Notification service is a popular functionality provided by almost all modern smartphone platforms. To facilitate customization for developers, many smartphone platforms support highly customizable notifications, which allow the third party applications to specify the trigger events, the notification views to be displayed, and the allowed user operations on the notification views.
In this paper, we show that notification customization may allow an installed trojan application to launch phishing attacks or anonymously post spam notifications. Through our studies on four major smartphone platforms, we show that both Android and BlackBerry OS are vulnerable under the phishing and spam notification attacks. iOS and Windows Phone allow little notification customization, thus launching the phishing and spam attacks will expose the identity of the trojan application. Attack demonstrations on all platforms are presented.
To prevent the phishing and spam notification attacks while still allowing notification customization, we propose a Semi-OS-Controlled notification view design principle and a Notification Logging service. Moreover, to protect applications from fraudulent views, we propose a view authentication framework, named SecureView, which enables the third party applications to add the authentication image and text to their sensitive views (e.g. the account login view). The implementation and demonstrations of proposed defense approaches on Android are also presented in the paper.