This Android notification exploit could trick you into opening some very unfriendly links

Joe Maring / Android Authority
TL;DR A bug in Android notifications can cause the 'Open link' button to open a different link than the one displayed.
Hidden characters in the messages can confuse the system, causing it to open a link that only makes up a part of the one in the displayed notification.
Until Google issues a fix, it's safest to avoid using the 'Open link' button and open links manually in the app.
You might want to think twice before tapping that link in your Android notifications, even if it looks safe. A newly discovered bug means that the link you see in the notification might not be the one you're actually opening, and the potentially dangerous consequences are apparent.
In a clear and detailed blog post, Security researcher Gabriele Digregorio lays out how Android's 'Open link' button — the one that shows up in notifications from apps like WhatsApp, Instagram, or Slack — can be manipulated to send users to a completely different website than the one shown. The trick involves inserting hidden Unicode characters into a message, which can fool Android into reading the text differently when deciding which part of the notification text is the link.
For example, the system might show you a link to Amazon.com, but when you tap 'Open link,' it subtly takes you to zon.com instead. That's exactly what happened in one test, where an invisible character was used to split the word into two. Android displayed the full address in the notification as if it were legit, but treated only the second part (zon.com) as the actual link. Digregorio demonstrates this example in the YouTube video below.
It's easy to see how this could be used to trick people into visiting phishing sites, or even to trigger actions inside apps via deep links. One example in Digregorio's report shows a WhatsApp link that opens a chat with a preset message. This is a legitimate WhatsApp feature, but it's potentially risky if used deceptively. In theory, apps should always ask for confirmation before carrying out any action triggered by a link. However, some don't, which means tapping the wrong link could launch something instantly.
Google was notified about the bug in March but hasn't patched it yet. In correspondence with the researcher, Google assessed the issue as moderate severity, which appears to mean it will be addressed in a future update, but doesn't warrant a separate and immediate security patch. At the time of the blog's publication on Wednesday, the issue still affected phones running Android 14, 15, and 16, including the Pixel 9 Pro. iPhones behave differently, highlighting suspicious links more clearly, but similar tricks are technically possible.
Until a fix arrives, the safest option is to avoid tapping these notification-generated links altogether. If something looks important, open the app directly instead, and double-check any links before you visit them.
Got a tip? Talk to us! Email our staff at
Email our staff at news@androidauthority.com . You can stay anonymous or get credit for the info, it's your choice.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Tom's Guide

an hour ago

• Tom's Guide

I tested Perplexity vs Google AI overview with 7 prompts — the results were shocking

