CVE-2022-20463 - How a Logic Error in Android’s WifiServiceImpl Lets WiFi Settings Survive a Factory Reset

If you’ve ever wiped your Android device expecting it to start over as new, you trust that all your custom settings—networks, logins, and preferences—vanish for good. But what if some of those settings lingered due to a tiny mistake hidden deep in Android’s code? That’s exactly what happened with CVE-2022-20463, a logic bug that lets WiFi settings sometimes dodge the delete process during a factory reset. Let’s dig into how it works, why it matters, and what you can learn from a simple slip-up in WifiServiceImpl.

Vulnerability: Logic error in the factoryReset function of WifiServiceImpl

- Effect: Some WiFi settings may *not* be cleared when the system (user or OEM tool) performs a factory reset

No user interaction required: Just performing a factory reset is enough

- No extra permissions required: Any app or user can trigger the bug if they have access to factory reset
- Google Issue Tracker: A-231985227

The Flawed Code: Where the Bug Lives

Factory resetting on Android is supposed to wipe out every WiFi network your device remembers. That involves deleting saved networks, passwords, certificates, and so forth.

The function responsible? factoryReset in the WifiServiceImpl class. Normally, it handles all the clean-up logic. But a subtle logic error crept in. Let’s look at a mocked-up snippet inspired by the real Android code:

public boolean factoryReset(String packageName) {
    enforceNetworkSettingsPermission();
    boolean success = true;

    if (someConditionFails) {
        // This block mistakenly allows WiFi settings to survive
        Log.d(TAG, "Skipping WiFi cleanup due to condition...");
        return true;   // Early return - WiFi data is NOT wiped!
    }
    // Correct cleanup code, but may not execute
    wifiConfigManager.reset();
    wifiNetworkSuggestionsManager.clear();
    userManager.clearUserData();

    return success;
}

The key slip here is the *early return*. If a certain internal check fails (someConditionFails), the function exits before actually deleting WiFi data. As a result, some devices may complete a 'factory reset' with network settings *still in place*—defeating the whole point.

Exploiting the Bug: What’s Possible?

Let’s be clear: this isn’t a traditional “security” bug. There’s no way for a hacker to use this to gain control over your device, steal information, or infect your phone with malware. This is a *local, non-security issue*. That said, it *is* a problem for:

If the bug triggers, your saved SSIDs and possibly passwords will remain.

No software tools, exploits, or user actions are needed—the bug triggers itself under the right conditions.

Code Example:

After reset, an app with basic permissions could do

WifiManager wifiManager = (WifiManager) context.getSystemService(Context.WIFI_SERVICE);
List<WifiConfiguration> configs = wifiManager.getConfiguredNetworks();
for (WifiConfiguration config : configs) {
    Log.i("WiFiTest", "Still present: " + config.SSID);
}

Why It Matters

*Factory reset* means “blank slate.” For many, this bug isn’t a major risk but an *unexpected privacy leak*. Old WiFi logins are sometimes more sensitive than you’d think:

- Corporate networks (exposing company SSIDs/credentials)

Smart home networks that could tie your device to a place or owner

Additionally, devices sold or given away could let the next person see where you’ve been connecting—a privacy issue, even if not a full-on security hole.

Patched: Yes, in 2023 security updates for Android 10-13

- Check your security bulletin: Android Security Bulletins
- Upgrade recommended: If your device is older and no longer receives updates, consider a manual overwrite or “flash” to erase all residual data.

References

- Android Issue Tracker A-231985227
- NVD CVE-2022-20463 Record
- Android Security Bulletins
- AOSP WifiServiceImpl.java (source)

Conclusion

CVE-2022-20463 serves as a reminder: even the smallest programming mistakes can have wide impacts, especially in complex systems like Android. Most users weren't at critical risk—yet trust in a factory reset is vital for privacy and proper device management. If you expect your device to forget, make sure it actually does!

If you're interested in the nitty-gritty details or want to explore the fix, check out the resources above and keep your devices updated.


*Written exclusively for you—please share if you find it useful!*

Timeline

Published on: 11/08/2022 22:15:00 UTC
Last modified on: 11/09/2022 16:29:00 UTC