Malware blocking tools allowed by Google in Any Apps

If you’ve ever wandered onto a sketchy website and gotten a big red notice from Google, that’s all thanks to Chrome’s malware-blocking technology that aims to protect you from sites with potentially harmful materials. In order to expand its safety precautions, Google has just announced the Safe Browsing API, which lets developers incorporate the safeguarding techniques into applications. The API is meant for applications that use built-in web browsers that could potentially link to some unwanted downloads.

With the safe browsing API, developers will be able to warn users before they click on links that may lead to malware-infected pages and also prevent users from posting links to known phishing pages from a website. The API also allows for automatic checking through Google’s suspected phishing and malware software pages for quicker results.

Google explains:

In addition to our constantly-updated malware and phishing data, our unwanted software data is now publicly available for developers to integrate into their own security measures. For example, any app that wants to save its users from winding up on sites that lead to deceptive software could use our API to do precisely that.

It might be awhile before we see apps support this feature, but the precautions are now available for anyone who’d like to offer its users some more protection. If you’re a developer that would like to learn more about the new API.

Also See: Get Rid of Tiny Contact Thumbnails with Clarity for Xposed

Choosing the Right API

Safe Browsing API v3 advantages:

• Privacy: API users exchange data with the server using hashed URLs, so the server never knows the actual URLs queried by the clients.
• Response time: API users maintain a local cache of the hashed URLs in our suspected phishing, malware, and unwanted software lists; they do not need to query the server every time they want to check a URL.

The major drawback of the Safe Browsing API v3 is its implementation complexity.

Safe Browsing API v3 users need to:

• Be aware of the internal structures of how the server stores hashed URLs in the phishing, malware and unwanted software lists, and implement the hashing and suffix/prefix expressions.
• Periodically update their local cache of the hashed URLs. If there are updates, they also need to download the new lists of hashed URLs.
• Download and compare the full hash value of URLs that are hit in the local cache.
• Canonicalize the URLs.

Safe Browsing Lookup API advantage:

• Simple to implement: API users send a HTTP GET or POST request with the URLs, and the server responds with the state of the URLs.

Safe Browsing Lookup API drawbacks:

• Privacy: URLs are not hashed, so the server knows which URLs API users look up.
• Response time: Every lookup request is processed by the Safe Browsing server. We don't provide guarantees on lookup response time.

Conclusion: If you are not too concerned about the privacy of the queried URLs, and you can tolerate the latency induced by a network request, consider using the Safe Browsing Lookup API since it's much easier to implement. Otherwise, the Safe Browsing API v3 may be a better choice for you.