SpSoft AppLock Authentication Bypass Vulnerability Allowing Access to Protected Apps

An authentication bypass vulnerability has been identified in SpSoft AppLock version 7.9.40 for Android. This issue allows a local attacker with physical access to bypass fingerprint or PIN authentication. The vulnerability arises because the app's custom overlay lockscreen does not consistently enforce authentication, despite integrating with Android's biometric mechanisms. By exploiting exposed interface routes through advertisement or browser intents, an attacker can exit the lock interface without re-authentication and access protected applications, such as Chrome. This flaw leads to unauthorized access to sensitive information and can be exploited to escalate privileges within the app.

Impact

Exploitation of this vulnerability allows for unauthorized access to apps protected by AppLock, bypassing established fingerprint or PIN safeguards. This not only leads to potential information disclosure but also enables privilege escalation within the context of the accessed applications.

Reproduction

To reproduce this vulnerability, a local attacker must have physical access to the device. The attacker can trigger an advertisement or browser intent from within a protected app. When the app returns to the foreground, the AppLock interface resumes without requiring re-authentication, thereby granting access to the previously locked application.