3 minute read

I recently discovered [another] secret browser that is inside Google Play Services. The uniqueness of this browser is that it is accessible by a link. That means, it not only bypasses the “normal” google parental control, it also bypasses the “lock-down” mode (the “lock-down” mode is the “your device has been locked” screen in parental control). I also discovered a similar method which can be used to bypass the Android screen pinning feature from the Contacts app

TodePond YouTube video in Google Play Services app

Enter the Contacts app – using the “emergency call” button after the normal unlock of the phone. (assuming you not are reading this blog in lock-down mode, you can just open the normal Contacts app).
Edit existing contact (or add new contact), then edit it, and scroll until “More fields” and click on it.
In the “Website” field enter this website: “https://gds.google.com/gmsdrops”.
Save the contact, then click on the link.
You should now see “Your Android device just got better” (it’s a Google lie 🙂). Click “Show me”.
Click “Learn more”. If you don’t have that, click “next” until you have it.
Now you are in the browser. Resize it by moving it up. Click the hamburger menu, then click the big “Google Help” text.
Click the hamburger menu again. This time just click “Google”.
You may or may not be already signed in to this browser. If you are signed in, you can log out from Google. It does not affect your Chrome browser.
There you have it. A full untraceable browser inside the parental lock-down mode!

Why does it work?
In lock-down mode, google “locks” all apps (including the android launcher and parts of the system) apart from “Google Play Services” (which is used to display the popup message and enforce restrictions) and the Contacts app (for phone).
As last time, It’s still the fault of the same app: Google play services.
https://gds.google.com/gmsdrops is a deeplink to the Android “what’s new”. (you can also open it from here, and if your browser forwards deeplinks you probably get a message asking you if you want to continue to external app/google play).
While parental control doesn’t allow you to open deeplinks, it does allow the Contacts app to do so. When you click on the website field of a Contact, it’s the Contact app which opens the link. So it’s not blocked.

android (11+) has an Android screen pinning feature, which basically make it possible to give your phone to someone, open on a specific app, and prevent the user to move to another without your permission. I haven’t done research on that, but I believe the most popular use-case is when you give your phone to someone to make a phone call.
This time we cannot use the same link as before, as screen-pinning prevents opening new apps, and t
Read More