Bug in Android Gmail App Which Allow Users to Send Hoax Emails
Bug in Android Gmail App Which Allow Users to Send Hoax Emails

Yan Zhu is a security researcher who found vulnerability is an Android Gmail Application and reported to Google but in replay from Google made Yan upset and made a new tweet which also convert into the fun (read below the statement).

[dropcap]I[/dropcap]n the month of October, many security flaws have been discovered as well as security breach have also occurred. Separate security researcher Yan Zhu, who have discovered a security loophole in the Android-based platform of Gmail application.

We all know that phishing is a criminal offence but in here these researchers have done this pushing and soon after the security vulnerability revealed in Android Gmail app, Yan reported the flaws to Google Product manager support team.

Bug in Android Gmail App Which Allow Users to Send Hoax Emails

Bug in Android Gmail App Which Allow Users to Send Hoax Emails
Bug in Android Gmail App Which Allow Users to Send Hoax Emails

Later on Yan explained the situation created with the app, here what happens, the app have some sort of code lack that can allow users to send email to anyone but with having different name, suppose if sender’s name is Mantosh and he can send mail which can show to the receiver as “Mantosh [email protected]” (without quotes) but who it can be shown, sender can alter the name and email but email must be having quotes as this “[email protected]” later on to the receiver the quotes will be invisible to the receiver but the ID as [email protected] will be visible to the viewer with name.

In this case sender can hide their own real ID with fake ID to shown up receiver which can lead a big security risk to anyone, this types of unaware security vulnerability people may get in trouble but for good reason Yan have told this vulnerability to Google as we have said earlier. But what happened after reported the vulnerability? the reply from Google security will make you shock.

Security team reply a return note to Yan written “Thanks for your note, we don’t consider this to be a security vulnerability,” soon after the unhealthy respond from Google security team yan decided to reveal this vulnerability to social networks such as Twitter as given below.

She said… “Filed a Gmail Android bug that lets me fake sender email address they said it’s not a security issue. ¯_(ツ)_/¯”

This can only be done from your Android gmail application, however, you can also be pressure as a low-risk vulnerability but, unfortunately, this might still have attractive attention to the culprit or hackers with having a dirty mind, with this vulnerability this can mislead to the receiver or the email reader. as I have provided an awesome example above. Only malicious intention having people can do this types of trick, thanks to her Yan Zhu, and all this have been asserted to Google, but Google reply back with an unexpected answer, instead of solving the issue of an Android gmail application.

Gmail has already developed with spoofed vulnerability possibility, Gmail inbuilt features are so strong that redirect the offended emails to spam, or with displaying warning pop-ups to its users.

Motherboard has said about the report and also they have contacted with Yan Zhu and also with Google to discuss with the vulnerability but, Yan Zhu have already told all this activity to Motherboard, later on Motherboard have also asked Google to rectify the problems as quick as possible.

Also Read:

After all this situation created on Twitter Yan Zhu account, other followers of Yan have made fun of her research and her report to Google Security team. One of the flower Phred have made real fun of the tweet, wrote “Send the email from Sergey or Larry and tell them it’s high priority bug that they need to fix immediately, Problem Solved