Primary

Context

Android Content Protection Deceptive App Scanning Setting Disabling Vulnerability

Vulnerability

A vulnerability exists in the Content Protection Toggle Preference Controller of the Android Settings app, specifically in the updateState method. This issue allows a secondary user to disable the primary user's deceptive app scanning setting due to a logic error. The vulnerability could lead to local escalation of privilege, as it does not require any additional execution privileges or user interaction for exploitation.

Impact

Exploitation of this vulnerability could result in unauthorized changes to the deceptive app scanning settings, potentially allowing harmful applications to evade detection.

Remediation

Users can update their devices to the September 2025 security patch level to address this vulnerability.

Added: Sep 4, 2025, 7:40 PM

Updated: Sep 4, 2025, 7:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

0.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

0.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Content Protection Deceptive App Scanning Setting Disabling Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating