Bug in Gmail app for Android Allows anyone to Send Spoofed Emails

Bug in Gmail app for Android Allows anyone to Send Spoofed Emails: A security researcher has discovered an interesting loophole in Gmail Android app that lets anyone send an email that looks like it was sent by someone else, potentially opening doors for Phishers.

This is something that we call E-mail Spoofing – the forgery of an e-mail header so that the email appears to have originated from someone other than the actual source.

Generally, to spoof email addresses, an attacker needs:

1. A working SMTP (Simple Mail Transfer Protocol) server to send email
2. A Mailing Software

However, an independent security researcher, Yan Zhu, discovered a similar bug in official Gmail Android app that allowed her to hide her real email address and change her display name in the account settings so that the receiver will not be able to know the actual sender.