Android Flaws Allow Rogue Apps to Gain Unwanted Permissions

By Netvora Tech News

---

Google has released updates to address multiple vulnerabilities in Android that could allow malicious apps to gain unauthorized access to a device's permissions. The vulnerabilities were patched during the June patch cycle, which addressed a total of 36 issues.

Most Critical Flaw: CVE-2025-26443

The most severe vulnerability is CVE-2025-26443, a flaw in the Android System that allows a local user or app to elevate its privileges without user interaction. Google has rated the impact of this vulnerability as high.

Additional 'Elevation of Privilege' Flaws

In addition to the most critical flaw, there are six other "Elevation of Privilege" vulnerabilities in the Android Framework that do not require user interaction. These flaws also grant apps additional permissions and have a high impact, according to Google.

Qualcomm's Warning

Yesterday, Qualcomm, a leading chipmaker, warned of actively exploited vulnerabilities in the GPU driver of a large number of chipsets. These security flaws were not patched during the June patch cycle.

Patch Levels and Device Updates

Google uses patch levels, which are denoted by a date, to track updates. Devices that received the June updates will have a patch level of either "2025-06-01" or "2025-06-05". Manufacturers that want to provide this patch level to their devices must add all updates from the June Android bulletin to their own updates and then roll them out to their users.

Availability of Updates

The updates are available for Android 13, 14, and 15. Manufacturers of Android devices have been informed by Google of the now-patched vulnerabilities at least a month ago and have had time to develop updates. However, not all Android devices will receive these updates, as some may no longer be supported by their manufacturers or may receive updates at a later time.