a.x61.sh

Is google really behind the search.app domain?
from MoondropLight@thelemmy.club to privacy@lemmy.ca on 15 Aug 2024 22:06
https://thelemmy.club/post/15904271

Recently links shared to me from IOS users using the google app have been obfuscated with search.app/SOMEUNIQUECODE where the app redirects to the originally intended website, but, of course, the person clicking the link is revealed to the owners of search.app.

Does anyone have IOS + google and can confirm this behavior? search.app has no home page and no documentation or reporting about it that I could find (other than that it’s a firebase app). The domain was registered to MarkMonitor Inc. in September of last year. But It’s not clear to me what MarkMonitor’s business actually is–it seems like they could just have registered it on behalf of someone.

#privacy

threaded - newest

sugar_in_your_tea@sh.itjust.works on 15 Aug 2024 22:40 next collapse

Yes, it’s Google:

Registrant Organization: Google LLC

You can get more details if you run whois on your machine (this is about half of the output):

refer:        whois.nic.google

domain:       APP

organisation: Charleston Road Registry Inc.
address:      1600 Amphitheatre Parkway
address:      Mountain View CA 94043
address:      United States of America (the)

contact:      administrative
name:         TLD Admin
organisation: Google Inc.
address:      111 8th Avenue
address:      New York NY 10011
address:      United States of America (the)
phone:        +1 404 978 8419
fax-no:       +1 650 492 5631
e-mail:       iana-contact@google.com

contact:      technical
name:         TLD Engineering
organisation: Google Inc
address:      76 Ninth Avenue, 4th Floor
address:      New York NY 10011
address:      United States of America (the)
phone:        +1 404 978 8419
fax-no:       +1 650 492 5631
e-mail:       crr-tech@google.com

nserver:      NS-TLD1.CHARLESTONROADREGISTRY.COM 2001:4860:4802:32:0:0:0:69 216.239.32.105
nserver:      NS-TLD2.CHARLESTONROADREGISTRY.COM 2001:4860:4802:34:0:0:0:69 216.239.34.105
nserver:      NS-TLD3.CHARLESTONROADREGISTRY.COM 2001:4860:4802:36:0:0:0:69 216.239.36.105
nserver:      NS-TLD4.CHARLESTONROADREGISTRY.COM 2001:4860:4802:38:0:0:0:69 216.239.38.105
nserver:      NS-TLD5.CHARLESTONROADREGISTRY.COM 2001:4860:4805:0:0:0:0:69 216.239.60.105
ds-rdata:     23684 8 2 3a5cc8a31e02c94aba6461912fabb7e9f5e34957bb6114a55a864d96aec31836

whois:        whois.nic.google

status:       ACTIVE
remarks:      Registration information: https://www.registry.google

created:      2015-06-25
changed:      2020-04-20
source:       IANA

towerful@programming.dev on 15 Aug 2024 22:48 collapse

TL;dr:
My discovery process is kinda listed below.
slashgear.com/google-android-app-beta-makes-it-ea…

MarkMonitor.

Corporate Domain Management

Your brand portfolio is exceptional. Shouldn’t your domain management service be the same?

Looks like they are a domain squatter, buying up domains and selling them at ridiculous prices.
They have a page showing some domains they have for sale www.markmonitor.com/…/top-level-domains/
But I don’t see search.app listed. Doesn’t mean they don’t own it tho, or perhaps they managed the acquisition of it.
It’s strange, because it seems like Google Domains is the registrant:
Registrant Organization: Google LLC.
Maybe MarkMonitor owned it and leased it to Google?

search.app.goo.gl probably also points to the same firebase app: websecblog.com/…/bypassing-firebase-authorization…

Both the Google subdomain and the TLD point to firebase hosting.

Firebase is essentially free hosting (and some Backend as a Service things).
I can’t find any details on who is behind it tho, and I don’t think there is any way to publicly find those details.
I’m guessing it’s some sort of link obfuscation or shortener service.

It might be that it is an official Google service for their apps, which is why they are the registrant.

Ah, found something:

slashgear.com/google-android-app-beta-makes-it-ea…