CVE-2022-20252

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description The issue concerns a side channel information disclosure in PackageManager, allowing an attacker to determine whether an app is installed without requiring query permissions. This could lead to local information disclosure, and no additional execution privileges are needed for exploitation. User interaction is not required for this issue to be exploited.

Recommendations For Android version Android-13, consider restricting access to the PackageManager until a patch is available. As a temporary workaround, avoid using sensitive information in app installations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.