CVE-2024-13917 is a high-severity vulnerability (CVSS 8.3) affecting the Android application component "com.pri.applock.LockUI" within the com.pri.applock app pre-installed on Kruger&Matz smartphones. This app provides functionality to encrypt other applications using a user-defined PIN or biometric data. The vulnerability arises from improper export of the LockUI activity, which is exposed to other applications without requiring any Android system permissions. This allows a malicious app to inject arbitrary intents with system-level privileges into the protected application. However, exploitation requires knowledge of the protecting PIN or biometric authentication, which may be obtained by exploiting a related vulnerability (CVE-2024-13916) or by social engineering the user. The vulnerability was confirmed in version 13 (version code 33) of the app, with an update released in April 2025 to address the issue. The weakness is classified under CWE-926 (Improper Export of Android Application Components), indicating that the app improperly exposes internal components, enabling unauthorized access. The attack vector is local (AV:L), requiring the attacker to have a malicious app installed on the device, but no special permissions or privileges are needed. User interaction is required to trigger the attack, and the vulnerability impacts confidentiality and integrity of protected apps by potentially bypassing encryption protections. No known exploits are currently reported in the wild.

For European organizations, especially those whose employees or users utilize Kruger&Matz smartphones with the vulnerable com.pri.applock version, this vulnerability poses a significant risk to the confidentiality and integrity of sensitive applications protected by the app lock. Attackers could deploy malicious applications on devices to bypass app encryption protections, potentially exposing corporate data, credentials, or sensitive personal information stored within locked apps. This risk is heightened in environments where BYOD (Bring Your Own Device) policies allow use of such smartphones or where these devices are issued by organizations. The ability to inject intents with system-level privileges could also facilitate lateral movement or privilege escalation within the device, undermining endpoint security. Although exploitation requires knowledge of the PIN or biometric authentication, the possibility of combining this vulnerability with CVE-2024-13916 or social engineering increases the threat. The lack of known exploits in the wild suggests limited current active exploitation, but the high CVSS score and ease of local attack vector warrant proactive mitigation to prevent future incidents.

European organizations should ensure that all Kruger&Matz devices are updated to the patched version of com.pri.applock released in April 2025. Device management policies should enforce app updates and restrict installation of untrusted applications to reduce the risk of malicious apps exploiting this vulnerability. Organizations should educate users about the risks of social engineering to protect PIN and biometric data. Implement Mobile Threat Defense (MTD) solutions capable of detecting suspicious app behaviors and intent injections. Where possible, disable or restrict the use of com.pri.applock on corporate devices until patched. Conduct regular security audits and penetration tests on mobile endpoints to identify and remediate similar component exposure issues. Additionally, monitor for any emerging exploits related to this vulnerability or the linked CVE-2024-13916 to respond rapidly. Finally, consider deploying endpoint detection and response (EDR) tools with mobile capabilities to detect anomalous activities indicative of exploitation attempts.