Preface: As of April 2020, 37.4% of Android devices run Pie, making it the most popular Android version.

Vulnerability details: A critical vulnerability on Android causes privilege-escalation The impact is that it allows attackers to hijack any app on an infected phone, it is much more difficult to detect, the name so called StrandHogg 2.0. For more details, please reference to follow link. https://promon.co/strandhogg-2-0/

Closer look to vulnerability: The bug so called a “StrandHogg 2.0” vulnerability (CVE-2020-0096) found by Promon researchers. This is because the vulnerability is similar to the original StrandHogg bug discovered last year. Like the original, a malicious app installed on a device can hide behind legitimate apps. When a normal app icon is clicked, a malicious overlay is instead executed, which can harvest login credentials for the legitimate app.

Official announcement – Android Security Bulletin May 2020: https://source.android.com/security/bulletin/2020-05-01

Under our investigation – One could potentially recover developer defined permissions by examining the permission checks in application code and the filters declared in the application manifest. Stay tuned!