, consider restricting access to sensitive location data until a patch is available. As a temporary workaround, review and restrict the use of the updateUidProcState function in AppOpsService.java to minimize the risk of exploitation.