VYPR
Medium severity5.5NVD Advisory· Published Nov 10, 2020· Updated Jun 17, 2026

CVE-2020-0448

CVE-2020-0448

Description

In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Google/Androiddescription
  • Google/Androidllm-fuzzy
    Range: Android-8.0, Android-8.1, Android-9, Android-10, Android-11

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.