A local attacker who can physically access the device can bypass the PIN lock of Easyelife App Lock (version 1.9.2) by navigating a series of exposed interface flows that are handled through advertisement or browser intents. The app implements its lock as an overlay instead of using Android’s secure authentication APIs, allowing the attacker to evade the lockscreen verification and launch protected applications such as Chrome. This results in unauthorized access to user data and elevated privileges within the device’s application layer.

Android application Easyelife App Lock (also known as Fingerprint, Applock or locker.app.safe.applocker), version 1.9.2. No other vendor or product variant is listed in the CVE data. The app can be installed from the Google Play Store and is targeted at devices running Android OS where the app is present.

Although no CVSS score is provided and the EPSS score is not available, the vulnerability has a high inherent risk because it requires only physical access to the target device and no network connectivity. The attack is straightforward: an attacker opens the app’s overlay, manipulates the exposed routes, and redirects to a protected application via an intent, thereby bypassing the lock and granting additional privileges. The vulnerability is not listed in CISA’s KEV catalog, but its local nature and the ease of exploitation suggest that organizations should treat it as a high‑priority issue.