Bypassing User Isolation on Android with a Screen Reader — CoPilot Blog
    Neura MarketNeura Market/CoPilot
    ChatGPTChatGPTClaudeClaudeGeminiGeminiCursorCursorGrokGrokPerplexityPerplexityCoPilotCoPilot
    DeepSeekDeepSeekStable DiffusionStable DiffusionMidjourneyMidjourney
    View All Directories
    OverviewRulesPromptsMCPsAgentsBlogVideosGuidesCoursesCommunityPluginsTrendingGenerate
    CoPilotBlogBypassing User Isolation on Android with a Screen Reader
    Back to Blog
    Bypassing User Isolation on Android with a Screen Reader
    android

    Bypassing User Isolation on Android with a Screen Reader

    Karol Wrótniak May 15, 2026
    0 views

    A single missing check in Android lets one user's screen reader leak another user's private...

    > A single missing check in Android lets one user's screen reader leak another user's private notifications. Here's how it happened. --- ## Multi-user & Accessibility on Android Android's [multi-user support](https://source.android.com/docs/devices/admin/multi-user) lets several people share one device. Each user gets their own space, apps, and data. This feature is common on tablets. But not all smartphones have it. Even so, the code is there. The problem is that [accessibility services](https://developer.android.com/reference/android/accessibilityservice/AccessibilityService) run with high privileges. They need to see everything to help users. Sometimes, this power breaks the walls between users. --- ## Screen Readers & TalkBack [Screen readers](https://en.wikipedia.org/wiki/Screen_reader) turn text into speech. They allow people with low vision to use apps. The screen may even be completely off, but the user can still interact with the device. [**TalkBack**](https://play.google.com/store/apps/details?id=com.google.android.marvin.talkback) is Google's screen reader for Android. Normally, TalkBack only reads the currently focused UI elements. But there are ways to make it speak programmatically. One is [`announceForAccessibility()`](https://developer.android.com/reference/android/view/View#announceForAccessibility(java.lang.CharSequence)) (now deprecated) – a method that forces the screen reader to read arbitrary text. Another is [live regions](https://appt.org/en/docs/android/samples/accessibility-live-region) – parts of the UI that update without user interaction. When something changes, the system fires an [accessibility event](https://developer.android.com/reference/android/view/accessibility/AccessibilityEvent) (a system-level broadcast) that carries the updated text. A screen reader picks it up and reads the new value aloud. Status bar notifications are one example of live regions. --- ## The Bug: CVE-2022-20448 The bug was simple: `NotificationManagerService` didn't check if a notification belonged to the current foreground user before dispatching the accessibility event. This is what caused screen readers to read it out loud. Imagine a phone with two users: **Alice** (using the phone right now) and **Bob** (a background user). 1. Bob receives a text message: *"Your verification code is 3291"*. 2. The system posts the notification and fires an accessibility event containing that text. 3. TalkBack on Alice's active session picks up the event and reads it aloud. 4. Alice hears Bob's private 2FA code. Screen readers weren't the only apps that could intercept this data. Android dispatches accessibility events to **all** registered accessibility services – not just TalkBack. Apps like [Tasker](https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm), which registers as an accessibility service for UI automation, or notification-logging apps would also receive Bob's notification content. --- ## The Fix The entire [fix](https://android.googlesource.com/platform/frameworks/base/+/7b9ea7a75ed2de51e883f450b701c8d0d82e6e9c%5E%21/#F0) was a single added condition – checking whether the notification actually belongs to the current user – plus a unit test to prevent regression: ```java // frameworks/base/services/core/java/com/android/server/notification/NotificationManagerService.java - && !suppressedByDnd) { + && !suppressedByDnd + && isNotificationForCurrentUser(record)) { ``` `isNotificationForCurrentUser()` returns `true` only when the notification's owner matches the foreground user – so background users' notifications are no longer broadcast as accessibility events. The issue was reported on **June 29, 2022**. Google awarded a **$5,000 bounty** for the finding. They marked the bug as **High severity** in the [November 2022 Android Security Bulletin](https://source.android.com/docs/security/bulletin/2022-11-01) and released patches for Android 10, 11, 12, 12L, and 13. The vulnerability is tracked as [CVE-2022-20448](https://nvd.nist.gov/vuln/detail/CVE-2022-20448). --- ## Takeaway It really makes you wonder just how many security bugs are hiding behind assistive technologies.

    Tags

    androidcybersecuritya11y

    Comments

    More Blog

    View all
    Minimalist EKS: The Easy Waykubernetes

    Minimalist EKS: The Easy Way

    Amazon EKS manages the Kubernetes control plane, but you remain responsible for provisioning the...

    J
    Joaquin Menchaca
    Never forget to enter the Stern Grove lottery again!ai

    Never forget to enter the Stern Grove lottery again!

    Browser automation with Playwright, Python, GitHub Actions, and Entire to auto-enter San Francisco Stern Grove concert lotteries each week!

    L
    Lizzie Siegle
    A Free Screenshot Editor That Never Uploads Your Imagetypescript

    A Free Screenshot Editor That Never Uploads Your Image

    A free screenshot and image editor that runs entirely in your browser. Keeping every edit reversible and handling big phone photos, in plain TypeScript and Canvas2D.

    M
    Martin Stark
    I built a CLI to break my highlights out of Apple Booksshowdev

    I built a CLI to break my highlights out of Apple Books

    A macOS CLI + MCP server that exports Apple Books highlights to Markdown and gives AI assistants direct access to your reading notes.

    A
    Andrey Korchak
    A Developer's Guide to Agent Hooks in Antigravity CLIai

    A Developer's Guide to Agent Hooks in Antigravity CLI

    Motivation To be quite honest, "Hooks"—the shell commands we trigger at specific points...

    T
    Tanaike
    Tactical vs. Strategic Agentic AI Development — A Playbook for Developersagents

    Tactical vs. Strategic Agentic AI Development — A Playbook for Developers

    The Strategic Engineer: Why Writing Code Is No Longer Your Most Valuable Skill ...

    A
    Adewumi Saheed Adewale

    Stay up to date

    Get the latest CoPilot prompts, rules, and resources delivered to your inbox weekly.

    Neura Market LogoNeura Market

    Discover the best AI prompts, plugins, and resources for CoPilot and more.

    Content Types

    • Rules
    • Prompts
    • MCPs
    • Agents
    • Guides

    Platforms

    • ChatGPT Directory
    • Claude Directory
    • Gemini Directory
    • Cursor Directory
    • Grok Directory
    • Perplexity Directory
    • DeepSeek Directory
    • CoPilot Directory
    • Stable Diffusion Directory
    • Midjourney Directory
    • All Directories

    Resources

    • Blog
    • Documentation
    • Help Center
    • Marketplace

    Legal

    • Privacy Policy
    • Terms of Service

    © 2026 Neura Market. All rights reserved.

    |

    Not affiliated with any AI platform vendors.