CVE-2020-27098

Name of the Vulnerable Software and Affected Versions: Android version Android-11

Description: In the checkGrantUriPermission function of UriGrantsManagerService.java, there is a possible way to access contacts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations: For Android version Android-11, consider restricting access to sensitive contacts data until a patch is available. As a temporary workaround, review and restrict permissions related to contact access to minimize the risk of exploitation.