Security News > 2020 > August > Fake Android notifications – first Google, then Microsoft affected
If you're a Google Android user, you may have been pestered over the past week by popup notifications that you didn't expect and certainly didn't want.
Abss noticed that many mainstream Android apps use a notification interface provided by Google known as FCM, short for Firebase Cloud Messaging, formerly Google Cloud Messaging, formerly Android Cloud to Device Messaging.
An application could define a topic called "News" and group users interested in the news category so as to send them similar notifications at once instead of sending notifications to every individual separately.
At first, he figured that an attacker would need to guess at the names of topics that the users of a particular app had signed up for, which would first mean figuring out the list of topics that each app offered.
A food delivery service that wanted to send a notification relating to two topics, say "Vegetarian" and "Pizza", wouldn't need to trigger two separate notifications, which would result in people interested in both topics getting two messages.
News URL
Related news
- Google: Gemini AI for Android processes sensitive data locally (source)
- Google says it's focusing on privacy with Gemini AI on Android (source)
- Google Removing Poor-Quality Android Apps From Play Store to Boost Engagement (source)
- Google backports fix for Pixel EoP flaw to other Android devices (source)
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 68% (source)
- Google sees 68% drop in Android memory safety flaws over 5 years (source)
- Fake WalletConnect app on Google Play steals Android users’ crypto (source)