Skip to main content

Google sneaks in upgrade of Safe Browsing API, says it’s been guarding some users for months

Trusted Contacts
Google’s Emily Schechter and Alex Wozniak, of its Safe Browsing team, said on Friday that new versions of the Safe Browsing APIs (v4) are available. Safe Browsing essentially collects and provides a list of suspected unsafe sites on the internet so that devices surfing the world wide web are halted in their tracks before they access a suspicious, possibly malicious site. Safe Browsing also alerts websites if they’ve been hacked, and provides information on how to clean up the problem.

The first set of Safe Browsing APIs provided for developers was released back in 2007. Since then, web surfers have shifted away from primarily using desktops and notebooks for accessing the Internet to depending on tablets and smartphones on a day-to-day basis. Because of that, Google has optimized Safe Browsing for the mobile device user, providing maximum protection “per bit” to ultimately save everyone time and money.

Safe Browsing currently protects more than two billion internet-connected devices worldwide. The new version of the protocol actually launched in December by way of the Safe Browsing client baked into the Android version of Google’s web browser, Chrome, as of version 46. This client is part of the company’s overall Google Play Services suite, and reportedly protects Google’s Android Chrome customers by default.

This new APIs (aka application program interface) essentially let Android developers insert access to the Safe Browsing service within their Internet-connected apps. This prevents developers from having to create their own Version 4 clients, and fills in the gap until Google releases actual device-local APIs in the near future.

The Safe Browsing APIs consist of a simple Lookup API and a more complex Update API. For the former, apps using this API can send URLs to the Safe Browsing server to see if they’re safe or unsafe. The drawback to using this API is that URLs are not hashed, and there’s no guarantee of how long these URL investigations can take on the server end.

The latter solution, the Update API, actually allows apps to download encrypted versions of the Safe Browsing lists for local, on-device URL checks. This API is used by Chrome, Safari, and Firefox, and not only exchanges data with the server using hashed URLs, but speeds up the response time because URL checks are done locally. The drawbacks to this solution include having to create a local database, and the need to know how to deal with complex URL checks.

“Version 4 clients can now define constraints such as geographic location, platform type, and data caps to use bandwidth and device resources as efficiently as possible,” the team said in Friday’s blog. “This allows us to function well within the much stricter mobile constraints without sacrificing protection.”

With the release of Version 4, the older Version 3 set of Google’s Safe Browsing APIs is now depreciated, and thus all Safe Browsing API customers should switch over to the new version. However, Google said that it will continue to support clients using Version 3 until early 2017. No actual termination date was provided.

Developers wanting to integrate Safe Browsing into their apps can check out a reference client implementation of the Version 4 APIs written in Go here, which also includes a Safe Browsing proxy server supporting JSON. Developers can sign up to use Safe Browsing APIs by grabbing a key here.

Editors' Recommendations