Pennsylvania State Employees Credit Union
Notification service is a popular functionality provided by almost all modern Smartphone platforms. To facilitate customization for developers, many Smartphone platforms support highly customizable notifications, which allow the third party applications to specify the trigger events, the notification views to be displayed, and the allowed user operations on the notification views. In this paper, the authors show that notification customization may allow an installed Trojan application to launch phishing attacks or anonymously post spam notifications. Through their studies on four major Smartphone platforms, they show that both Android and BlackBerry OS are vulnerable under the phishing and spam notification attacks. iOS and Windows Phone allow little notification customization, thus launching the phishing and spam attacks will expose the identity of the Trojan application.