brave-browser icon indicating copy to clipboard operation
brave-browser copied to clipboard

Published 20 hours ago verified publisher icon brave

[Android] Safe Browsing doesn't work in android-core (Follow up to #8381)

Open srirambv opened this issue 4 years ago • 6 comments

Description

Safe Browsing isn't blocking anything in android core.

Steps to reproduce

  1. Visit https://testsafebrowsing.appspot.com/
  2. Try all of the links in the "Webpage Warnings"

Actual result

Not blocked.

Expected result

Should be showing the red interstitial pages just like on desktop.

Issue reproduces how often

Easy

Issue happens on

  • Current Play Store version? NA
  • Beta build? NA

Device details

  • Install type (ARM, x86): All
  • Device (Phone, Tablet, Phablet): All
  • Android version: All

Brave version

1.5.x Android-core release

Website problems only

  • Does the issue resolve itself when disabling Brave Shields? NA
  • Does the issue resolve itself when disabling Brave Rewards? NA
  • Is the issue reproducible on the latest version of Chrome? NA

Additional information

Follow up to #8381

srirambv avatar Mar 16 '20 12:03 srirambv

Any updates to this issue? I think it would be good to have on Mobile, at least on Android, maybe iOS, since this feature is on Desktop. With the ability for users to turn it off of course. I for one would have it on just to be on the more secure side.

TheNightRider12 avatar Jun 21 '20 20:06 TheNightRider12

Hi there @OnlinePlayer865 - we are making progress 😄 We're wrapping up this feature on iOS (see https://github.com/brave/brave-ios/pull/1339) and are looking to merge soon (iOS product version 1.19?). We can then look at doing this on Android after taking care of some other priority work. I believe @jumde would be able to look at this in the next few months. Thanks for your patience! 😄

bsclifton avatar Jun 23 '20 18:06 bsclifton

Perfect! Didn't think to check the iOS page. Thank you for the info!

TheNightRider12 avatar Jun 24 '20 15:06 TheNightRider12

As mentioned in the security review, we decided against having our own implementation and went with Apple's built-in one.

For Android, we could either reuse the desktop implementation (this is what Firefox does on Android) or go with the SafetyNet API.

fmarier avatar Nov 01 '21 22:11 fmarier

Any progress on this ? Brave still has no safebrowsing working on Android :/

ByJumperX4 avatar Aug 12 '22 15:08 ByJumperX4

We'll be starting work on this soon 😄 Doing some pre-work to see what is needed. We had taken a first step with https://github.com/brave/brave-browser/pull/8664 (which looks correct) but that didn't work

I verified our Android build servers are setting the safebrowsing_api_endpoint value. Will update when I find out more.

bsclifton avatar Sep 21 '22 19:09 bsclifton

Verified PASSED using 1.48.134 on a Google Pixel XL (arm64) running Android 9

Steps:

  1. installed 1.48.134
  2. launched Brave
  3. opened brave://flags
  4. set Safe Browsing to Enabled
  5. relaunched Brave
  6. tapped the 3-dots menu
  7. tapped Settings
  8. tapped Brave Shields & privacy
  9. tapped on Safe Browsing (defaulted to Off)
  10. tapped on Standard protection
  11. loaded https://testsafebrowsing.appspot.com/
  12. went through the Webpage warnings tests

Confirmed I got Safe Browsing warnings for each condition except malware, bad assets (will investigate)

Brave Shields & privacy Safe Browsing
Screenshot_20230122-015833 Screenshot_20230122-015841
phishing warning malware warning malware, bad subresource unwanted software warning malware, bad assets billing warning
Screenshot_20230122-015304 Screenshot_20230122-015318 Screenshot_20230122-015325 Screenshot_20230122-015332 (loaded assets; shouldn't have) Screenshot_20230122-015353

stephendonner avatar Jan 22 '23 09:01 stephendonner