Security News > 2020 > August > Fake Android notifications – first Google, then Microsoft affected
If you're a Google Android user, you may have been pestered over the past week by popup notifications that you didn't expect and certainly didn't want.
Abss noticed that many mainstream Android apps use a notification interface provided by Google known as FCM, short for Firebase Cloud Messaging, formerly Google Cloud Messaging, formerly Android Cloud to Device Messaging.
An application could define a topic called "News" and group users interested in the news category so as to send them similar notifications at once instead of sending notifications to every individual separately.
At first, he figured that an attacker would need to guess at the names of topics that the users of a particular app had signed up for, which would first mean figuring out the list of topics that each app offered.
A food delivery service that wanted to send a notification relating to two topics, say "Vegetarian" and "Pizza", wouldn't need to trigger two separate notifications, which would result in people interested in both topics getting two messages.
News URL
Related news
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Google brings better bricking to Androids, to curtail crims (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)