Skip to content

Notification Spoofing

Notification Spoofing


The application exposes an input to receive unauthorized notifications, exposing the users to phishing, unauthorized access or even remote code execution.

Notification attacks have leveraged in the by malicious applications like WolfRAT and Mandrake.

A common cause of unauthorized notifications' exposure is insecure or missing permissions on Firebase services or 3rd party push notification like Cordova PushHandlerActivity.


To prevent unauthorized notifications, ensure the following protections are implemented:

  • Services and activities receiving notifications should be restricted with proper permissions
  • Ensure the permissions are set with secure protection levels appropriate to the application context


    • MSTG_AUTH_12
    • MSTG_AUTH_12