- Hackers are using invisible Unicode to trick Android into opening dangerous links from notifications
- The link looks normal, but Android secretly opens something else without warning or consent
- Even trusted apps like WhatsApp and Instagram are vulnerable to this hidden notification exploit
A security flaw in Android’s notification system could allows malicious actors to deceive users into opening unintended links or triggering hidden app actions, experts have warned.
Research from io-no claims the flaw lies in how Android parses certain Unicode characters within notifications.
This creates a mismatch between what users see and what the system processes when the “Open Link” suggestion appears.
What you see isn’t always what you get
The problem stems from the use of invisible or special Unicode characters embedded within URLs.
When included in a message, these characters can cause Android to interpret the visible text and the actual actionable link differently.
For instance, a notification might visibly display “amazon.com,” but the underlying code actually opens “zon.com,” with an inserted zero-width space character.
The notification displays as “ama[]zon.com,” including the hidden character. However, the suggestion engine interprets that hidden character as a separator, which results in it launching an entirely different site.
In some cases, attackers can redirect users not just to websites but also to deep links that interact directly with apps.
The report showed how a seemingly harmless shortened URL led to a WhatsApp call.
To make attacks less detectable, malicious actors can use URL shorteners and embed links into trusted-looking text.
The flaw becomes particularly dangerous when combined with app links or “deep links” that can silently trigger behaviors such as initiating messages, calls, or opening internal app views without user intent.
Tests on devices including the Google Pixel 9 Pro XL, Samsung Galaxy S25, and older Android versions revealed that this misbehavior affects major apps like WhatsApp, Telegram, Instagram, Discord, and Slack.
Custom apps were also used to bypass character filtering and validate the attack across multiple scenarios.
Given the nature of this flaw, many standard defenses may fall short. Even the best antivirus solutions may miss these exploits, as they often don’t involve traditional malware downloads.
Instead, attackers manipulate UI behavior and exploit app link configurations. Therefore, there is a need for endpoint protection tools, which offer broader detection based on behavioral anomalies.
For users at risk of credential theft or app abuse, relying on identity theft protection services becomes critical to monitor unauthorized activity and secure exposed personal data.
Until a formal fix is implemented, Android users should remain cautious with notifications and links, especially those from unfamiliar sources or URL shorteners.
