As a result, consider changing the function permission to READ_APPEND_VIEW or WRITE_APPEND_VIEW if your app uses this feature. The function permission is required for various app management functions in the Android system. When an app uses a function not allowed for installation, the function call fails and the system reports an INSTALL_RESTRICTED error. This error is reported to the app via the Android logging system.
Checklist: Steps to identify if your app is vulnerable to CVE-2022-39103
1. Check the version of your app in the Google Play Store.
2. Check if your app uses functions not allowed for installation that are not completed with the function permission READ_APPEND_VIEW or WRITE_APPEND_VIEW.
3. Check if you have any apps installed on the system that used a function not allowed for installation and has been completed with the function permission READ_APPEND_VIEW or WRITE_APPEND_VIEW.
4. If any apps were identified in step 3, remove them from the system before continuing to update your app. Otherwise, proceed to steps 5-7 below to fix the issue on your device and then reinstall your app from Google Play Store as usual after it has been updated to a new version that fixes this vulnerability.
5. Update your app using Google Play Store . Ensure you use both these steps: "Update my app" and "Upload new APK". After updating, install your updated app from Google Play Store .
6. If you cannot update your app using Google Play Store , you can manually uninstall it and re-install it from Google Play Store . Once it is updated, reinstall it back on the device by following steps 2-5 above (to ensure all possible devices are patched).
Common Issues with Function Permission Settings
Some apps don't use the permission correctly and may result in errors.
The function permission is required for various app management functions in the Android system. When an app uses a function not allowed for installation, the function call fails and the system reports an INSTALL_RESTRICTED error. This error is reported to the app via the Android logging system.
Timeline
Published on: 10/14/2022 19:15:00 UTC
Last modified on: 10/17/2022 20:09:00 UTC