Android Keyguard Service Delegate App Pinning Bypass Vulnerability

Vulnerability

A vulnerability in the KeyguardServiceDelegate component allows a partial bypass of app pinning. This issue arises from a missing permission check in the onServiceDisconnected method, enabling limited interaction with other apps without knowledge of the Lock Screen Keyguard Flag (LSKF). The impact of this vulnerability varies by application, potentially leading to local information disclosure, without requiring additional execution privileges or user interaction for exploitation.

Impact

Exploitation of this vulnerability could result in unauthorized access to information from other applications, depending on the specific app and its data handling.

Added: Mar 2, 2026, 7:36 PM

Updated: Mar 2, 2026, 8:57 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Keyguard Service Delegate App Pinning Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating