Researchers Name: @dawnseclab
Nominating for the `mystique` bug, i.e. CVE-2021-0691 and other bugs in the chain in multiple vendors like Samsung, Xiaomi, Oppo including CVE-2021-25450, CVE-2021-25485 and CVE-2021-23243, that allows an application with zero permission to execute code in any other applications. Details of this research can be found at the whitepaper https://dawnslab.jd.com/mystique-paper/mystique-paper.pdf and delivered talk in CanSecWest 22 https://dawnslab.jd.com/mystique-paper/CSW22-mystique.pdf
Actually the core of this bug chain (CVE-2021-0691) is just one line of change in the android SELinux policy. One line of change, and the whole sandbox collapsed. Combined with multiple bugs in vendors, they achieved almost super power in the userspace.