Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google Optimizes Safe Browsing API for Mobile

Google on Friday announced a new version of its Safe Browsing API and a focus on maximizing protection for both mobile and desktop users.

Google on Friday announced a new version of its Safe Browsing API and a focus on maximizing protection for both mobile and desktop users.

Initially designed to provide developers with access to the company’s lists of suspected unsafe sites, Safe Browsing has evolved into a protection mechanism for users around the world. Over the past few years, Google has made several improvements to Safe Browsing, which now includes alerts for potentially unwanted programs (PUPs).

Over time, the company has made various enhancements to Safe Browsing, expanded it to the Chrome browser, including the Android version, and added it to Google Search. Just last month, the company announced a series of Safe Browsing improvements for network admins.

“Safe Browsing protects well over two billion internet-connected devices from threats like malware and phishing, and has done so for over a decade,” Emily Schechter and Alex Wozniak, Safe Browsing Team, note in a blog post.

Last week, the Internet giant launched the fourth Safe Browsing API version over a nine-year period, after making the first API version available in 2007. Along with the availability of Safe Browsing API version 4, Google announced that it is starting the deprecation process for v2-3. Developers are encouraged to transition from the older protocol versions to the newly announced one as soon as possible.

According to Google, the great increase in mobile device use for accessing the Internet was one of the reasons a new API version was needed given the constraints of mobile devices, including limited power, network bandwidth, and costs of cellular data.

Safe Browsing protocol version 4 has been optimized for this new environment, with Google focusing mainly on maximizing “protection per bit” for all Safe Browsing users, mobile and desktop alike. Clients using the new API can define constraints such as geographic location, platform type, and data caps for an efficient use of device resources and bandwidth, thus ensuring maximum protection within the stricter mobile constraints.

Additionally, Google revealed that the new protocol has been implemented in the Safe Browsing client on Android since December and that Chrome 46 for Android was the first app to use it. The Internet company also explains that it is making a device-local API available for Android developers so that they won’t have to implement their own version 4 client. As a result, a single, up-to-date instance of Safe Browsing data would be present on a device, which will also ensures a minimum use of resources.

Advertisement. Scroll to continue reading.

The new device-local API is not available as of now, but Google plans on releasing it as soon as possible. In the meantime, using Safe Browsing Version 4 API directly allows developers to check pages against the Safe Browsing lists based on platform and threat types; warn users before they click links that may lead to infected pages; and prevent users from posting links to known infected pages.

On Friday, Google released a reference client implementation of the new API. Written in Go, it offers a Safe Browsing HTTP proxy server, which supports JSON, Google explains. The implementation is available on GitHub, while additional details on Safe Browsing API version 4 are available on Google’s developer website.

Related: Google to Soon Kill SSLv3, RC4 Support in Gmail

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.