I recently discovered a secret browser located inside the “Manage my account” popup that Android has in various apps (quite important apps, such as Settings, and all Google suite apps). The browser even bypasses parental control!
A secret browser that is entirely different from whatever browsers you have installed on your Android device? I’m sure that won’t present any problems whatsoever.
Then you have two methods which I don’t know what they do, but they sound scary. As this is a secret-browser of the ‘on-device encryption’ feature, I can guess, they are both used to set your local encryption keys. So it looks like a malicious website can put their keys there, and try to make you pay for them!
I think this is the time to tell you that I already reported this to Google, and they say this is not a security vulnerability (probably because this secret browser is not very popular), and that the parental control bypass is the “Intended Behavior”.
Oh. Good.
I don’t see where he did anything that break parental controls or that those JS functions he admits he doesn’t know the functionality of can actually be used for what he’s suggesting.
I’d guess this is something that rather involves being on the other side of this airtight hatchway.
Interesting. Was not able to replicate this on my Unihertz Titan.
Could it be that the secret browser is not present in Android 10 …?
Or is it most likely not accessible because I never have an account configured on my Android phones ….?
[ GooglePlay disabled. All my apps are side-loaded, mostly from F-Droid ]
This appears to be the nothingest of nothing burgers.