Next Article in Journal
A Review of Vehicle to Vehicle Communication Protocols for VANETs in the Urban Environment
Next Article in Special Issue
Security and Privacy in Wireless and Mobile Networks
Previous Article in Journal
The Improved Adaptive Silence Period Algorithm over Time-Variant Channels in the Cognitive Radio System
Previous Article in Special Issue
Investigating the Influence of Special On–Off Attacks on Challenge-Based Collaborative Intrusion Detection Networks
Article Menu
Issue 2 (February) cover image

Export Article

Open AccessArticle
Future Internet 2018, 10(2), 13; doi:10.3390/fi10020013

Push Attack: Binding Virtual and Real Identities Using Mobile Push Notifications

Electronic Engineering Department, University of Rome Tor Vergata, 00173 Rome, Italy
Author to whom correspondence should be addressed.
Received: 20 December 2017 / Revised: 26 January 2018 / Accepted: 29 January 2018 / Published: 31 January 2018
(This article belongs to the Special Issue Security and Privacy in Wireless and Mobile Networks)
View Full-Text   |   Download PDF [1944 KB, uploaded 31 January 2018]   |  


Popular mobile apps use push notifications extensively to offer an “always connected” experience to their users. Social networking apps use them as a real-time channel to notify users about new private messages or new social interactions (e.g., friendship request, tagging, etc.). Despite the cryptography used to protect these communication channels, the strict temporal binding between the actions that trigger the notifications and the reception of the notification messages in the mobile device may represent a privacy issue. In this work, we present the push notification attack designed to bind the physical owners of mobile devices with their virtual identities, even if pseudonyms are used. In an online attack, an active attacker triggers a push notification and captures the notification packets that transit in the network. In an offline attack, a passive attacker correlates the social network activity of a user with the received push notification. The push notification attack bypasses the standard ways of protecting user privacy based on the network layer by operating at the application level. It requires no additional software on the victim’s mobile device. View Full-Text
Keywords: online social network; push notification; privacy online social network; push notification; privacy

Figure 1a

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Loreti, P.; Bracciale, L.; Caponi, A. Push Attack: Binding Virtual and Real Identities Using Mobile Push Notifications. Future Internet 2018, 10, 13.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics



[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top