CVE-2024-49720
📋 TL;DR
This vulnerability allows local attackers to override Android's location permission settings due to a logic error in Permissions.java. It enables local privilege escalation without requiring user interaction or additional execution privileges. Affects Android devices with vulnerable versions of the Permission module.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
An attacker with physical or remote access to the device could gain unauthorized access to location data, potentially enabling tracking, data theft, or facilitating other attacks that require location permissions.
Likely Case
Malicious apps could silently bypass location permission controls to track users without consent, violating privacy and potentially exfiltrating sensitive location data.
If Mitigated
With proper app sandboxing and security updates, the risk is limited to devices running outdated software or with additional vulnerabilities.
🎯 Exploit Status
Exploitation requires local access but no user interaction; the logic error makes exploitation straightforward once identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Patch Level April 2025 or later
Vendor Advisory: https://source.android.com/security/bulletin/2025-04-01
Restart Required: Yes
Instructions:
1. Check for system updates in Settings > System > System update. 2. Install the April 2025 Android security patch or later. 3. Reboot the device after installation.
🔧 Temporary Workarounds
Disable location services
androidTemporarily disable location services to prevent exploitation until patched
Settings > Location > Turn off location
Review app permissions
androidAudit and restrict location permissions for all installed apps
Settings > Apps > [App Name] > Permissions > Location > Deny
🧯 If You Can't Patch
- Implement strict app installation policies to prevent untrusted apps from being installed
- Use mobile device management (MDM) solutions to enforce security controls and monitor for suspicious behavior
🔍 How to Verify
Check if Vulnerable:
Check Android security patch level in Settings > About phone > Android version > Security patch levelCheck Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify security patch level shows 'April 5, 2025' or later date📡 Detection & Monitoring
Log Indicators:
- Unexpected location permission changes in system logs
- Apps accessing location without proper permission grants
Network Indicators:
- Unusual location data exfiltration patterns from apps
SIEM Query:
source="android_system" AND (event="permission_change" OR event="location_access") AND status="unauthorized"