Search is undergoing a profound change. For decades, Google has dominated the web search world, with some 90% of all searches funnelled through the massive Google machine. But suddenly, with the arrival of artificial intelligence, things are starting to change, and seriously so. Not only are people increasingly using AI products like ChatGPT as their default search tool, but companies like Perplexity are also building businesses around search services. The idea is to combine the power of AI analysis with the huge amount of conventional search data available at the end of a cursor. But Google is fighting back. The company has recently released an advanced search function called AI Overviews, which aims to bridge the two disciplines and deliver the kind of informed search results the market demands. It's a new kind of search on steroids. So how do the two approaches compare in everyday use? We take a look at Google's new AI Overviews and compare the results to Perplexity AI, to see which gives a better bang for the buck. Prompt: Summarize the key contributions of John McCarthy, Geoffrey Hinton and Noam Shazeer to the development of artificial intelligence. We thought we'd start with something close to home - a look at the architects of AI from the past. First impressions are that Google delivers a competent but fairly traditional results page from this request. Its answer of 238 words covers all the basic points and gives a good overview of the points as you'd expect. Perplexity delivers over 400 words, but it's more than just the quantity that's impressive. It's the fact that the results are laid out in a much more engaging manner, with the user being encouraged to explore additional information in a variety of different ways. They can explore related data, look directly at the sources and even regenerate the results to get a different perspective. Where Google seems to do the bare minimum, Perplexity really seems to add user value. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Google 4/10 Perplexity 7/10 Prompt: Create a 3-day itinerary for a first-time visitor to Tokyo on a modest budget. The user is interested in Japanese culture and food, but wants to avoid tourist traps. This is a real kicker, a stark example of the old versus the new. Google completely fails to deliver any meaningful response, but instead retreats to a standard Google search. The answer merely features a selection of third-party websites offering tour advice. This is obviously beneficial to Google as it will no doubt allow it to earn ad revenue. Perplexity, on the other hand, delivers a glorious 1000 words of real down-to-earth itinerary. This includes gorgeous photos, maps and itemized costings, which will be more than enough for the user to get a great idea of the proposed experience. Google 2/10 Perplexity 9/10 Prompt: What is the technology behind noise cancelling headphones? Once again we can see the difference between traditional search results and new style AI analysis, although in this case the difference is not so great. Google's results are very credible with 186 words of explanation, along with a useful YouTube video. Perplexity, however, takes it to a more advanced level. The explanation is roughly the same, but the prose is much more accessible to a layperson. Instead of using the word 'inverse', for example, the app chooses to use simpler English to explain how sound is cancelled. It's a subtle but important use of 500 words to achieve a more understandable answer. Google 6/10 Perplexity 8/10 Prompt: Explain the 'double-dig' method of garden bed preparation and contrast it to no-till farming This is quite an obscure test, involving little-known agricultural techniques. But for gardeners it's a very important topic. Google's response is very workmanlike and informative, and uses 260 words to deliver a good answer to the question. The use of Reddit and the Royal Horticultural Society (RHS) are also great sources, which add authority to the answer. Unfortunately for Google, Perplexity once again matches and exceeds in response quality. The RHS and Reddit are also mentioned, as is YouTube. But two things really make this answer stand out. First, the use of a great table to explain the differences at a glance and, most importantly, a conclusion, which gives a clear indication as to why no-dig is increasingly considered the better solution. Google 7/10 Perplexity 8/10 Prompt: What are the primary compliance challenges for a US-based tech startup under the EU's AI Act? This request pushes search to the limits of topicality and obtuse legal documents. Surprisingly, Google's results are very lackluster. The search engine offers up a 57 word March 2025 'featured snippet' from an obscure third-party publication, and that's it. It shows no interest in digging deeper into the topic for the user. Yet again Perplexity tries harder. We're talking 600 words set in a beautiful bullet point format, running through the main challenges and issues surrounding compliance. Along with 9 easily accessible sources and a handful of related subject matter links. Masterful. Google 2/10 Perplexity 8/10 Prompt: What does the history and potential future of blockchain and cryptocurrency look like? This prompt clearly demonstrates why Google's AI Overview is unfortunately not really ready for prime time. The original prompt was something like 'explain cryptocurrency to a fifth grader', but when tested Google couldn't handle it and served up a lame Quora snippet. It's only when we changed the prompt to this one that AI Overview kicked into action, and delivered a reasonable result. It's obvious there's not that much AI involved in AI Overview yet. Interestingly though, this was probably Google's best result. We got 400 words of densely packed information covering the topic clearly and succinctly. Perplexity was also good, providing 600 words and a nice table. Not much to choose between the two then. Google 8/10 Perplexity 8/10 Prompt: What kind of cat is this? For the final prompt we thought we'd go with something a little more exotic. Both search platforms support image upload, so what better than to upload a friendly looking cat to get some more information? Google takes the uploaded image as a prompt to display a page full of similar images, which aligns with its original image matching search. But a re-prompt of 'what kind of cat is this' then delivered a very short four line answer which, although correct, was not super helpful. Perplexity's response was 246 words, with bullets points, covering coat pattern, fur, and the breed. Even a fun fact (calico cats are almost always female). Engaging and informative. Google 3/10 Perplexity 7/10 The king is dead, long live the king? Based on this showing, the rumors could indeed be true. The mighty Google may in fact be on the way to losing its grip on the world's search traffic. Is this the end of an era? Time will tell. However if there's one thing we've learned over the years, it's never to discount the ability of the Google empire to strike back. Uniquely in the world, the company has the compute power, the data and the legendary AI pedigree to surprise us all. Test Notes. It should be noted that we did not use any of the advanced Perplexity functions, but kept to the basic default service. Which make the results even more impressive. It's also important to recognize the fact that AI can get things wrong. Both services feature disclaimers which stress that users should not assume AI search responses are factually correct. This is an early technology finding its feet, users should take care.

