This incompetence is … olympic? Took them just 2 days to pop this up again. Instructions they give on how "to fix this problem":
"Check the example URLs on the 'Security Issues' page in Search Console. Note that this page displays a list of samples and not an exhaustive list of problematic URLs."
No, indeed no "exhaustive list". It's an EMPTY list, so this advice cannot even be followed 🤦♂️
They shall be trusted to control safety of all Internet & devices? 🤯
Children are naturally curious. You see it in the way they click, explore, open ten tabs just to see what happens.
And honestly, that’s exactly how learning should be. But you can’t expect the internet to know the difference between curiosity and risk.
That’s the tricky part for schools; to protect browsing while students can also explore, just not in the wrong places.
Worth a look: https://scalefusion.com/products/veltar/web-filtering-software-for-schools
New month I guess? 4 weeks since the last fake alert? Can someone please shut down whatever produces all those false positives?!?
Yupp, this time Goog claims we've been hacked. They just don't know where. So I've requested a review now, stating all indicated pages have been cleaned 🤷♂️
Should you still use that "safe" browsing – consider switching it off. Or at least be very skeptic when it shows you something.
"Google Safe Browsing missed 84% of confirmed phishing sites in our dataset. […] Google is, quite literally, hosting phishing attacks on its own infrastructure and not catching them with its own detection tools"
Day 4 again, without any response. Quite a reliable service that: you can rely on it to let you wait. What does that run on, that it takes that long? An Arduino Pico? Needless to say that the alleged malware file does not even exist, and never was malicious.
Filed another review request.
Again: disable that stuff. Seems to have more false positives than real stuff. Especially as entire domains hosting the real stuff (like storage.googleapis.com) are excluded from scan.
Day 4. A response, finally. The usual clown message: Review failed. Well, the "clown message" is the one in the attached graphic: They don't know themselves. Something something link, but they don't know which. Or, in other words: "These URLs host malware or unwanted software downloads: None". 🤦♂️
If that's how reliable their services are, maybe they should NOT hold the keys to the entire Internet (and app stores)? 🤔
I had filed a reevaluation request before I tooted this. 2 days later, no reply yet (why does their bot take THAT long?). Instead I hear, another "fine tool" kicked in: Play "Protect" refuses installation of the allegedly malicious app, and even uninstalls them AUTOMATICALLY, without asking you! https://github.com/sunilpaulmathew/AppVaultX/issues/6#issuecomment-4079105010
Another rather questionable tool you might consider to get rid of (unless you install a lot from "questionable sources").
Of course the review failed (as usual, without a notification mail). Now they pick random APK files: remove one, then it's the next. Until the repo is empty, I guess. Snippet updated.
Disable "Safe" browsing, it's snake oil as you can see. We've been libeled now many times, always false positives. See https://gitlab.com/-/snippets/4909577#notes-on-how-to-disable-google-safebrowsing-in-browsers-on-android for how to disable it.
Of course all our APKs have been scanned, multiple times, with many engines. They're clean. Says even G's own scanner.
Oh my, those clowns again. They cannot even tell servers apart, but want to play the "Safety Police"? What are they doing for a living, by the way (apart from slurping and selling our data)?
Yes, that's the same file as in January. On a different server. But they flag yet another, that does not even have that file. Incompetent folks, they should shut down that "service". Will they ever stop that nonsense?!?
Remember our "experience" with Google Safebrowsing in December 2025/January 2026? And that I doubted the "Safe" in its name? Well:
"Google is, quite literally, hosting phishing attacks on its own infrastructure and not catching them with its own detection tools."
Not catching a single one, that is – see the graphic below (hint: red means missed). But they compensate that by flagging safe sides, no worries 🤦♂️
Izzy
Endpoint Guardian