CVE-2020-0439

Name of the Vulnerable Software and Affected Versions Android versions 8.0 through 11

Description The issue is related to an incorrect permission check in the generatePackageInfo function of PackageManagerService.java. This could lead to local escalation of privilege, allowing instant apps to access permissions not allowed for them without needing additional execution privileges. User interaction is not required for exploitation.

Recommendations For Android versions 8.0 through 11, consider restricting access to instant apps until a patch is available. As a temporary workaround, review and restrict permissions assigned to instant apps to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.