Security News > 2020 > August > Fake Android notifications – first Google, then Microsoft affected

Fake Android notifications – first Google, then Microsoft affected
2020-08-28 13:49

If you're a Google Android user, you may have been pestered over the past week by popup notifications that you didn't expect and certainly didn't want.

Abss noticed that many mainstream Android apps use a notification interface provided by Google known as FCM, short for Firebase Cloud Messaging, formerly Google Cloud Messaging, formerly Android Cloud to Device Messaging.

An application could define a topic called "News" and group users interested in the news category so as to send them similar notifications at once instead of sending notifications to every individual separately.

At first, he figured that an attacker would need to guess at the names of topics that the users of a particular app had signed up for, which would first mean figuring out the list of topics that each app offered.

A food delivery service that wanted to send a notification relating to two topics, say "Vegetarian" and "Pizza", wouldn't need to trigger two separate notifications, which would result in people interested in both topics getting two messages.


News URL

https://nakedsecurity.sophos.com/2020/08/28/fake-android-notifications-first-google-then-microsoft-affected/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4223 4523 728 9727
Microsoft 365 49 1366 2822 162 4399