
Preface: As of January 2025, Android holds a global market share of 72.15%, which is a big jump from just 12% back in 2010.
Background: The AccountTypePreferenceLoader is a class within the Android Settings app. It is responsible for loading and displaying account preferences, which include settings related to authenticator apps. This class plays a crucial role in managing user accounts and preferences on Android devices.
For example, when you add a new email account or a social media account to your Android device, the AccountTypePreferenceLoader ensures that the specific settings for that account type are properly loaded and displayed in the Settings app. This makes it easier for users to manage their accounts and customize their preferences.
Vulnerability details: AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Official announcement: For more details, please refer to the following link – https://source.android.com/docs/security/bulletin/2025-02-01