Notification Listener Service Vulnerability
Christopher Ney
393

This isn’t a vulnerability, it is a tightly controlled affordance in the Android system. I would suggesting revising this more to be more of a “be extra cautious when using” article. This is akin to calling the Accessibility framework a vulnerability, it’s just giving trusted apps elevated privileges (with very explicit warnings).

Other than that, this is a great writeup and I appreciate you taking the time to show the potential security concerns when using notifications. A healthy paranoia dictates that anything passed to the system shouldn’t contain sensitive data, even things like startActivity().

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.