developers.google.com/safe-browsing/ is good documentation on how the Safe Browsing API used by browsers (Chromium, Firefox, Safari, etc.) works. It searches a database based on a truncated hash (4 bytes) of a canonicalized URL. It leaks some information, but doesn't send URLs directly.
Conversation
Safe Browsing isn't currently supported by GrapheneOS and won't be enabled by default with the standard approach. It leaks too much. I haven't done anything to intentionally break it and wouldn't mind it as an optional feature, but the default mobile approach uses Play Services.
2
4
Some work would need to be done to set up the alternate mobile implementation. Enumerating badness is not a workable approach to security so this hasn't been a priority. I also don't think the attempt at providing privacy is good enough. How large is the entire database anyway?
Replying to
I'm curious if it's feasible to just regular scrape the entire Safe Browsing database and then download the full database from a GrapheneOS server on a regular basis. The standard approach seems to trend towards that anyway... and updates to the database can be done via deltas.
3
3