Security News > 2020 > August > Fake Android notifications – first Google, then Microsoft affected
If you're a Google Android user, you may have been pestered over the past week by popup notifications that you didn't expect and certainly didn't want.
Abss noticed that many mainstream Android apps use a notification interface provided by Google known as FCM, short for Firebase Cloud Messaging, formerly Google Cloud Messaging, formerly Android Cloud to Device Messaging.
An application could define a topic called "News" and group users interested in the news category so as to send them similar notifications at once instead of sending notifications to every individual separately.
At first, he figured that an attacker would need to guess at the names of topics that the users of a particular app had signed up for, which would first mean figuring out the list of topics that each app offered.
A food delivery service that wanted to send a notification relating to two topics, say "Vegetarian" and "Pizza", wouldn't need to trigger two separate notifications, which would result in people interested in both topics getting two messages.
News URL
Related news
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Google adds Android auto-reboot to block forensic data extractions (source)
- Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers (source)
- Google fixes actively exploited FreeType flaw on Android (source)
- Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android (source)
- Google’s Advanced Protection Now on Android (source)
- Google strengthens secure enterprise access from BYOD Android devices (source)