CVE-2025-36889
📋 TL;DR
This vulnerability allows local attackers to bypass camera permissions on affected Android devices, potentially accessing camera data without user consent. It affects Android Pixel devices and requires no user interaction or elevated privileges to exploit.
💻 Affected Systems
- Google Pixel devices
📦 What is this software?
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
An attacker with physical access or malicious app could silently capture photos/videos through the camera without user knowledge, leading to privacy violations and potential blackmail material.
Likely Case
Malicious apps in the Play Store or sideloaded apps could access camera data without triggering permission prompts, enabling covert surveillance.
If Mitigated
With proper app sandboxing and security updates, the risk is limited to unpatched devices with malicious apps already installed.
🎯 Exploit Status
Exploitation requires a malicious app to be installed on the device. No user interaction needed once app is installed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: December 2025 Android security update or later
Vendor Advisory: https://source.android.com/security/bulletin/pixel/2025-12-01
Restart Required: Yes
Instructions:
1. Go to Settings > System > System update. 2. Check for updates. 3. Install December 2025 security update. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable camera permissions for untrusted apps
androidReview and revoke camera permissions for apps that don't require camera access
Settings > Apps > [App Name] > Permissions > Camera > Deny
Enable Google Play Protect
androidEnsure Google's malware scanning is active to detect malicious apps
Settings > Security > Google Play Protect > Scan device for security threats
🧯 If You Can't Patch
- Restrict installation of apps from unknown sources (Settings > Security > Install unknown apps)
- Use device management/MDM solutions to enforce security policies and app whitelisting
🔍 How to Verify
Check if Vulnerable:
Check Android security patch level in Settings > About phone > Android version. If before December 2025, device is vulnerable.Check Version:
Settings > About phone > Android version > Security patch levelVerify Fix Applied:
Verify security patch level shows 'December 1, 2025' or later in Settings > About phone > Android version.📡 Detection & Monitoring
Log Indicators:
- Unexpected camera activation logs
- Permission bypass attempts in system logs
- CameraService access from untrusted apps
Network Indicators:
- Unusual outbound traffic containing image/video data from non-camera apps
SIEM Query:
source="android_system" AND (event="camera_access" OR event="permission_denied") AND app NOT IN [trusted_camera_apps]