Brave-browser: [Android] https://[%2A.]firebase app.com in allowed cookies

Created on 11 Sep 2020  路  4Comments  路  Source: brave/brave-browser

Description

Report from community https://community.brave.com/t/found-https-2a-firebase-app-com-in-allowed-cookies/154373

Steps to reproduce

  1. Go to settings
  2. Click on site settings
  3. Click on all sites or cookies
  4. https://[%2A.]firebase app.com is in both all sites and allowed cookies and cannot be deleted.

Actual result

https://[%2A.]firebase app.com is in both all sites and allowed cookies and cannot be deleted.

Expected result

Not set any cookies by default

Issue reproduces how often

Easy

Version/Channel Information:

  • Can you reproduce this issue with the current Play Store version? Yes
  • Can you reproduce this issue with the current Play Store Beta version? Yes
  • Can you reproduce this issue with the current Play Store Nightly version? Yes

Device details

  • Install type (ARM, x86): ARM
  • Device type (Phone, Tablet, Phablet): Phone
  • Android version: 10

Brave version

1.12.113

Website problems only

  • Does the issue resolve itself when disabling Brave Shields? NA
  • Does the issue resolve itself when disabling Brave Rewards? NA
  • Is the issue reproducible on the latest version of Chrome? NA

Additional information

OAndroid QYes bug closeduplicate needs-investigation privacy release-noteinclude
Source
picture srirambv
👍1

All 4 comments

This is not just on Android. I see this on Desktop as well.

urbenlegend picture urbenlegend on 11 Sep 2020

Found out what's causing it on Desktop at least. If you enable Allow Google login buttons on third party sites, these cookie rules will show up in the Allow section. If you turn it off, those rules disappear.

However, I can not find the equivalent option on mobile.

urbenlegend picture urbenlegend on 11 Sep 2020

This is not a bug, its intentionally tied to google auth, since firebase depends on google for auth (in other words, you can only auth with a firebase app in most cases with a google login button) This was discussed in: https://github.com/brave/brave-core/pull/5952 . We can reopen of course if needed, but wanted to at least provide that as background.

There is already an issue for adding UI to control this (and other privacy settings) in android too #9536. If this is getting more user attention / notes, maybe that should be prioritized higher?

Also, fwiw, these kinds of intentional-but-maybe-unexpected-connections should be much less needed once #8514 lands.

TL;DR; i think this issue is a duplicate and can be closed, mostly because the actionable parts are either existing-intentional choices, or covered by other issues.

pes10k picture pes10k on 15 Sep 2020
👍1

I'm going to close this issue for the reasons described above, but thanks much to @srirambv for reporting and for @urbenlegend for adding the details. I'll also note in https://github.com/brave/brave-browser/issues/9536 that the feature is being requested / useful for community raised issues too. Thanks all!

pes10k picture pes10k on 15 Sep 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bbondy picture bbondy  路  3Comments
bbondy picture bbondy  路  3Comments
bsclifton picture bsclifton  路  3Comments
Sondro picture Sondro  路  3Comments
moritzhaller picture moritzhaller  路  3Comments