An app that acts as a middleman between user and URLs. When user taps on URL link, it presents a menu with various options that allow manipulating links.
Why I think this tool should be added
When selected as default browser app, it can intercept every time user taps on link, preventing unintentional opening of links. It essentially acts as a confirmation button with various options before visiting a link.
Can remove tracking parameters from URLs and redirect to privacy friendly frontends, offering protection against Surveillance Capitalism. This also eliminates need to download 3rd party extensions that do the same thing (e.g. ClearURLs and Libredirect) and trusting devs behind them, preserving browser security while offering convenient way to use privacy friendly frontends. Effectively, it mitigates major security risks of those browser extensions (and in general) (e.g. complete read/write access to websites, access to browsing history) while offering their functionality.
Can redirect http to https, warns if link contains non Latin characters (preventing forms of phishing and the likes of IDN homograph attack - Wikipedia ), allows users to scan links via Virus Total, can bypass URL shorterners via unshorten.me (avoiding security risks of URL shorterners: Why Shortened URLs Pose a Security Risk - Acer Corner ). This means that URL Check can assist in protection against Passive (and possibly Targeted) Attacks.
Very customizable, users can make or import new rules or modify existing ones (e.g. making http to https automatic).
Section on Privacy Guides
General Apps (Android), or a new category named URL Interceptors if needed (might be useful if more apps like this are recommended)
I really don’t think an app that sends every URL you click on to both VirusTotal and unshorten.me is a good idea. Also apps that modify your URLs are a whole other attack surface.
Every browser now has HTTPS-only mode, so upgrading URLs to HTTPS is a useless feature. Trying to avoid the security risk of shortened URLs by adding at least two other parties that change your URL again makes no sense, just don’t use URL shorteners or only use first-party ones.
Firefox also already has the Copy Clean Link feature built in to strip tracking from URLs. Brave removes tracking parameters by default.
Also browsers already have a better anti-malware system called safebrowsing that you can enable if you want to. It only sends a hashed prefix of the site you’re visiting and protects your IP address with OHTTP. Firefox’s version downloads a local list and avoids communicating with Google as much.
It only sends URLs to those sites if the user deliberately taps on modules’ commands. Even then, those (and any of) modules can be completely disabled. Anything can be attack surface, Brave and Ublock Origin (which are both recommended) can also modifiy URLs, so I don’t see the point. Most of it’s modules are manual anyway. Without Virus Total, unshorten.me and Status code it otherwise only needs internet access to update lists (which are downloaded and used locally, so no internet needed to clear URLs or redirect to frontends), which can also be disabled. Apart from all that, it can work offline.
Every browser now has HTTPS-only mode, so upgrading URLs to HTTPS is a useless feature. Trying to avoid the security risk of shortened URLs by adding at least two other parties that change your URL again makes no sense, just don’t use URL shorteners or only use first-party ones.
Not every app is a browser, though. I’ll admit that http to https is more of a nice-to-have, just-in-case thing. Regarding URL shorterners, If I understood well, by using them, you mean just getting through them to get to the actual link. It would be best to avoid visiting any kind of URL shorterners whenever possible, and only unshorten if there’s absolutely no choice. I think there should be a notice or warning regarding this. The app itself also recomends against unshortening links with private and sensitive data, so there should be a notice about that too.
Those two are the only ones (to my knowledge) that clear URLs at the moment. What if someone uses other browser? Would that someone have to download additional browser just to clear parameters? Or download ClearURLs or Unlock Origin which are both browser extensions?
Which (as far as I can tell, correct me if I’m wrong) relies on badness enumeration and limited to just browsers. URLCheck isn’t meant for just browsers, and checks URLs via regex rules, which is the opposite approach. It’s not meant to be a replacement for safebrowsing anyway, since it only checks if the link contains non-Latin characters or not.
This is one of the apps I use everyday. Could even be my most frequently used app. I love how it gives me options to open links in different apps. Sometimes, I don’t want to open a YouTube video link in the YT app so I would just select DDG browser from the dropdown menu. Sometimes I will select grayjay. Same with different links going through different browsers. It’s a very handy tool. Love it.
Not by default. The plugin in question requires user to paste the VT API credentials, and unshorten is disabled by default.
Which obviously doesn’t work outside those browsers.
Your description isn’t accurate at all.
My primary usecase for Url check is to have a convenience of choosing between a couple of browsers across the whole Android. Sometimes i want to open a link with Tor Browser etc.
Now that i think about it, it’s the most used app on my phone.