"A security loophole in the official Gmail Android app opens the email spoofing attacks allowing anyone to change the sender email name."
The independent security researcher Yan Zhu has discovered a serious security issue in the Gmail Android app allows ill-intentioned to send an email pretending to be someone else. Clearly a similar loophole could represent a gift for phishers and scammers, the issue dubbed Email Spoofing, enable the forgery of an e-mail header so that the email appears to have originated from someone else than the legitimate sender.
In a classic email spoofing attack, threat actors need an SMTP (Simple Mail Transfer Protocol) server to send the email and a mailing application.
The researchers Yan Zhu, discovered a flaw in the Gmail Android app that allowed her to change her display name in the account settings so that the final recipient will not be able to know the identity of the email sender.
Bug in Android Gmail app allows effective email spoofing
Gmail Android App Lets Anyone Fake Their Email Address with Incredible Ease