Are links beginning with search.app safe?
Usually, when you share a link from an Android device, you should get an option to share the actual link. If you want to share a Ghacks page, you should see https://www.ghacks.net/ in the beginning.
Some services change that. They may use their own URL shorteners or services. The main reason for that is that they get more control over the sharing. Whenever a user clicks on the link or shares it, they get information about it.
For the last few days. usage of links beginning with search.app have skyrocketed.
Here is what you need to know about it:
- The links are generated by the official Google app for Android. It is possible that other Google apps do or will create search.app links as well when sharing.
- https://search.app? prepends the actual link that is shared.
- The links are safe from a security point of view. Privacy-wise, they give Google more information about the sharing.
Did you know? Google is deleting all links of its initial URL shortener service goo.gl.
When you share a link in the Google app, which you do with a tap on the share icon, you will automatically share with search.app prepended. There appears to be no option to disable that. Google owns the domain.
If you want to share the Ghacks homepage, you get https://search.app/?link=https%3A%2F%2Fwww.ghacks.net%2F&utm_campaign=aga&utm_source=agsadl2%2Csh%2Fx%2Fgs%2Fm2%2F4 instead of the much smaller https://www.ghacks.net/.
Note the Google Analytics campaign parameters that are appended to the shared address.
Google has not announced the feature officially. We contacted Google for comment, but have not heard back from the company at the time of writing.
The most likely explanation for the change is that it gives Google more data. In particular, it allows Google to collect the following information:
- On which sites or in which services the link is shared.
- Information about users who access it. This includes the IP address, browser, app, language, and other information.
Also good to know: Search.app has nothing to do with Search App Search, which was a browser hijacker some years ago.
We are not the only ones that noticed that. Bleeping Computer noticed an increase as well, and there are plenty of posts on Reddit and other sites about it already.
What you may do about search.app links
You have two main options:
- Instead of selecting Share, select Menu > Copy Link. This copies the actual link without search.app added to it.
- Use a real browser and not the Google app on Android. Use any browser, Firefox, Brave, Vivaldi, or even Chrome, and you will notice that sharing will always share the exact address of the resource.
Closing Words
If you value privacy, you may want to make sure that you do not share any search.app links. These links serve just a single purpose: to collect data about the shared link and who is opening it.
Have you encountered search.app links already? What is your take on this? Do you use the Google app at all? Feel free to leave a comment down below.
It’s spyware url to collect your data
The links I share from Mull, Cromite, and Vivaldi on Android are all clean automatically…
Use Quad9 DNS on Android. If the .app links are malicious, they will be blocked by Quad9. And use Brave Browser on Android as it has built-in adblocker that will also block malicious stuff. Use both in combination.
How to setup Quad9 DNS on Android: https://docs.quad9.net/Setup_Guides/Android/Android_9%2B_%28Encrypted%29/
Brave Browser: https://play.google.com/store/apps/details?id=com.brave.browser&hl=en-US
Am I the only one who uses AdBlock Browser on my android?
https://play.google.com/store/apps/details?id=org.adblockplus.browser&hl=en-US
This presumably only applies to links you’ve searched for on a browser and not for using the share button for a photo I’ve already got on my phone that I want to share with somebody else.
Other than that, I don’t use a browser on my phone although I do have Firefox installed on it primarily so that I can disable Google Chrome. Instead I use Firefox on my laptop and then use TinyURL to shorten and then copy to the app I want to use (Line or Signal) to send the link to the recipient on my phone.
Simply Share the URL With freeware app URLCheck at githib and f-droid. it’s not perfect but if you tap parameters on the app’s popup it will then prsent you with the clean link to whivh you can then choose to whatever associated app/browser is supported/available.
I have a feeling that this parameter can specifically be added to the url cleaner module under the advanced editor to streamline the process but I have not tried that myself yet.
“using a real browser” wil not work if someone is sharing the link and you click on it.
For example, Brave has a feature called Debounce and this can be avoided pretty easy if/when they update the list which is found in adblock-lists repository.
The feature will just not allow the browser to connect to seachapp and just bypass it and go to the real link.
This could also be done by any user on Brave on any desktop or a rooted phone, all you need to do is modify the debounce.json in afalakplffnnnlkncjhbmahjfjhmlkal folder in the Brave’s User Data and you just add “*://*.search.app/?*” to the section of the json file that has the “param”: “link” with “*://*.getprice.com.au/prodhits.aspx?*”
so it looks like
{
“include”: [
“*://*.getprice.com.au/prodhits.aspx?*”,
“*://*.search.app/?*”
],
“exclude”: [
],
“action”: “redirect”,
“param”: “link”
},
pretty easy. Brave made it easy to modify the adblocker and other features through the json files and all that. Of course, if the components gets updated you will have to re-add the modifications, and that’s why people should make PRs or at least write an issue to Brave repository about it, so this gets added for everyone.
And then if anyone every shares that type of link, you will not worry about connecting to the domain, which obviously will get your IP and all that.
No smartphone here (only a mobile) hence no search.app.
Regarding shortened links (best known ones) I redirect them to an online link expander,
either https://www.expandurl.net/
either https://linkunshorten.com/
Regarding long links I wish to shorten, it”l be,
either https://is.gd/
either https://tinyurl.com/
https://create.hatl.ink/
Link shorteners may be particularly zealous when getting the true destination url to transit via several servers :
For instance, consider this BBC url found on Twitter : https://bbc.in/3YIlK6Q
ExpnadURL.net expands the url and provides the following details :
1- https://bbc.in/3YIlK6Q -> https://trib.al/SCxIeRH
2 https://trib.al/SCxIeRH -> Actual BBC article https://www.bbc.co.uk/news/articles/%5BARTICLE%5D
Why should the user allow intermediary know all about the origin and destination of a user’s traveling?
So just use a link unshortener and make shortened links be redirected to their final destination, either with the help of a redirecting tool such as REDIRECT either with a dedicated extension.
I don’t use Twitter myself but rather Nitter via xcancel.com or nitter.poast.org (both run nicely) and I must say that in my experience, but maybe is this common to all social sites which I never visit, most links to 3rd-party sites available on Twitter are shortened links, which would not be a problem if link shortener services were all clean, which most are not, be it only for marketing reasons. I want to go from A to B without turning around the planet.
“… 2. Use a real browser and not the Google app on Android. Use any browser, Firefox, Brave, Vivaldi…”
I can feel the heat from that burn. :)