Android Authority

an hour ago

• Android Authority

3 tips I use every time I travel to avoid exorbitant roaming fees

Ryan Haines / Android Authority I still remember when my husband got slapped with an exorbitant €70 extra fee on his €10 basic mobile plan because he mistakenly went online for a few minutes during a layover in Turkey. Since then, avoiding roaming fees has been our personal crusade, especially since we like travelling and our basic local data plans have ridiculously expensive fees when we step outside of Europe. Over the years, I've put together a three-prong strategy to avoid paying for roaming fees, and while these work very well for me when traveling out of France, they should also apply to you, no matter where you come from. If you're in the US, my colleague Andrew Grush has specifically added a section at the end to help you make better decisions about using roaming plans versus eSIMs. Just buy a good travel eSIM Rita El Khoury / Android Authority The best way of avoiding roaming fees is to have a local SIM, but that's not always the most practical solution. This is why I've been singing the praises of eSIMs — or electronic SIMs — for four years now, and I'll keep on doing that. Instead of spending hours researching the best prepaid operators and SIM plans in the country (or countries) I'm traveling to, finding a store that sells them near my airport or hotel, going there in person and waiting to buy a physical SIM while often providing ID documents, and then waiting for it to activate or figuring out how to do it in a bunch of foreign language messages or apps, I just buy a digital eSIM. The benefit of travel eSIMs is immense. For starters, research is quick: I usually go to aggregators like Mobimatter, eSIMdb, or SimSurf to find the best plan for my trip in terms of days and gigabytes of data. I often gravitate towards Airalo for short stays or multi-country stops, Holafly when I need unlimited data to do some real work, and a few other carriers like GlobaleSIM or eSIMgo in different contexts. But if the provider or operator with the best offer is unknown to me, I'll do a quick search to see what people say about their service and decide accordingly. When I find the one I want, I buy the eSIM, install it on my phone in a few minutes, and activate it. All of this is done in about half an hour tops, from the comfort of my couch and before even leaving my home country. An eSIM is almost as cheap as buying a local SIM and almost as convenient as using a roaming plan on your current SIM. That ensures I'm ready the moment my train drives into a new country or my plane lands in a foreign airport. My new eSIM usually goes online in less than a few minutes, letting me coordinate Uber pickups, research my public transport routes, or simply tell my loved ones I've landed safely over WhatsApp or Google Messages. There's no beating the simplicity, efficiency, and convenience of buying an eSIM versus getting a local SIM to avoid roaming. People used to accept the burn of roaming fees because it was more convenient than figuring out the entire process of buying a local SIM, but with eSIMs, this whole ordeal is distilled to a few simple steps. The convenience excuse is moot. The only thing to remember is that many eSIMs are data-only, so they won't let you make phone calls. If you want to be able to call restaurants for reservations or your Airbnb host to coordinate logistics, then you should make sure that the eSIM you buy allows phone calls, too. Luckily, though, most businesses nowadays offer email or instant messaging alternatives to phone calls, and I've never really felt the need to have a calling eSIM with me in the dozens of countries I've been to in recent years. That's why I just stick to cheaper, data-only eSIMs, but your needs might be different. Turn off roaming on my main SIM before traveling The one mistake I often made and that cost me extra when I first started traveling and using eSIMs was that I forgot to turn off roaming on my primary SIM at the right time. See, Android doesn't let you turn off roaming if you're disconnected from the network or the SIM is disabled. My mistake was that I always switched into Airplane mode on my Pixel before going on a plane, only to discover when I landed that I couldn't disable roaming on my primary SIM without going online with it for a few seconds to enable the SIM menu. In some cases (eSIM not fully set up yet as the default data provider or when using a physical travel SIM I had bought years ago), this raked up dozens of Euros as my phone would roam during those short seconds while apps caught up and thus syphon several expensive megabytes of data in a split second. Sometimes you can get away with it, but it's always safer to disable roaming on your home SIM before you travel. The other option would be to keep my primary SIM deactivated for the entirety of the trip, thus risking missing critical incoming calls or messages. SIMs menu greyed out in Airplane mode SIM settings inaccessible when SIM is inactive Roaming option shows up when SIM is active To avoid all this, I started following these steps religiously on every trip: I go to Settings > Network & internet > SIMs > pick my primary SIM and then disable Roaming, all