https://contact.alessandrosangiorgi.net/tags/aosp/Recent content in Aosp on Alessandro Sangiorgi — GPU Performance EngineerHugoenMon, 06 Apr 2026 00:00:00 +0000https://contact.alessandrosangiorgi.net/posts/managedprovisioning-pendingintent-vulnerability/Mon, 06 Apr 2026 00:00:00 +0000https://contact.alessandrosangiorgi.net/posts/managedprovisioning-pendingintent-vulnerability/<p>I found and reported a vulnerability in Android&rsquo;s <code>ManagedProvisioning</code> component — the system app responsible for setting up enterprise-managed (work) profiles. The bug allows any unprivileged third-party app to intercept a privileged provisioning callback, leaking install timing, session metadata, and in some cases package details — all without any special permissions.</p> <p>Google acknowledged the report, logged it for potential remediation, and classified it as low severity. Here&rsquo;s the full breakdown.</p>