CVE-2022-20497 is an information disclosure vulnerability affecting Android versions 12, 12L, and 13. The flaw exists in the updatePublicMode function of the NotificationLockscreenUserManagerImpl.java component. Due to an incorrect state transition, sensitive notifications intended to be hidden on the lockscreen can be revealed. This vulnerability allows an attacker with physical access to the device and an app running above the lockscreen to view sensitive notification content without requiring additional execution privileges or user interaction. The vulnerability stems from improper handling of notification visibility states, leading to unintended exposure of confidential information. Exploitation requires local access and an app capable of overlaying the lockscreen, but does not require the app to have elevated permissions or the user to perform any action. The CVSS v3.1 base score is 4.6 (medium severity), reflecting the limited attack vector (physical access only) but high confidentiality impact. There are no known exploits in the wild, and no official patches are linked in the provided data, though it is likely addressed in subsequent Android security updates. This vulnerability falls under CWE-200 (Information Exposure).

For European organizations, this vulnerability primarily poses a risk to confidentiality of sensitive information displayed in notifications on Android devices running affected versions. Organizations with employees using Android 12, 12L, or 13 devices could face data leakage if devices are lost, stolen, or physically accessed by unauthorized individuals. Sensitive business communications, authentication tokens, or personal data displayed in notifications could be exposed. This risk is heightened in sectors with strict data protection requirements such as finance, healthcare, and government. While the vulnerability does not allow remote exploitation or device control, the local nature means physical security of devices is critical. The impact on integrity and availability is negligible. The vulnerability could undermine trust in mobile device security and complicate compliance with GDPR and other privacy regulations if sensitive data is disclosed. However, the requirement for an app running above the lockscreen and physical access limits large-scale exploitation.

To mitigate this vulnerability, European organizations should: 1) Ensure all Android devices are updated promptly with the latest security patches from device manufacturers or carriers, as Google likely addressed this issue in subsequent updates beyond the affected versions. 2) Enforce strict mobile device management (MDM) policies that restrict installation of apps capable of overlaying the lockscreen or require app vetting to prevent malicious overlays. 3) Educate users on the importance of physical device security, including use of strong lockscreen authentication methods and avoiding leaving devices unattended. 4) Configure notification settings to minimize sensitive information displayed on lockscreen notifications, such as disabling 'show content' on lockscreen or using 'hide sensitive content' options. 5) Monitor for unauthorized apps with overlay permissions and remove suspicious applications. 6) For high-risk environments, consider disabling lockscreen notifications entirely or using secure workspace containers that control notification visibility. These steps go beyond generic advice by focusing on controlling overlay apps and notification content visibility, which are key to preventing exploitation.