before turning on Airplane mode or disconnecting. This ensures that even if I mistakenly turn on my main SIM later, it won't use roaming data. And if I choose to turn it on to keep access to my incoming phone calls and messages, then there's still no risk of incurring exorbitant fees due to app and data updates. Use a VPN on hotel and public Wi-Fi Data, whether on a travel-friendly eSIM or a local plan, is often not as cheap as Wi-Fi. When traveling, I often go for 5GB or 10GB plans that are enough for Google Maps directions and searches, messaging, browsing, and various app usage for the duration of my trip. But that's sometimes not enough if I need to do some work, stream a football game, or back up my Google Photos. For a few years, I avoided doing any of that on public Wi-Fi networks, then I decided that it was time to adopt the VPN life. I still don't connect to too many public networks at cafés, airports, and hotels during my trips, but when I do, it's always with a VPN to keep my data encrypted and as private as possible. This ensures that other users or admins on the same public network can't snoop in on me, track my browsing, or access my personal data. Since I'm often touting a Google Pixel, I activate the built-in and free VPN by Google. It's a no-fuss solution for my needs, especially since I only need a temporary VPN for my trip. On other phones, I mostly resort to ProtonVPN, which is also free. If you need a more powerful VPN that gives you faster speeds and lets you choose the country you're tunneling through to stream your Netflix or sports as if you're still in the same country, there are plenty of good VPN choices between NordVPN, SurfShark, ExpressVPN, and others. (If your home router allows it, you may also be able to set up a VPN for free that tunnels you directly to your home network. Synology, Ubiquiti, ASUS, TP-Link, and other brands offer this on their routers.) Just pick the VPN you want, and know that you can connect to any free Wi-Fi network nearby with more ease of mind. No need to roam to keep your security, and no need to buy a super big and expensive eSIM plan to make sure you can do your most data-heavy activities on it. I call this a win-win and the best balance between convenience and security. The best roaming-friendly plans in the US: When to use and when to avoid them Edgar Cervantes / Android Authority Most of Rita's tips above definitely still apply to the US. For instance, services like Airalo can be an excellent choice for those already using one of the big three providers and seeking supplemental coverage while traveling abroad. In my experience, using eSIM is the most convenient way to access these plans as well. However, the US market also offers some great prepaid plans that can cover your travel needs without additional costs. While most prepaid plans are designed to replace your main carrier, what if you're simply looking for a temporary solution during your travels? It honestly depends on your intended length of stay abroad and whether you'll be visiting a single country or multiple destinations. For short, single-destination trips, travel eSIM services such as Airalo or Holafly are likely your most cost-effective option. For example, a brief trip of a few weeks to Japan costs around $18 for 10GB of data valid for 30 days. A service like Google Fi would cost you significantly more. If your travel plans include extended stays or visits to multiple countries, Google Fi becomes a valuable alternative. Its Flexible plan is $20 per month plus $10 per gigabyte of data used. While this can accumulate quickly, Google Fi conveniently and instantly works in over 200 countries. So, if you're embarking on a long, multi-country business trip, Google Fi's ease of use may justify the higher cost. For frequent travelers, whether for business or leisure, another appealing option is switching permanently to prepaid. Prepaid plans often offer more affordable services and, in some cases, match or exceed the international travel perks provided by major carriers. Here are two standout recommendations: For shorter trips, Visible is an excellent choice . The Visible Plus plan costs just $30 per month and includes one free Global Pass travel day each month, which can accumulate up to 12 days. For an extra $10 per month, the Plus Pro plan adds an additional Global Pass travel day per month. . The Visible Plus plan costs just $30 per month and includes one free Global Pass travel day each month, which can accumulate up to 12 days. For an extra $10 per month, the Plus Pro plan adds an additional Global Pass travel day per month. For longer stays, Google Fi is unmatched. Although the Unlimited Premium plan is pricier at $65 per month, it mirrors the features of major carriers and surpasses them by providing 50GB of high-speed data per month in over 200 destinations. Moreover, with multiple lines, the price per line can decrease to as low as $40. While Visible and Google Fi are two of the best prepaid carriers when it comes to international features, you'll find that even providers like US Mobile and Mint provide at least some level of international access in 2025. For even more options, be sure to check out our guide to the best phone service providers in the US.

