Bypassing User Isolation on Android with a Screen Reader —…
    Neura MarketNeura Market/Stable Diffusion
    ChatGPTChatGPTClaudeClaudeGeminiGeminiCursorCursorGrokGrokPerplexityPerplexityStable DiffusionStable Diffusion
    DeepSeekDeepSeekCoPilotCoPilotMidjourneyMidjourney
    View All Directories
    OverviewPromptsBlogVideosGuidesCoursesCommunityModelsLoRAsComfyUI WorkflowsTrending
    Stable DiffusionBlogBypassing User Isolation on Android with a Screen Reader
    Back to Blog
    Bypassing User Isolation on Android with a Screen Reader
    android

    Bypassing User Isolation on Android with a Screen Reader

    Karol Wrótniak May 15, 2026
    0 views

    A single missing check in Android lets one user's screen reader leak another user's private...

    A single missing check in Android lets one user's screen reader leak another user's private notifications. Here's how it happened.


    Multi-user & Accessibility on Android

    Android's multi-user support lets several people share one device. Each user gets their own space, apps, and data. This feature is common on tablets. But not all smartphones have it. Even so, the code is there. The problem is that accessibility services run with high privileges. They need to see everything to help users. Sometimes, this power breaks the walls between users.


    Screen Readers & TalkBack

    Screen readers turn text into speech. They allow people with low vision to use apps. The screen may even be completely off, but the user can still interact with the device. TalkBack is Google's screen reader for Android. Normally, TalkBack only reads the currently focused UI elements. But there are ways to make it speak programmatically.

    One is announceForAccessibility() (now deprecated) – a method that forces the screen reader to read arbitrary text. Another is live regions – parts of the UI that update without user interaction. When something changes, the system fires an accessibility event (a system-level broadcast) that carries the updated text. A screen reader picks it up and reads the new value aloud. Status bar notifications are one example of live regions.


    The Bug: CVE-2022-20448

    The bug was simple: NotificationManagerService didn't check if a notification belonged to the current foreground user before dispatching the accessibility event. This is what caused screen readers to read it out loud.

    Imagine a phone with two users: Alice (using the phone right now) and Bob (a background user).

    1. Bob receives a text message: "Your verification code is 3291".
    2. The system posts the notification and fires an accessibility event containing that text.
    3. TalkBack on Alice's active session picks up the event and reads it aloud.
    4. Alice hears Bob's private 2FA code.

    Screen readers weren't the only apps that could intercept this data. Android dispatches accessibility events to all registered accessibility services – not just TalkBack. Apps like Tasker, which registers as an accessibility service for UI automation, or notification-logging apps would also receive Bob's notification content.


    The Fix

    The entire fix was a single added condition – checking whether the notification actually belongs to the current user – plus a unit test to prevent regression:

    // frameworks/base/services/core/java/com/android/server/notification/NotificationManagerService.java
    
    -                && !suppressedByDnd) {
    +                && !suppressedByDnd
    +                && isNotificationForCurrentUser(record)) {
    

    isNotificationForCurrentUser() returns true only when the notification's owner matches the foreground user – so background users' notifications are no longer broadcast as accessibility events.

    The issue was reported on June 29, 2022. Google awarded a $5,000 bounty for the finding. They marked the bug as High severity in the November 2022 Android Security Bulletin and released patches for Android 10, 11, 12, 12L, and 13. The vulnerability is tracked as CVE-2022-20448.


    Takeaway

    It really makes you wonder just how many security bugs are hiding behind assistive technologies.

    Tags

    androidcybersecuritya11y

    Comments

    More Blog

    View all
    Context bankruptcy: The case for strategic forgetting for AI Agentsai

    Context bankruptcy: The case for strategic forgetting for AI Agents

    Most of us have seen a coding agent fail to complete a task we know it can do. We just don't...

    J
    James O'Reilly
    Parallel Compliance Engine: Drive-to-Sheets Multi-Agent Orchestrationgooglecloud

    Parallel Compliance Engine: Drive-to-Sheets Multi-Agent Orchestration

    When building Generative AI applications, developers often encounter a massive bottleneck: sequential...

    A
    Aryan Irani
    Is It Ethical to Post and Ask About Circuits on Dev.to?discuss

    Is It Ethical to Post and Ask About Circuits on Dev.to?

    I’ve been thinking about sharing some electronic circuit posts on Dev.to — small circuits, DIY...

    C
    codebunny20
    The One-Click Exporter: AI Studio Antigravity, Probed to Its Limitsagents

    The One-Click Exporter: AI Studio Antigravity, Probed to Its Limits

    What nobody tells you about exporting your multi-agent prototype to a local workspace. Every...

    L
    leslysandra
    Guarding the till while autonomous data agents do the diggingagenticarchitect

    Guarding the till while autonomous data agents do the digging

    Autonomous agents are genuinely good at answering messy business questions. Give one an LLM and a set...

    S
    Sireesha Pulipati
    Return on Attention: Why AI Code Reviews Are Wearing Us Outai

    Return on Attention: Why AI Code Reviews Are Wearing Us Out

    PR volume went up, ticket quality didn't, and the gap got filled with LLMs on both sides of the review: bots reviewing, bots replying, bots occasionally arguing with bots about priorities that only existed in a teammate's head. Our CEO named the actual problem, and it's bigger than code review.

    C
    christine

    Stay up to date

    Get the latest Stable Diffusion prompts, rules, and resources delivered to your inbox weekly.

    Neura Market LogoNeura Market

    Discover the best AI prompts, plugins, and resources for Stable Diffusion and more.

    Content Types

    • Rules
    • Prompts
    • MCPs
    • Agents
    • Guides

    Platforms

    • ChatGPT Directory
    • Claude Directory
    • Gemini Directory
    • Cursor Directory
    • Grok Directory
    • Perplexity Directory
    • DeepSeek Directory
    • CoPilot Directory
    • Stable Diffusion Directory
    • Midjourney Directory
    • All Directories

    Resources

    • Blog
    • Documentation
    • Help Center
    • Marketplace

    Legal

    • Privacy Policy
    • Terms of Service

    © 2026 Neura Market. All rights reserved.

    |

    Not affiliated with any AI platform vendors.

    Ready-made automations for this

    Workflows from the Neura Market marketplace related to this Stable Diffusion resource

    • Automate Android Feature Flag Cleanup with GitLab, LaunchDarkly, Jira, and Slackn8n · Free · Related topic
    • Automate Bookmarking from Android to Readeck with AI Taggingn8n · Free · Related topic
    • Scan your books with Android barcodes and save them in a Google Sheet spreadsheetmake · Free · Related topic
    • Automate Ticket Scanning and Notification with Google Sheets and Androidmake · Free · Related topic
    Browse all workflows