Google has left Android customers puzzled after the latest replace to the Google cell app causes hyperlinks shared from the app to now be prepended with a mysterious “search.app” area.
Because the Google app is a well-liked portal for looking out the net for Android customers and delivers a customized content material information feed known as Google Uncover, it has sparked concern amongst those that observed the brand new hyperlinks.
What are these mysterious search.app hyperlinks?
On November 6, 2024, Google rolled out its an Android model 15.44.27.28.arm64 of its app.
Ever since then, hyperlinks seen in Google’s in-app Chromium browser, when shared externally, are being prepended with a “search.app” area.
BleepingComputer observed the behaviour shortly after updating our Google app and we admit, the sight of a mysterious area left us alarmed at first. Was our system compromised by adware?
(BleepingComputer)
Our considerations are echoed by different customers on Reddit this week.
“Recently (few days ago), I noticed that each link shared from the Google in-app web browser uses the ‘search.app’ domain,” requested Reddit person danilopiazza.
“For example, trying to share the link to the Reddit front Page, I get: https://search.app?link=https%3A%2F%2Fwww.reddit.com%2F&utm_campaign=…&utm_source=…”
“Is this a new feature from the Google app?”
A reader responded, “It seems like it. I’m getting this too. At first I thought I was somehow infected with some kind of malware, or somehow some setting unbeknownst to me got changed.”
Comparable posts have emerged from others.
BleepingComputer noticed hyperlinks being shared by way of social media posts on X and Fb by way of Google’s Android app this week are bearing the “search.app” area too:
(BleepingComputer)
Is search.app secure?
Put merely, search.app is a URL redirector area, very similar to t.co utilized by X (previously Twitter), Google’s g.co, or Meta’s m.me.
Prepending hyperlinks with “https://search.app?link=” provides Google enhanced visibility into how hyperlinks are being externally shared by the Google app customers and who are clicking on these hyperlinks (i.e. referrers).
Along with amassing analytics, by inserting itself between customers and exterior hyperlinks by utilizing the “search.app” area, Google now has the power to dam visitors to phishing or hacked domains, ought to an internet site go rogue, or within the occasion that customers are mass-sharing questionable content material with one another (akin to a rip-off web site).
In our assessments, navigating to go looking.app straight took us to an “Invalid Dynamic Link” web page with a Firebase emblem.
(BleepingComputer)
Firebase was acquired in 2014 by Google and has since develop into “Google’s mobile development platform that empowers you to quickly build and grow your app.”
We observed the same display screen when navigating to Google’s one other area: https://search.app.goo.gl/
WHOIS data for each search.app and goo.gl present Google LLC because the registrant group and MarkMonitor because the registrar.
Granted, in response to our evaluation, the search.app redirector URLs seems to be secure and formally operated by Google, the sheer lack of documentation surrounding the area is odd, as is the lack of its point out in public changelogs of Google’s open supply tasks, akin to Android or Chromium.
The rollout of the search app replace is certain to alarm much more customers within the coming days who could marvel if their system is behaving erratically or has been compromised by malware.
Is that is Google’s try at imitating Apple Information which prepends hyperlinks to exterior tales with https://apple.information?
Previously, Google Chrome’s use of unusual GVT1.com domains has drawn the scrutiny of even essentially the most expert researchers because of the lack of public documentation surrounding these domains.
BleepingComputer approached Google for remark upfront of publishing and we’re awaiting a response.
