Google has left Android customers puzzled after the newest replace to the Google cellular app causes hyperlinks shared from the app to now be prepended with a mysterious “search.app” area.
Because the Google app is a well-liked portal for looking out the net for Android customers and delivers a personalised content material information feed known as Google Uncover, it has sparked concern amongst those that observed the brand new hyperlinks.
What are these mysterious search.app hyperlinks?
On November 6, 2024, Google rolled out its an Android model 15.44.27.28.arm64 of its app.
Ever since then, hyperlinks considered in Google’s in-app Chromium browser, when shared externally, are being prepended with a “search.app” area.
BleepingComputer observed the behaviour shortly after updating our Google app and we admit, the sight of a mysterious area left us alarmed at first. Was our system compromised by adware?
(BleepingComputer)
Our considerations are echoed by different customers on Reddit this week.
“Not too long ago (few days in the past), I observed that every hyperlink shared from the Google in-app net browser makes use of the ‘search.app’ area,” asked Reddit person danilopiazza.
“For instance, attempting to share the hyperlink to the Reddit entrance Web page, I get: https://search.app?hyperlink=httpspercent3Apercent2Fpercent2Fwww.reddit.compercent2F&utm_campaign=…&utm_source=…”
“Is that this a brand new function from the Google app?”
A reader responded, “It looks like it. I am getting this too. At first I believed I used to be one way or the other contaminated with some sort of malware, or one way or the other some setting unbeknownst to me acquired modified.”
Comparable posts have emerged from others.
BleepingComputer noticed hyperlinks being shared by way of social media posts on X and Facebook by way of Google’s Android app this week are bearing the “search.app” area too:
(BleepingComputer)
Is search.app protected?
Put merely, search.app is a URL redirector area, very similar to t.co utilized by X (previously Twitter), Google’s g.co, or Meta’s m.me.
Prepending hyperlinks with “https://search.app?hyperlink=” offers Google enhanced visibility into how hyperlinks are being externally shared by the Google app customers and who are clicking on these hyperlinks (i.e. referrers).
Along with gathering analytics, by putting itself between customers and exterior hyperlinks by utilizing the “search.app” area, Google now has the power to dam visitors to phishing or hacked domains, ought to a web site go rogue, or within the occasion that customers are mass-sharing questionable content material with one another (akin to a rip-off web site).
In our exams, navigating to go looking.app instantly took us to an “Invalid Dynamic Hyperlink” web page with a Firebase brand.
(BleepingComputer)
Firebase was acquired in 2014 by Google and has since become “Google’s cellular growth platform that empowers you to shortly construct and develop your app.”
We observed the same display screen when navigating to Google’s one other area: https://search.app.goo.gl/
Paradoxically, Firebase Dynamic Hyperlinks are deprecated and set to be shut down by August 2025.
WHOIS data for each search.app and goo.gl present Google LLC because the registrant group and MarkMonitor because the registrar.
Granted, in keeping with our evaluation, the search.app redirector URLs seems to be protected and formally operated by Google, the sheer lack of documentation surrounding the area is odd, as is the lack of its point out in public changelogs of Google’s open supply initiatives, akin to Android or Chromium.
The rollout of the search app replace is certain to alarm much more customers within the coming days who could marvel if their system is behaving erratically or has been compromised by malware.
Is that is Google’s try at imitating Apple Information which prepends links to external stories with https://apple.information?
Prior to now, Google Chrome’s use of strange GVT1.com domains has drawn the scrutiny of even essentially the most expert researchers as a result of lack of public documentation surrounding these domains.
BleepingComputer approached Google for remark upfront of publishing and we’re awaiting a response.
