A malicious app can exploit the issue, which could affect up to 30 percent of Android phones. The bug (CVE-2020-11292) exists in the Qualcomm Mobile Station Modem Interface, which is known as QMI for short. QMI is a proprietary protocol used to communicate between software components in the modem and other peripheral subsystems. A fix has been issued by Qualcomm, however the patches will be slow to roll out, according to Check Point researchers. The fix is expected to take time, so many of the phones are likely still prone to the threat.
Source: https://threatpost.com/qualcomm-chip-bug-android-eavesdropping/165934/