Yahoo

an hour ago

• Yahoo

Here's Why I'm Buying Alphabet Stock Like There's No Tomorrow

Generative AI is challenging Alphabet's Google search business. The company's financial results have remained strong despite this rising competitor. 10 stocks we like better than Alphabet › Alphabet (NASDAQ: GOOG) (NASDAQ: GOOGL) doesn't get the same respect as its big tech peers. These stocks all trade at a premium to the market, as measured by the S&P 500 (SNPINDEX: ^GSPC), while Alphabet does not. There is a lot of pessimism that Alphabet's primary cash cow, the Google search engine, could be losing its dominance, threatening the company as we know it today. However, the numbers don't back this up. Google Search is still dominant and making a ton of money. Because of Alphabet's strong financial picture and cheap price, it's an excellent stock to load up on right now. Most of the concern about Alphabet losing market share involves users switching to alternatives, such as generative AI models. Regardless of which one they use, each time a generative AI model is asked a question, it is one time that Google isn't able to place ads in front of a user. This threatens a core part of the company's business because it gets 56% of its revenue from search. We've seen Google's market share slip a bit, dropping below 90% for the first time since 2015 earlier this year. Still, this doesn't mean the financial picture is trending in the wrong direction, as Google Search revenue rose 10% year over year in the first quarter. One thing helping Google maintain its position is the introduction of AI search overviews, which bridge the gap between a traditional Google search and using a generative AI model. Management has discussed how popular the feature is, and it is going to continue developing it. Although the forecast for Google's market share isn't particularly great, it's still doing an excellent job with its business. I think the market is underestimating the fact that most consumers aren't going to switch away from Google unless something much better is launched. This will protect Alphabet's mindshare and ensure that it continues producing solid results. The first quarter's results were truly fantastic and did not indicate a company that was struggling at all. In that quarter, overall revenue increased 12% year over year, and diluted earnings per share (EPS) increased 49% year over year. If all I presented were those growth rates and its valuation, you would think it's an incredibly undervalued stock. But because Alphabet's name is attached to the stock, it trades at a hefty discount to the market and its peers. With the stock trading at a mere 18.6 times forward earnings, it's far cheaper than the S&P 500, which trades at 22.9 times forward earnings. The results become even more eye-opening compared to some of its peers in big tech. Revenue Growth Rate Diluted EPS Growth Rate Forward P/E Alphabet 12% 49% 18.6 Apple 5.1% 7.8% 27.6 Microsoft 13.3% 17.7% 35.8 Amazon 8.6% 62.2% 34.8 Data source: YCharts. Note: All growth rates were taken from each company's last reported quarters. Alphabet is posting results similar to these other three, yet it trades for a massive discount compared to them. This makes me conclude one of two things: The other big tech stocks are overvalued, or Alphabet is undervalued. Both can be true, but what matters is what investors do with their money. Alphabet is a great stock right now, as it combines growth and value well. This combination could provide explosive returns in the future, making it one of my best stocks to buy. Before you buy stock in Alphabet, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and Alphabet wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $659,171!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $891,722!* Now, it's worth noting Stock Advisor's total average return is 995% — a market-crushing outperformance compared to 172% for the S&P 500. Don't miss out on the latest top 10 list, available when you join . See the 10 stocks » *Stock Advisor returns as of June 9, 2025 Suzanne Frey, an executive at Alphabet, is a member of The Motley Fool's board of directors. Keithen Drury has positions in Alphabet. The Motley Fool has positions in and recommends Alphabet. The Motley Fool has a disclosure policy. Here's Why I'm Buying Alphabet Stock Like There's No Tomorrow was originally published by The Motley Fool