CVE-2022-20234

Name of the Vulnerable Software and Affected Versions Android versions Android-12L

Description The issue arises in the Car Settings app where the NotificationAccessConfirmationActivity is exported, allowing an unprivileged app to manipulate mComponentName and pkgTitle to deceive users into enabling notification access permission for a malicious app. Users may believe they are enabling this permission for a benign app, such as the Settings app, but in reality, they are granting it to the malicious app. Once the malicious app obtains this permission, it can read all notifications, including personal information.

Recommendations For Android version Android-12L, there is no information about a newer version that contains a fix for this vulnerability.