A dev recently discovered a browser built into the settings (for any google app that lets you edit settings). From there you can bypass parental controls or enterprise restrictions.

This is a pretty exciting “extra feature”, Google!

  • TWeaK
    link
    fedilink
    251 year ago

    This isn’t a secret browser, it’s Android System Webview - the system browser apps use when they aren’t a browser.

    What they’ve found here is a route to google.com from a webview page accessed from within the settings.

    • @wet_lettuce@beehaw.orgOP
      link
      fedilink
      51 year ago

      100% but I believe these are typically locked down to one domain, and in this case its not.

      At least thats how I understand it. So I guess the article is a little misleading in that sense, but the net effect is the same. You have carte blanche access to the web, via android system webview, thats acting as a de-facto out-of-band browser. So its misconfigured or not locked down, which means you can use it effectively as a “hidden” browser.

      • TWeaK
        link
        fedilink
        51 year ago

        ASW isn’t locked down to any domains though, it’s just a basic browser, one that typically doesn’t let you type in a url to go to any other domains. It’s not locked down, you’re just limited in how you can navigate.

        What happened here is someone managed to navigate from one page to another page and then another, in order to ultimately get to google.com and search for whatever page they wanted. The initial web pages presented linked outside of what it maybe should have.

        Whether ASW should be under parental controls is another matter. Apparently it isn’t (at least not parental controls that affect only installed browser apps) but that could have valid functional reasons behind it.

    • @sznio@beehaw.org
      link
      fedilink
      1
      edit-2
      1 year ago

      I think the mm object is the most worrying thing about this, not the fact that it’s a standard WebView.