Google has enjoyed a long history of providing software that is aimed at protecting customers online. Google’s program for eradicating online threats involves the use of both manual and automatic scanners to trawl the internet to locate websites involved in phishing or malware activities.

Part of this program is Google’s Safe Browsing technology which scans billions of URLs each day and reportedly discovers thousands of dangerous websites daily. However, this technology isn’t being made available consistently to users of different platforms.

Wandera’s threat research team has discovered a disparity between the protections available within Google’s desktop browser versus its mobile browser.

Google Safe Browsing provides a service to check URLs against Google’s lists of unsafe web resources. According to Google, the service is updated constantly and functions as a warning system within browsers to alert users when they navigate to URLs that may contain malicious content.

Over a period of eight months, Wandera’s threat research team repeatedly found that URLs that were being flagged as ‘deceptive sites’ when opened through the Google Chrome desktop browser were not identified as malicious on the Chrome mobile app. At the time of writing, some examples of such websites include:

  • https://pemblokiran-id4.webnode[.]com/join-us/Facebook
  • http://elon-surprise[.]space/
  • https://d2psports[.]com/wp-includes/ID3/780124493652184769172031169852364079820/rapidly/
  • http://n26-onlinebanking[.]com/login/login.php

In the desktop version of Chrome, when a user attempts to visit a site that has been flagged as unsafe, a red warning page appears indicating ‘deceptive site ahead’.

Meanwhile, users can navigate to these same pages with their mobile Chrome browser without any warning or block to indicate the page is malicious, leaving them vulnerable to known and unknown security threats.

In an exchange we had with Google, they provided the following explanation:

(1) Some Safe Browsing implementations have access to a different list of threats compared to the public API. Thus, you may see different results between Chrome and other clients.

(2) The mobile implementation of the browser receives a curated set of threats in the interest of using device bandwidth and memory responsibly.

This is consistent with what we see in security solutions that are fully contained on the endpoint. These technologies are often at the mercy of functionality that is exposed by the endpoint operating system. In the case of mobile, the OS vendors limit the amount of memory and system resources thus restricting the threat intelligence that can be applied to network-based threats.

Additionally, endpoint-based security solutions are dependent on prepackaged threat intelligence that is by definition static and therefore limited in their efficacy.

Network-based security technology is not constrained by trying to address all threat vectors from the endpoint. Solutions like Wandera—which operates an endpoint application and a network security stack—are able to detect and block malicious domains within minutes of them being launched. By applying machine learning technology to make dynamic risks assessments in real time and by eliminating dependency on OS capabilities efficacy improves dramatically and users stay protected regardless of the platform they use to access the internet. Learn more.