Topics/auto

Android TalkBack Bug Exposed Cross-User Notifications

Researchers disclosed CVE-2022-20448, a vulnerability in Android’s NotificationManagerService that allowed accessibility services like TalkBack to receive notification content from background users. Missing a user check let foreground screen readers read notifications belonging to other profiles, potentially exposing sensitive data such as 2FA codes. Google fixed the issue in the November 2022 security bulletin by adding an isNotificationForCurrentUser() validation and a unit test, and awarded a $5,000 bounty for the June 2022 report. The patch restores user isolation for accessibility broadcasts and reduces cross-profile data leakage risk.

0.0

Cooling

News Items

Articles

Sources

First Seen

2026-05-18 15:08:32

7-Day Trend

05-18

05-19

05-20

Source Breakdown

TechCrunch (1)NewsNow (1)Dev.to (1)36kr (1)

Key Entities

GoogleNotificationManagerService(Android)TalkBack(Google)CVE-2022-20448Android(Google)

Why It Matters

This vulnerability shows how missing user checks in system services can break profile isolation and leak sensitive notification content to accessibility services. Tech professionals must ensure platform services enforce user boundaries to protect data like 2FA codes and personal messages.

Latest Changes

Researchers disclosed CVE-2022-20448 describing a missing user check in NotificationManagerService
Accessibility services like TalkBack could receive notifications from background users, exposing sensitive info
Google patched the issue in Nov 2022 by adding isNotificationForCurrentUser() validation and a unit test
A $5,000 bounty was awarded for the June 2022 report restoring user isolation for accessibility broadcasts

Timeline

2022-06-01 — Security researcher reported the NotificationManagerService user-check issue to Google
2022-11-08 — Google released November 2022 Android security bulletin with the fix and unit test
2022-11-08 — Google applied isNotificationForCurrentUser() validation to restore per-user notification checks
2022-11-08 — Google awarded a $5,000 bounty for the disclosed vulnerability
2026-05-15 — New public writeups reiterated the bypass of user isolation via screen readers

What to Watch

Reports of similar missing user checks in other system services that could enable cross-profile leaks
Changes to accessibility broadcast handling or additional unit tests in future Android security bulletins

Dossier last updated: 2026-05-19 01:48:01

Recent News (4)

时隔三年重返iPhone：依然足够好用，但跟安卓旗舰差异不大了

src_36kr1d ago

Bypassing User Isolation on Android with a Screen Reader

A missing user check in Android’s NotificationManagerService allowed accessibility events for notifications belonging to background users to be dispatched to screen readers and other accessibility services, leaking private content across user profiles. The flaw (CVE-2022-20448) meant TalkBack or any registered accessibility service on the foreground session could read notification text from a different user—exposing sensitive data like 2FA codes. Google fixed it by adding an isNotificationForCurrentUser() check and a unit test, issued patches in the November 2022 Android Security Bulletin, and paid a $5,000 bug bounty after the June 29, 2022 report. The patch restores user isolation for accessibility broadcasts and reduces cross-profile data exposure.

5pts

Dev.tokoral5d ago

抖音看到一个安卓微信问题, 在聊天对话框同时打开两个图片， APP 退出

NewsNowMay 12, 2026

Finally, texts between Android and iPhone users can be end-to-end encrypted

Android TalkBack Bug Exposed Cross-User Notifications — Topic | TechScan AI — Tech & AI News