Security News > 2020 > August > Fake Android notifications – first Google, then Microsoft affected
If you're a Google Android user, you may have been pestered over the past week by popup notifications that you didn't expect and certainly didn't want.
Abss noticed that many mainstream Android apps use a notification interface provided by Google known as FCM, short for Firebase Cloud Messaging, formerly Google Cloud Messaging, formerly Android Cloud to Device Messaging.
An application could define a topic called "News" and group users interested in the news category so as to send them similar notifications at once instead of sending notifications to every individual separately.
At first, he figured that an attacker would need to guess at the names of topics that the users of a particular app had signed up for, which would first mean figuring out the list of topics that each app offered.
A food delivery service that wanted to send a notification relating to two topics, say "Vegetarian" and "Pizza", wouldn't need to trigger two separate notifications, which would result in people interested in both topics getting two messages.
News URL
Related news
- Microsoft Bing shows misleading Google-like page for 'Google' searches (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)