What does happen for me is I often fat-finger, to hit one icon and get the neighboring one. But I have never seen anything remotely similar to that. At all. I wonder if it’s asking you to install the app?
Ah, yeah DDG uses the google browser engines. That could easily explain the different behavior.
It appears to be trying to force the download of the tiktok .apk directly - I haven’t compared the hashes but at least that’s what the names indicate. But the download, and the inserting random strings into my clipboard, happens without interaction a few seconds after the page loads. It’s very odd behavior to see from a legit site.
Ah, yeah DDG uses the google Being browser engines.
From your screenshot, you had the choice to reject. I don’t know what Chinese law is about stuff like that, so I’m not going to speak on it, other than to say that firstly, I imagine it’s the Chinese version of tiktok, and secondly, almost every popular social US social media, not to mention website do it, including banking sites. I don’t like it, and I’m not saying it’s a legitimate way of doing business, but it’s certainly not any different than US websites.
Ah, yeah DDG uses the google Being browser engines.
I think there’s confusion about what we’re talking about:
DDG the web page search engine uses the bing crawler.
DDG the web browser, which is contemporary to firefox uses webkit and blink
Yeah, but that it’s a rejectable download isn’t really the issue here. That it’s, unprompted, trying to get me to sideload a random .apk at all and hijacking my clipboard is the problem.
I’m curious what western social media apps have attempted to directly download the .apk onto your device - I’ve had plenty that throw up splash pages that redirect me to google play store, but no legitimate site has ever unprompted served me a raw .apk before. That’s behavior you find on the AI slop sites that are just long strings of search terms to try and get you to click on them.
Oh, very different thing. When that happens it’s just asking permission for an applink query - which is just a flag that tells the user’s OS to check and see if any currently installed apps are associated with a given URL and then passes it to that app if there is one.
It’s very different from trying to get the user to sideload an entire app. “Open in app” is not really a threat vector, but installing random unverified .apk is the threat itself.
Google Play very much is a large threat vector. And I see it no differently than the photo you showed. At least on f-droid, the code for apps is examinable, where even if one isn’t a programmer/hobbiest, they have the option of asking someone they trust to audit the code. On Google Play, you get the developer’s “lol trust me, bro!”
As an example, one app consistently has hundreds of tracking attempts by a notorious, very intrusive website, and I’m extremely grateful I can see that and block it; and uninstall the app because NOT Google and NOTthat (sneaky, evil, in disclosing) dev told me. Another dev of a different appdid.
So the difference is, you were pre-asked and had the option to refuse.
That might explain the difference, what browser are you using?
DDG, strict permissions management.
What does happen for me is I often fat-finger, to hit one icon and get the neighboring one. But I have never seen anything remotely similar to that. At all. I wonder if it’s asking you to install the app?
Ah, yeah DDG uses the google browser engines. That could easily explain the different behavior.
It appears to be trying to force the download of the tiktok .apk directly - I haven’t compared the hashes but at least that’s what the names indicate. But the download, and the inserting random strings into my clipboard, happens without interaction a few seconds after the page loads. It’s very odd behavior to see from a legit site.
From your screenshot, you had the choice to reject. I don’t know what Chinese law is about stuff like that, so I’m not going to speak on it, other than to say that firstly, I imagine it’s the Chinese version of tiktok, and secondly, almost every popular social US social media, not to mention website do it, including banking sites. I don’t like it, and I’m not saying it’s a legitimate way of doing business, but it’s certainly not any different than US websites.
I think there’s confusion about what we’re talking about:
Yeah, but that it’s a rejectable download isn’t really the issue here. That it’s, unprompted, trying to get me to sideload a random .apk at all and hijacking my clipboard is the problem.
I’m curious what western social media apps have attempted to directly download the .apk onto your device - I’ve had plenty that throw up splash pages that redirect me to google play store, but no legitimate site has ever unprompted served me a raw .apk before. That’s behavior you find on the AI slop sites that are just long strings of search terms to try and get you to click on them.
I usually get “open in app” dialogue.
Oh, very different thing. When that happens it’s just asking permission for an applink query - which is just a flag that tells the user’s OS to check and see if any currently installed apps are associated with a given URL and then passes it to that app if there is one.
It’s very different from trying to get the user to sideload an entire app. “Open in app” is not really a threat vector, but installing random unverified .apk is the threat itself.
Google Play very much is a large threat vector. And I see it no differently than the photo you showed. At least on f-droid, the code for apps is examinable, where even if one isn’t a programmer/hobbiest, they have the option of asking someone they trust to audit the code. On Google Play, you get the developer’s “lol trust me, bro!”
As an example, one app consistently has hundreds of tracking attempts by a notorious, very intrusive website, and I’m extremely grateful I can see that and block it; and uninstall the app because NOT Google and NOT that (sneaky, evil, in disclosing) dev told me. Another dev of a different app did.
So the difference is, you were pre-asked and had the option to refuse.
I’m sorry, I don’t think I understand what you mean here.