Android has a secret browser that lets you bypass lockdown mode and parental controls



Android has a 'lockdown mode' that disables fingerprint authentication and facial recognition authentication in order to increase the security level of the lock screen. Programmer matan-h reports that Android has a secret browser that can bypass this lockdown mode and parental controls.

Google has a secret browser hidden inside the settings - Matan-h

https://matan-h.com/google-has-a-secret-browser-hidden-inside-the-settings/

Google has another secret browser - Matan-h
https://matan-h.com/another-secret-browser

According to matan-h, this browser is used to display the privacy policy from the settings screen, and is different from web browsers such as Chrome. When matan-h tried it, he was able to access YouTube and play the video.



This browser does not leave any history and automatically logs you out of the Google account you were logged in at when the session ends, making it a fairly private browser. Also, parental controls that allow parents to restrict browsing can be ignored. However, using 'Back' returns you to the settings screen, so it seems that it is not very convenient to use.

Furthermore, matan-h discovered that a JavaScript object called 'mm' is running in this browser. Examining the contents of this object reveals that it consists of three functions, two of which are probably used to set local encryption keys, leading to a security vulnerability. says Mr.



When matan-h, who discovered this browser, reported it to Google, Google replied, ``This is not a security vulnerability, and being able to ignore parental controls is intended behavior.'' He said.



However, when Mr. matan-h published this issue on his blog in June 2023, three days after the article was published, Google contacted him saying, ``We will reconsider your report.''



Furthermore, in February 2024, matan-h discovered a way to launch the browser from the Contacts app. In lockdown mode, only the emergency call function and the 'Contacts' app can be used, but it seems that it was possible to start the browser from the website link registered in this 'Contacts'.



Matan-h also reported this issue to Google. However, Google seems to have merged the ``issue that allows users to bypass lockdown mode'' with the ``issue that allows users to bypass parental controls'' reported in June 2023, and did not respond. Additionally, Google responded, 'Any issue that allows you to bypass Android's lockdown mode is the intended behavior.'



In addition, Google seems to have sent a message saying, ``This issue has been closed because it may overlap with another issue.'' matan-h commented, ``We hope you enjoy the secret browser that cannot be tracked.''

in Software, Posted by log1i_yk