- Home
- Techniques
- Mobile
- Access Notifications
Access Notifications
A malicious application can read notifications sent by the operating system or other applications, which may contain sensitive data such as one-time authentication codes sent over SMS, email, or other mediums. A malicious application can also dismiss notifications to prevent the user from noticing that the notifications arrived and can trigger action buttons contained within notifications.[1]
Procedure Examples
Name | Description |
---|---|
Bread | |
Corona Updates |
Corona Updates can collect messages from GSM, WhatsApp, Telegram, Facebook, and Threema by reading the application’s notification content.[3] |
Mandrake |
Mandrake can capture all device notifications and hide notifications from the user.[4] |
WolfRAT |
Mitigations
Mitigation | Description |
---|---|
Application Developer Guidance |
Application developers could be encouraged to avoid placing sensitive data in notification text. |
Enterprise Policy |
On Android devices with a managed work profile (enterprise managed portion of the device), the |
Detection
The user can inspect (and modify) the list of applications that have notification access through the device settings (e.g. Apps & notification -> Special app access -> Notification access).
References
- Lukáš Štefanko. (2019, June 17). Malware sidesteps Google permissions policy with new 2FA bypass technique. Retrieved September 15, 2019.
- Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020.
- T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.
- R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.
- W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020.
- Android. (n.d.). DevicePolicyManager. Retrieved September 15, 2019.