Google’s Safe Browsing (GSB) service prevents websites and applications from inappropriately collecting or using the private information of end-users.
Not only does Google actively look for inappropriate or potentially threatening coding, but it also detects and penalizes sites that have not properly disclosed their user information collection and usage policies. Various measures are taken to ensure the safety of internet patrons including blacklisting potentially-harmful sites or warning users against entering unverified webpages.
Table of Contents
1. What is Google Safe Browsing?
Google Safe Browsing’s primary purpose is to identify website and application coding that surreptitiously downloads possibly damaging software onto end-user computers. However, the actions it takes to protect user information will often penalize innocent business owners for not taking all necessary measures to comply with safe browsing policies.
The service warns consumers about sites containing malicious actors that may intentionally steal personal information or harm their computers. At the same time, GSB keeps legitimate websites clear of security breaches by notifying site-owners of their presence and demanding the removal of harmful software.
Google is known to require compliance from any business that uses its services – including strict adherence to their own corporate privacy stipulations. That being said, GSB takes steps to ensure that users’ personal information is collected and used safely, appropriately, and with consent.
Whether Google Safe Browsing has determined that a site contains malicious software or that personally identifiable information (PII) is being collected without proper consent, website owners and operators may suffer consequences in the following arenas:
For programming that intentionally seeks private information, the GSB tools ensure that the website includes a clear explanation located in a prominent place on the screen about what is being collected and why.
The disclosure notice is especially critical if the data collection is not an obvious feature of the software, such as a sign-in form.
When financial data is collected, GSB requires that its transmission is properly encrypted.
These requirements apply to both Play and non-Play app markets, and non-compliance could result in anything from warnings to deactivation.
Of the Safe Browsing measures it employs in its search engine, Google writes,
You’ll see the message ‘This site may harm your computer’ beneath the site URL when we think the site you’re about to visit might allow programs to install malicious software on your computer.
While this message can be extremely damaging to the user perception of a website, Google takes strides to ensure that legitimate businesses have the tools they need to avoid this fate.
When the GSB review of a site triggers a notice that it contains potentially harmful software, the company’s Search Console gives website owners the tools to identify and repair the security issues that are negatively affecting their site, including those that might inappropriately access private data.
Websites that are verified in the Google Search Console also gain access to tools for evaluating and optimizing their sites for better visibility such as an SSL certificate.
SSL certificates can be easily obtained by business owners and webmasters. Having this designation on your website verifies that it is a secure destination for users to visit.
For AdWords users, Google will suspend ads that point to websites or apps that fail to comply with privacy policies.
2. How Does GSB Work with Businesses?
Adhering to Google’s Safe Browsing security guidelines is also an excellent business practice. Legitimate companies never intend to create unsafe programming, but sometimes erroneous coding or careless oversights can erode their compliance with GSB standards.
Affirmative consent is given through a user action such as clicking on an “I Accept” button.
When the GSB engines detect a website or app that contains inappropriate programming, Google will post a notice for potential visitors stating: “This site may harm your computer.” After informing the offending website of the problem, the notice will be taken down once the site’s webmaster corrects or removes the offending software.
Google also offers webmasters a “search console” that shows them the security issues they may be dealing with and gives them the tools to repair their site.
Entities that are concerned about whether their websites comply with GSB standards can access Google’s “site status” tool that evaluates the relative safety of its URL when that is entered into the search engine.
Furthermore, the GSB application programming interface (API) checks website and app content against Google’s constantly updated lists of unsafe platforms and threats and can reveal coding errors that unintentionally create a breach of privacy concern – such as failing to have an adequate notice about or adequate consent process for the collection and usage of consumer data.
3. How to Stay on the Right Side of Safe Browsing Policies
Most companies don’t want to risk the reputation or economic damage caused by inadvertently failing to comply with GSB standards.
Google designed its Safe Browsing guidelines and support services so websites and apps can avoid violating the prohibitions against inappropriate data collection or misuses of private information.
To avoid being unfairly prosecuted for inadvertently hosting malware, unwanted software or social engineering programming, Google advises its corporate users to follow these guidelines:
Be open up front
Match Google’s focus on end-user safety by keeping notices about collection and usage of private consumer data front and center on both websites and apps.
When seeking consent from users to collect and use their data, ensure that the site is using the most current clickwrap agreement form that requires an affirmative action (such as clicking an “I agree” or “I accept” button) to gain user consent.
Note that while “browsewrap” agreements may identify where on the site the user can find the consent agreement, they do not require any affirmative action on the part of that visitor. Instead, browsewrap agreements assume consent when the user continues onto the site without hitting a specified “consent” button.
For more information, check out this comprehensive guide on the difference between browsewrap and clickwrap.
A “secure sockets layer” – or “SSL”– certificate is denoted through an “s” being added to the “http” of a website’s URL. Failing to use an SSL-protected connection will flag a concern. Issued by a certificate authority, these tiny data files installed on websites secure the connection between the site and the server. The presence of an SSL certificate will send a message to both Google and your users that your website is a safe destination.
Considering how ubiquitous Google’s presence is on the internet, following its policies and guidelines to protect end-users and consumers is the best way to do business in the increasingly digital global marketplace.