Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] [Android] Safe Browsing doesn't work in android-core (Follow up to #8381) #8705

Closed
srirambv opened this issue Mar 16, 2020 · 7 comments · Fixed by brave/brave-core#16080
Closed

[Security] [Android] Safe Browsing doesn't work in android-core (Follow up to #8381) #8705

srirambv opened this issue Mar 16, 2020 · 7 comments · Fixed by brave/brave-core#16080
Assignees
@SergeyZhukovsky
Labels
feature/safebrowsing OS/Android Fixes related to Android browser functionality priority/P2 A bad problem. We might uplift this to the next planned release. privacy/feature User-facing privacy- & security-focused feature work. privacy QA Pass - Android ARM QA/Test-Plan-Specified QA/Yes release-notes/include security
Milestone
1.48.x - Release

Comments

@srirambv
Copy link
Contributor

Description

Safe Browsing isn't blocking anything in android core.

Steps to reproduce

  1. Visit https://testsafebrowsing.appspot.com/
  2. Try all of the links in the "Webpage Warnings"

Actual result

Not blocked.

Expected result

Should be showing the red interstitial pages just like on desktop.

Issue reproduces how often

Easy

Issue happens on

  • Current Play Store version? NA
  • Beta build? NA

Device details

  • Install type (ARM, x86): All
  • Device (Phone, Tablet, Phablet): All
  • Android version: All

Brave version

1.5.x Android-core release

Website problems only

  • Does the issue resolve itself when disabling Brave Shields? NA
  • Does the issue resolve itself when disabling Brave Rewards? NA
  • Is the issue reproducible on the latest version of Chrome? NA

Additional information

Follow up to #8381
@srirambv srirambv added security privacy/feature User-facing privacy- & security-focused feature work. QA/Yes OS/Android Fixes related to Android browser functionality labels Mar 16, 2020
@srirambv srirambv added this to Backlog in Android General via automation Mar 16, 2020
@srirambv srirambv mentioned this issue Mar 16, 2020
Closed
@diracdeltas diracdeltas added the priority/P2 A bad problem. We might uplift this to the next planned release. label Mar 24, 2020
@samartnik samartnik self-assigned this Apr 2, 2020
@jumde jumde self-assigned this Apr 3, 2020
@TheNightRider12
Copy link

Any updates to this issue? I think it would be good to have on Mobile, at least on Android, maybe iOS, since this feature is on Desktop. With the ability for users to turn it off of course. I for one would have it on just to be on the more secure side.

@bsclifton
Copy link
Member

bsclifton commented Jun 23, 2020
edited
Loading

Hi there @OnlinePlayer865 - we are making progress 😄 We're wrapping up this feature on iOS (see brave/brave-ios#1339) and are looking to merge soon (iOS product version 1.19?). We can then look at doing this on Android after taking care of some other priority work. I believe @jumde would be able to look at this in the next few months. Thanks for your patience! 😄

@TheNightRider12
Copy link

Perfect! Didn't think to check the iOS page. Thank you for the info!

@bsclifton bsclifton moved this from Backlog to P2 in Android General Sep 23, 2020
@fmarier
Copy link
Member

fmarier commented Nov 1, 2021

As mentioned in the security review, we decided against having our own implementation and went with Apple's built-in one.

For Android, we could either reuse the desktop implementation (this is what Firefox does on Android) or go with the SafetyNet API.

@samartnik samartnik removed their assignment Jan 20, 2022
@ByJumperX4
Copy link

Any progress on this ? Brave still has no safebrowsing working on Android :/

This was referenced Aug 29, 2022
Closed
Merged
@bsclifton bsclifton self-assigned this Sep 21, 2022
@bsclifton
Copy link
Member

bsclifton commented Sep 21, 2022
edited
Loading

We'll be starting work on this soon 😄 Doing some pre-work to see what is needed. We had taken a first step with #8664 (which looks correct) but that didn't work

I verified our Android build servers are setting the safebrowsing_api_endpoint value. Will update when I find out more.

@SergeyZhukovsky SergeyZhukovsky mentioned this issue Nov 24, 2022
Merged
25 tasks
Android General automation moved this from P2 to Done/Closed Nov 29, 2022
@SergeyZhukovsky SergeyZhukovsky added this to the 1.48.x - Nightly milestone Nov 29, 2022
@stephendonner
Copy link

stephendonner commented Jan 22, 2023
edited
Loading

Verified PASSED using 1.48.134 on a Google Pixel XL (arm64) running Android 9

Steps:

  1. installed 1.48.134
  2. launched Brave
  3. opened brave://flags
  4. set Safe Browsing to Enabled
  5. relaunched Brave
  6. tapped the 3-dots menu
  7. tapped Settings
  8. tapped Brave Shields & privacy
  9. tapped on Safe Browsing (defaulted to Off)
  10. tapped on Standard protection
  11. loaded https://testsafebrowsing.appspot.com/
  12. went through the Webpage warnings tests

Confirmed I got Safe Browsing warnings for each condition except malware, bad assets (will investigate)

Brave Shields & privacy Safe Browsing
Screenshot_20230122-015833 Screenshot_20230122-015841
phishing warning malware warning malware, bad subresource unwanted software warning malware, bad assets billing warning
Screenshot_20230122-015304 Screenshot_20230122-015318 Screenshot_20230122-015325 Screenshot_20230122-015332 (loaded assets; shouldn't have) Screenshot_20230122-015353

@kjozwiak kjozwiak removed this from Done/Closed in Android General Jan 30, 2023
@LaurenWags LaurenWags changed the title [Android] Safe Browsing doesn't work in android-core (Follow up to #8381) [Security] [Android] Safe Browsing doesn't work in android-core (Follow up to #8381) Feb 3, 2023
This was referenced Feb 7, 2023
Closed
Closed
@soner-yuksel soner-yuksel mentioned this issue Feb 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SergeyZhukovsky SergeyZhukovsky

Labels
feature/safebrowsing OS/Android Fixes related to Android browser functionality priority/P2 A bad problem. We might uplift this to the next planned release. privacy/feature User-facing privacy- & security-focused feature work. privacy QA Pass - Android ARM QA/Test-Plan-Specified QA/Yes release-notes/include security
Projects
None yet
Milestone
1.48.x - Release
Development

Successfully merging a pull request may close this issue.

Android safebrowsing safetynet brave/brave-core