"... a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required ..."
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/