Android PickActivity Vulnerability: Local Privilege Escalation Risk

Summary

A vulnerability in Android's PickActivity allows an attacker to gain elevated privileges on a device without the user's knowledge. This could happen if an app exploits this flaw to launch other apps with increased access. To mitigate this risk, ensure all Android apps are updated to the latest version and consider implementing additional security measures to prevent unauthorized app access.

What to do

Update google platform/packages/apps/documentsui to version 16-qpr2-next:2026-03-01.
Update google platform/packages/apps/documentsui to version 15:2026-03-01.
Update google platform/packages/apps/documentsui to version 16:2026-03-01.
Update google platform/packages/apps/documentsui to version 14:2026-03-01.

Affected software

Vendor	Product	Affected versions	Fix available
google	android	14.0	–
google	android	15.0	–
google	android	16.0	–
google	platform/packages/apps/documentsui	> 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01	16-qpr2-next:2026-03-01
google	platform/packages/apps/documentsui	> 15:0 , <= 15:2026-03-01	15:2026-03-01
google	platform/packages/apps/documentsui	> 16:0 , <= 16:2026-03-01	16:2026-03-01
google	platform/packages/apps/documentsui	> 14:0 , <= 14:2026-03-01	14:2026-03-01

Original title

In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional...

Original description

In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

nvd CVSS3.1 8.4

Vulnerability type

CWE-441