- cross-posted to:
- android@lemmy.ml
- technews@radiation.party
A dev recently discovered a browser built into the settings (for any google app that lets you edit settings). From there you can bypass parental controls or enterprise restrictions.
This is a pretty exciting “extra feature”, Google!
You must log in or register to comment.
This is kinda funny. During a family vacation as a kid, I went down to the hotel business center to use a computer kiosk but it required payment. I was bored so I was clicking around on the locked screen’s hotel logo and got to their company about page, and a bit more link clicking eventually got me out of the company’s website and to a google search page. I browsed for free for what seemed like an hour and did it again the next day before we went home.
boredom has made me the man I am today, its tough now a days to get bored and not pull out your phone and browse lemmy instead of doing your hobbies
I have a memory of something similar at a travel tourism kiosk. Kiosk was locked to their webpage. Right clicked an image, chose “save as”, navigated to something with a folder, right clicked and chose “Open in New Window” (might be misrembering – older version of windows) to pop up Windows Explorer. Windows Explorer, at the time, embedded Internet Explorer 4 if you typed a URL in the address bar, so off the races I was.
Life before smartphones, man.
The older versions of IE back in the Windows 9X era would essentially turn into Windows Explorer if you put a local file path into them. I remember using this exploit back in the day on our school computers that ran a locked down version of Windows where you couldn’t browse anything in Windows Explorer beyond your personal network folder. I found that by typing C:/ into the IE address bar it would turn IE into Windows Explorer mode and from there I had full access to the C drive and could even open up the folder tree sidebar thing and browse the local network, finding all sorts of folders that I wasn’t supposed to be able to access.
Right! Just typing C:\Windows\command.com in the address bar was usually enough to completely control a system :)
That is evil genius and I love it.
Haha, yes! Sounds about right. Someone could create a puzzle game where you trying to escape a vendor kiosk and it gets progressively more complex as you go on.
I took every chance at exploiting internet browsing kiosks for free access before the age of smartphones 😅
This isn’t a secret browser, it’s Android System Webview - the system browser apps use when they aren’t a browser.
What they’ve found here is a route to google.com from a webview page accessed from within the settings.
100% but I believe these are typically locked down to one domain, and in this case its not.
At least thats how I understand it. So I guess the article is a little misleading in that sense, but the net effect is the same. You have carte blanche access to the web, via android system webview, thats acting as a de-facto out-of-band browser. So its misconfigured or not locked down, which means you can use it effectively as a “hidden” browser.
ASW isn’t locked down to any domains though, it’s just a basic browser, one that typically doesn’t let you type in a url to go to any other domains. It’s not locked down, you’re just limited in how you can navigate.
What happened here is someone managed to navigate from one page to another page and then another, in order to ultimately get to google.com and search for whatever page they wanted. The initial web pages presented linked outside of what it maybe should have.
Whether ASW should be under parental controls is another matter. Apparently it isn’t (at least not parental controls that affect only installed browser apps) but that could have valid functional reasons behind it.
It’s even listed in the apps section in the settings app.
I think the
mmobject is the most worrying thing about this, not the fact that it’s a standard WebView.
Curious if someone in an abusive relationship could use this trick if their phone was being monitored. If the abuser was just monitoring them with the phone’s parental controls this would work but if there was an app probably not?
the was a news here on lemmy where someone got in prison because the local county has put some malware in the phone. It logged a single request to Pornhub, so the guy bail was revoked
Not his phone. There are circumstances where that would be defensible.
They put their malware on his wife and kids’ phones.
Extremely fucked up.
Unfortunately, it’s hard to discover this trick on its own, unless you’re already clever enough to find other ways around it.
Lol, sort of confession time. I was writing an essay for a major exam once, and I tried using Word’s built-in search function just to see if it would work. It did, and nobody was the wiser.
I didn’t actually cheat; I didn’t need to. But, I felt proud for figuring out a way I could have, haha.
That’s still pretty bad. I’m surprised google didn’t think so.