Preface: Important Security Note –

A significant vulnerability (CVE-2026-0047) was historically linked to this method due to a missing permission check. When modifying or using this method in custom ROM development, always ensure it is wrapped in a checkDumpPermission() call to prevent unauthorized local privilege escalation

Background: In the Android system, a standard application cannot read the output of a dump(FileDescriptor, String[]) Binder call without special permissions. This is a security measure designed to protect sensitive system state information.

While a regular app cannot programmatically trigger and read a dump, you can access this data using Android Debug Bridge (ADB):

•          High Privilege: The adb shell runs with a higher UID that is authorized to call dump() on system services.

•          Proto Output: For services like gfxinfo that support Proto format, you would use a command such as adb shell dumpsys gfxinfo <package_name> –proto to retrieve the structured data.

Reference (see below):

dumpsys is the “Legacy Text Report” we manually read to check system status.dumpBitmapsProto is the “Structured Data Snapshot” designed for automated programs (Java/C++).

Vulnerability details: In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Source: Mitre, NVD

Published: 2026-03-02

Updated: 2026-03-05

Official announcement: Please refer to the link for details – https://www.tenable.com/cve/CVE-2026-0047