We discovered a method to bypass BAL restrictions, which is exploited in-the-wild by malware to cause BackgroundActivityLaunch in the wind in the latest Android 13.
Details
In multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.