Android Keyguard Service App Pinning Bypass Vulnerability Allowing Privilege Escalation
Vulnerability
A vulnerability in the KeyguardService component of the Android framework has been identified, which allows for a bypass of app pinning. This issue arises from a logic error in the code, potentially leading to unauthorized access or privileges. The vulnerability can be exploited without any additional execution privileges or user interaction.
Impact
Exploitation of this vulnerability could result in unauthorized access to pinned applications, allowing for manipulation or interaction with the app as if the user had not pinned it.
Reproduction
To reproduce this vulnerability, set the 'Continue using apps on fold' option to 'Swipe up to continue' on a device with a pinned app. When the device is folded, the dismissible keyguard will not appear, and the app will remain active on the screen, effectively bypassing the pinning.
Remediation
Users can update their devices to the September 2025 security patch level to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.