fbpx
Saturday, November 9, 2024
Cyber SecurityTechnology

Google’s mysterious ‘search.app’ links leave Android users concerned

by Wire Tech

Google has left Android users puzzled after the most recent update to the Google mobile app causes links shared from the app to now be prepended with a mysterious "search.app" domain.

As the Google app is a popular portal for searching the web for Android users and delivers a personalized content news feed referred to as Google Discover, it has sparked concern among those who noticed the new links.

What are these mysterious search.app links?

On November 6, 2024, Google rolled out its an Android version 15.44.27.28.arm64 of its app.

Ever since then, links viewed in Google's in-app Chromium browser, when shared externally, are being prepended with a "search.app" domain.

BleepingComputer noticed the behaviour shortly after updating our Google app and we admit, the sight of a mysterious domain left us alarmed at first. Was our device compromised by adware?

Trending
Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates

Google app prepends links with the search.app domain
Google in-app browser prepends links with search.app
(BleepingComputer)

Our concerns are echoed by other users on Reddit this week.

"Recently (few days ago), I noticed that each link shared from the Google in-app web browser uses the 'search.app' domain," asked Reddit user danilopiazza.

"For example, trying to share the link to the Reddit front Page, I get: https://search.app?link=https%3A%2F%2Fwww.reddit.com%2F&utm_campaign=…&utm_source=…"

"Is this a new feature from the Google app?"

A reader responded, "It seems like it. I'm getting this too. At first I thought I was somehow infected with some kind of malware, or somehow some setting unbeknownst to me got changed."

Similar posts have emerged from others.

BleepingComputer observed links being shared via social media posts on X and Facebook via Google’s Android app this week are bearing the “search.app” domain too:

Social media posts bearing the search.app links
Social media posts to external sites bearing search.app links
(BleepingComputer)

Is search.app safe?

Put simply, search.app is a URL redirector domain, much like t.co used by X (formerly Twitter), Google’s g.co, or Meta’s m.me.

Prepending links with "https://search.app?link=" gives Google enhanced visibility into how links are being externally shared by the Google app users and who are clicking on these links (i.e. referrers).

In addition to collecting analytics, by placing itself between users and external links by using the "search.app" domain, Google now has the ability to block traffic to phishing or hacked domains, should a website go rogue, or in the event that users are mass-sharing questionable content with each other (such as a scam site).

In our tests, navigating to search.app directly took us to an "Invalid Dynamic Link" page with a Firebase logo.

Navigating to search.app directly shows a Firebase landing page
(BleepingComputer)

Firebase was acquired in 2014 by Google and has since become “Google’s mobile development platform that empowers you to quickly build and grow your app.”

We noticed a similar screen when navigating to Google's another domain: https://search.app.goo.gl/

Ironically, Firebase Dynamic Links are deprecated and set to be shut down by August 2025.

WHOIS records for both search.app and goo.gl show Google LLC as the registrant organization and MarkMonitor as the registrar.

Granted, according to our analysis, the search.app redirector URLs appears to be safe and officially operated by Google, the sheer lack of documentation surrounding the domain is odd, as is the lack of its mention in public changelogs of Google’s open source projects, such as Android or Chromium.

The rollout of the search app update is bound to alarm even more users in the coming days who may wonder if their device is behaving erratically or has been compromised by malware.

Is this is Google's attempt at imitating Apple News which prepends links to external stories with https://apple.news?

In the past, Google Chrome's use of strange GVT1.com domains has drawn the scrutiny of even the most skilled researchers due to the lack of public documentation surrounding these domains.

BleepingComputer approached Google for comment in advance of publishing and we are awaiting a response.

Related Articles:

Google Cloud to make MFA mandatory by the end of 2025

Google fixes two Android zero-days used in targeted attacks

New tool bypasses Google Chrome’s new cookie encryption system

Google to let businesses create curated Chrome Web Stores for extensions

Google Scholar has a 'verified email' for Sir Isaac Newton

________________________________________________________________________________________________________________________________
Original Article Published at Bleeping Computer
________________________________________________________________________________________________________________________________

You may also like

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade...

North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A Hacker’s Guide to Password Cracking

North Korean hackers use new macOS malware against crypto firms

CISA warns of critical Palo Alto Networks bug exploited in attacks

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

Unlock the Power of Technology with Tech-Wire: The Ultimate Resource for Computing, Cybersecurity, and Mobile Technology Insights

  • Mumbai, India
  • Email: info@tech-wire.in

Recent Posts

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud...
Meta beats suit over tool that lets Facebook users unfollow...
Why Adaptive LMSs Are The New Business Playbook

Userful Links

Our Policies

POPULAR CATEGORIES

Copyright @2023 All Right Reserved 

Facebook Twitter Instagram Linkedin Rss
@2021 - All Right Reserved. Designed and Developed by PenciDesign