CVE-2022-1959
Description
AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
AppLock 7.9.29 allows physical attackers to bypass fingerprint authentication by directly calling the onAuthenticationSucceeded method via Frida.
Vulnerability
AppLock version 7.9.29 implements biometric authentication using the onAuthenticationSucceeded callback without properly validating the CryptoObject. This allows an attacker to bypass fingerprint validation by directly invoking the callback method. The application's logic for unlocking is placed inside this callback, making it vulnerable to direct calls via process manipulation [1].
Exploitation
An attacker with physical access to the device can exploit this by installing Frida and running a command that calls the onAuthenticationSucceeded method directly. The steps include: installing and configuring AppLock with fingerprint protection, setting up Frida, then using a Frida script to trigger the callback. After pressing the recent apps button and returning to AppLock, the attacker gains access without providing a valid fingerprint [1].
Impact
Successful exploitation allows the attacker to unlock AppLock and access all protected applications without biometric authentication. This bypasses the intended security control, potentially exposing private data and app contents [1].
Mitigation
No official patch has been released for AppLock 7.9.29. The advisory recommends implementing a fingerprint-protected keystore key to decrypt a symmetric key used for application storage, ensuring that the authentication cannot be bypassed by directly calling callbacks [1]. Users should update to a newer version if available or apply the recommended cryptographic approach.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- AppLock/AppLockdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The application's onAuthenticationSucceeded callback can be invoked directly by an attacker without valid biometric data, because the implementation does not verify the CryptoObject or enforce that the callback was triggered by the system's fingerprint authentication."
Attack vector
An attacker with physical access to the device can bypass the fingerprint lock by using Frida to hook the application process and directly call the onAuthenticationSucceeded method [ref_id=1]. After installing and configuring AppLock with fingerprint protection, the attacker runs a Frida script that triggers the callback, then presses the recent-apps button and returns to AppLock — the application unlocks without requiring a valid fingerprint [ref_id=1]. This works because the app's biometric authentication logic relies solely on the callback being invoked, without validating that the system's fingerprint hardware actually authenticated the user [ref_id=1].
Affected code
The advisory does not specify exact file paths or function names beyond the onAuthenticationSucceeded callback method in the Android fingerprint implementation [ref_id=1]. The vulnerability exists in the biometric authentication logic of AppLock version 7.9.29 on Android 8.0 (API 26) [ref_id=1].
What the fix does
The advisory states that no patch is currently available for this vulnerability [ref_id=1]. The recommended remediation is to use a fingerprint-protected keystore key to decrypt a symmetric key, which in turn decrypts the application's storage — this ensures that even if the callback is invoked artificially, the attacker cannot access protected data without the actual biometric credential [ref_id=1].
Preconditions
- physicalAttacker must have physical access to the Android device running AppLock 7.9.29
- configAppLock must be installed and configured with fingerprint protection enabled
- inputAttacker must be able to install and run Frida on the device (or connect via USB to a host running Frida)
Reproduction
1. Install and configure AppLock, then activate fingerprint protection in the app settings [ref_id=1]. 2. Install and configure Frida on the device or a connected host [ref_id=1]. 3. Launch AppLock so the fingerprint prompt appears. 4. Run the Frida exploit script (exploit.js) on the host [ref_id=1]. 5. Press the 'recent' button (square icon) on the device to open the recent-apps view, then switch back to AppLock [ref_id=1]. 6. The application unlocks instantly without requiring a valid fingerprint [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- fluidattacks.com/advisories/walker/mitrex_refsource_MISC
- www.spsoftmobile.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.