Interesting! This reminds me of the classic Windows 95 bypass. You abuse the help screen to gain access to the desktop without having to login.[1]
I'm currently going through HTB Academy and once you mentioned unsecured in-app browsers, the first thing I thought of was either a Web Shell[2], or better yet, directing the in-app browser to a malicious website to download additional software to better exploit the phone. If the in-app browsers aren't filtering explicit content, I have to assume they aren't filter malicious content either.
If this isn't already a well-known route of exploitation, I'm interested to see how that might change in the near future. It sounds surprisingly easy to exploit, provided you can get momentary physical (remote?) access to the phone for a short time.
I'm currently going through HTB Academy and once you mentioned unsecured in-app browsers, the first thing I thought of was either a Web Shell[2], or better yet, directing the in-app browser to a malicious website to download additional software to better exploit the phone. If the in-app browsers aren't filtering explicit content, I have to assume they aren't filter malicious content either.
If this isn't already a well-known route of exploitation, I'm interested to see how that might change in the near future. It sounds surprisingly easy to exploit, provided you can get momentary physical (remote?) access to the phone for a short time.
[1] https://www.youtube.com/watch?v=1UfNlRe-goY [2] https://en.wikipedia.org/wiki/Web_shell