Earlier this week, an independent security researcher by the name of Yan Zhu discovered that it was possible for a user to make their email look like it was sent by someone else using Google’s Gmail app on Android devices. I know what you’re thinking, that this is a perfect opportunity for unwanted and dangerous phishing emails, and you’d be 100% correct.
Yan decided to reach out to Google telling the about the bug in their Gmail app and received a reply shortly after from the company saying that it wasn’t a security vulnerability (screenshot below).
Fast forward only four days later and an article pops up on the same website where I found this information saying that “Google is working to fix an unusual bug that allows anyone to pretend to be someone else in the Gmail app for Android, after the company initially dismissed it as ‘not a security vulnerability.'” I personally think it’s quite strange that a tech giant like Google would take lightly to this situation in the first place.
This would have most likely been addressed by Google immediately if only someone pretended to be Larry Page or Sergey Brin using this simple exploit. Now that would have been great.