In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
Information Disclosure
Google
Android
NVD
CVSS 3.1
3.3
EPSS
0.1%