Is Google Safe Browsing falling short on mobile?
Google has a pretty good record when it comes to protecting its users against online threats. Part of this is its Safe Browsing technology which scans billions of URLs each day to discover dangerous websites.
But research by mobile threat defense specialist Wandera has discovered a disparity between the protections available within Google’s desktop browser compared to its mobile browser.
Over a period of eight months, Wandera's threat research team repeatedly found that URLs that were being flagged as 'deceptive sites' when opened through the Google Chrome desktop browser were not being identified as malicious on the Chrome mobile app.
The company shared its findings with Google which provided an explanation as follows:
(1) Some Safe Browsing implementations have access to a different list of threats compared to the public API. Thus, you may see different results between Chrome and other clients.
(2) The mobile implementation of the browser receives a curated set of threats in the interest of using device bandwidth and memory responsibly.
Wandera's team note that, "This is consistent with what we see in security solutions that are fully contained on the endpoint. These technologies are often at the mercy of functionality that is exposed by the endpoint operating system. In the case of mobile, the OS vendors limit the amount of memory and system resources thus restricting the threat intelligence that can be applied to network-based threats."
You can read more on the Wandera blog and there's a video demonstrating the findings below.