Executive Summary

This vulnerability exists in the Android Settings app within the ContentProtectionTogglePreferenceController component. Due to a logic error, a secondary user (such as a guest user) can disable the primary user's deceptive app scanning setting without needing any additional execution privileges or user interaction. This means unauthorized users can change security-related settings that should be restricted to the primary user. [1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to a local escalation of privilege where a secondary user can disable the primary user's deceptive app scanning setting. This could reduce the effectiveness of security protections on the device, potentially allowing malicious apps to go undetected or unscanned, thereby increasing the risk of security breaches or unauthorized app behavior. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability relates to a logic error in the Android Settings app allowing a secondary user to disable the primary user's ContentProtection setting. Detection involves verifying if guest or secondary users can toggle the ContentProtection setting. There are no specific network detection commands provided. However, you can check the behavior on the device by attempting to toggle the ContentProtection setting as a guest user. Automated tests such as the ContentProtectionTogglePreferenceControllerTest in the Settings RoboTests verify this behavior. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Apply the patch that disables the ContentProtection setting toggle for guest users, as implemented in the fix committed on February 10, 2025. This prevents guest users from changing the ContentProtection setting and mitigates the privilege escalation risk. Ensure your Android Settings app is updated to include this fix. [1]

Useful 0 Not Useful 0