Google has left Android users baffled after a recent update to the Google mobile app began adding a mysterious “search.app” domain to links shared from the app.
With the Google app serving as a popular tool for web searches and offering a personalized content feed through Google Discover, the change has sparked concern among users who noticed the new link structure.
What are these mysterious search.app links?
On November 6, 2024, Google released version 15.44.27.28.arm64 of its Android app.
Since then, links opened in Google’s in-app Chromium browser are now prefixed with a “search.app” domain when shared externally.
BleepingComputer observed this change shortly after updating our Google app, and we admit that the appearance of this mysterious domain initially caused alarm. Had our device fallen victim to adware?
Google in-app browser prepends links with search.app
(BleepingComputer)
Other users on Reddit have shared similar concerns this week.
“Recently (few days ago), I noticed that each link shared from the Google in-app web browser uses the ‘search.app’ domain,” wrote Reddit user danilopiazza.
“For example, trying to share the link to the Reddit front page, I get: https://search.app?link=https%3A%2F%2Fwww.reddit.com%2F&utm_campaign=…&utm_source=…”
“Is this a new feature from the Google app?”
A reader replied, “It seems like it. I’m seeing it too. At first, I thought I might be infected with some kind of malware or that a setting had changed without my knowledge.”
Similar posts have appeared from other users.
BleepingComputer also noticed that links shared through social media platforms like X and Facebook via Google’s Android app this week are displaying the “search.app” domain as well.
Social media posts to external sites bearing search.app links
(BleepingComputer)
Is search.app safe?
Simply put, search.app functions as a URL redirector domain, similar to X’s (formerly Twitter) t.co, Google’s g.co, or Meta’s m.me.
By adding “https://search.app?link=” at the start of shared links, Google gains greater insight into how links from its app are being shared externally and who clicks on them (via referrer tracking).
Beyond analytics, by positioning itself between users and external sites through the “search.app” domain, Google can now block traffic to phishing or compromised domains, should any site become malicious, or if questionable content—like scam sites—is widely shared among users.
During our tests, navigating directly to search.app displayed an “Invalid Dynamic Link” page with a Firebase logo.
Navigating to search.app directly shows a Firebase landing page
(BleepingComputer)
Google acquired Firebase in 2014, turning it into “Google’s mobile development platform, enabling rapid app growth and development.”
We encountered a similar screen when accessing another Google domain, https://search.app.goo.gl/
Interestingly, Firebase Dynamic Links are deprecated and scheduled for shutdown by August 2025.
WHOIS records for both search.app and goo.gl confirm Google LLC as the registrant organization and MarkMonitor as the registrar.
While our analysis shows that search.app redirector URLs are safe and managed by Google, the absence of documentation about the domain is peculiar, as is its omission from public changelogs of Google’s open-source projects, like Android and Chromium.
As this update rolls out, more users may feel concerned or wonder if their device is malfunctioning or compromised.
Could this be Google’s attempt to imitate Apple News, which also prepends links to external stories with https://apple.news?
Previously, Google Chrome’s use of mysterious GVT1.com domains also raised eyebrows among security researchers due to limited public documentation.
BleepingComputer reached out to Google for comment before publication and is awaiting a response.
Source: BleepingComputer, Ax Sharma
