Security Experts:

Google Optimizes Safe Browsing API for Mobile

Google on Friday announced a new version of its Safe Browsing API and a focus on maximizing protection for both mobile and desktop users.

Initially designed to provide developers with access to the company’s lists of suspected unsafe sites, Safe Browsing has evolved into a protection mechanism for users around the world. Over the past few years, Google has made several improvements to Safe Browsing, which now includes alerts for potentially unwanted programs (PUPs).

Over time, the company has made various enhancements to Safe Browsing, expanded it to the Chrome browser, including the Android version, and added it to Google Search. Just last month, the company announced a series of Safe Browsing improvements for network admins.

“Safe Browsing protects well over two billion internet-connected devices from threats like malware and phishing, and has done so for over a decade,” Emily Schechter and Alex Wozniak, Safe Browsing Team, note in a blog post.

Last week, the Internet giant launched the fourth Safe Browsing API version over a nine-year period, after making the first API version available in 2007. Along with the availability of Safe Browsing API version 4, Google announced that it is starting the deprecation process for v2-3. Developers are encouraged to transition from the older protocol versions to the newly announced one as soon as possible.

According to Google, the great increase in mobile device use for accessing the Internet was one of the reasons a new API version was needed given the constraints of mobile devices, including limited power, network bandwidth, and costs of cellular data.

Safe Browsing protocol version 4 has been optimized for this new environment, with Google focusing mainly on maximizing "protection per bit" for all Safe Browsing users, mobile and desktop alike. Clients using the new API can define constraints such as geographic location, platform type, and data caps for an efficient use of device resources and bandwidth, thus ensuring maximum protection within the stricter mobile constraints.

Additionally, Google revealed that the new protocol has been implemented in the Safe Browsing client on Android since December and that Chrome 46 for Android was the first app to use it. The Internet company also explains that it is making a device-local API available for Android developers so that they won’t have to implement their own version 4 client. As a result, a single, up-to-date instance of Safe Browsing data would be present on a device, which will also ensures a minimum use of resources.

The new device-local API is not available as of now, but Google plans on releasing it as soon as possible. In the meantime, using Safe Browsing Version 4 API directly allows developers to check pages against the Safe Browsing lists based on platform and threat types; warn users before they click links that may lead to infected pages; and prevent users from posting links to known infected pages.

On Friday, Google released a reference client implementation of the new API. Written in Go, it offers a Safe Browsing HTTP proxy server, which supports JSON, Google explains. The implementation is available on GitHub, while additional details on Safe Browsing API version 4 are available on Google’s developer website.

Related: Google to Soon Kill SSLv3, RC4 Support in Gmail

view counter