Found https://[%2A.]firebase app.com in allowed cookies

Troubleshooting technical issues is much easier when both the user and support agent practice clear communication. For this reason, we have provided the template below for you to fill out with information about your issue. Please provide as much detail as possible so we can most efficiently resolve your problem.


Description of the issue:
When I go into settings, sight settings, all sites and cookies, I find https://[%2A.]firebase app.com as an allowed site and cookie and it cannot be deleted. I checked my wife’s phone and it is not there. She has a Pixel ll and I have a pixel ll XL. I went and cleared all the storage and cache and it was still there. So I cleared all the storage and cache again and deleted Brave. I restarted the phone and downloaded Brave again. I disconnected from the internet and then went into the app info and turned everything off and cleared the storage and cache and then opened Brave while still disconnected and it was already there in the sites and cookies again and could not be deleted.

Also, the accounts for the Google website and the Google website are under all sites and cannot be deleted and the accounts for the Google website
is under allowed cookies and cannot be deleted.

I couldn’t put the web addresses because I’m a new user or it wouldn’t let me post.

How can this issue be reproduced?

  1. Go to settings
  2. Click on site settings
  3. Click on all sites or cookies
  4. https://[%2A.]firebase app.com is in both all sites and allowed cookies and cannot be deleted.

Expected result:
Is there any way that this can be deleted?
Is this something installed by Brave or is it some type of spyware/malware?

Brave Version( check About Brave):

Application version

Brave 1.12.113, Chromium 8404147125

Mobile Device details

Operating system

Android 10; Pixel 2 XL Build/QQ3A. 200805001

Additional Information:

I’m going to try and delete some recent apps and uninstall and reinstall Brave and see if firebaseapp disappears. If this ends up being caused by an app, how can I report this? I really need to find out what is going on here so no sensitive information is compromised. Thank you for your time.

I’ve seen this too. Using Brave 1.12.113 Chromium 84.0.4147.125

https://[%2A.]firebaseapp.com

What is it? It was never there before.

That’s what I’m trying to find out. I’ve looked on the internet and the firebase app is something that someone can set up a little program which makes me wonder if it isn’t some type of malware. Since no one at brave will reply and let me know what it is, I’ve stopped using brave. I find it hard to believe that it would just be on my phone and it would not be on my wife’s phone when we both get the same updates. I completely deleted brave supposedly and cleaned my phone and took the SIM card out and turned the phone off for most of the day and when I reinstalled brave, there it was.

I’m using chrome for some stuff and I’ve downloaded opera just for regular browsing. It uses less than half the data of brave anyhow. If I could ever get that part of it fixed I will set up different browsers to use for different things.

Looks like something from Google. “Firebase is built on Google infrastructure…” via firebase.google.com.

I doubt it’s malware but it is highly suspicious that it appears in your browser (and mine) but not in the same browser installed on your wife’s phone. Disappointing that you inquired about this 2 weeks ago and they still haven’t gotten back to you.

It’s definitely a good idea to use multiple browsers! I do the same, but Brave has been my go-to. Might end up ditching it now. Firefox is also a really good choice for a privacy-minded browser. I do like Chrome (the UI and it’s fast) but I’ve disabled it because Google doesn’t need to know everything. I’ll keep Opera in mind.

Safe browsing, mate!

I have seen it too. Might be a secondary dev part of some ad-malware I saw in there also when I updated to Chromium 84 but, I cleared it without writing it down…

The: https://[%2A.][firebaseapp.com is still there along with google accounts., another google accounts., duckduckgo. (I pretty much de-googled my phone but, have to activate an account to DL from the playstore)

I just did a search of the [%2A.] on my PC and BARELY noticed the DDGo instant answers ! icon at the top. Clicked on it and 2 dev’s were listed, both affiliated with DDGo: moollaza (Zaahir Moolla) · GitHub and mintsoft (Rob Emery) · GitHub… So, you would think that the [%2A.] has something to do with DuckDuckGo. (DDGo are my 2 search option tabs in settings)

Still doesn’t answer my questions on why any are stuck in there, including DDGo. With Brave on my PC, I have “On startup tab” set to: Open a specific page or set of pages with start.duckduckgo… which is the DDGo start page with additional settings/options. Once you set them, you can save them to their server with a passphrase. That would make sense of the duckduckgo. and the [%2A.] being the stored passphrase. Problem is I haven’t done that on droid that I remember…

You can do the same thing on the droid Brave app instead just using the stock search/tab choices included and it might make some sense of the un-deletable DDGo & :[%2A.] also. But like I said, I haven’t done that on my phone…

I will try to remember the ad-malware name because that is the most concerning thing to me. Just because I cleared it from site settings doesn’t mean it is still lurking undetected on my phone. I damn sure am not going to log-in to Bank of America anymore on the phone till I find out more about that malware.

Sorry. Had to remove most of the https:// & .com in order to post this.

Regards, Paul

I have seen it too. Might be a secondary dev part of some ad-malware I saw in there also when I updated to Chromium 84 but, I cleared it without writing it down…

The: https://[%2A.][firebaseapp.com is still there along with google accounts., another google accounts., duckduckgo. (I pretty much de-googled my phone but, have to activate an account to DL from the playstore)

I just did a search of the [%2A.] on my PC and BARELY noticed the DDGo instant answers ! icon at the top. Clicked on it and 2 dev’s were listed, both affiliated with DDGo: moollaza (Zaahir Moolla) · GitHub and mintsoft (Rob Emery) · GitHub… So, you would think that the [%2A.] has something to do with DuckDuckGo. (DDGo are my 2 search option tabs in settings)

Still doesn’t answer my questions on why any are stuck in there, including DDGo. With Brave on my PC, I have “On startup tab” set to: Open a specific page or set of pages with start.duckduckgo… which is the DDGo start page with additional settings/options. Once you set them, you can save them to their server with a passphrase. That would make sense of the duckduckgo. and the [%2A.] being the stored passphrase. Problem is I haven’t done that on droid that I remember…

You can do the same thing on the droid Brave app instead just using the stock search/tab choices included and it might make some sense of the un-deletable DDGo & :[%2A.] also. But like I said, I haven’t done that on my phone…

I will try to remember the ad-malware name because that is the most concerning thing to me. Just because I cleared it from site settings doesn’t mean it is still lurking undetected on my phone. I damn sure am not going to log-in to Bank of America anymore on the phone till I find out more about that malware.

Sorry. Had to remove most of the https:// & .com in order to post this.

Regards, Paul

Issue logged so dev can look into it

Thanks for reporting

It’s not malware. It is related to the Allow Google login buttons on third party sites option in Brave. If you have it enabled, those rules will appear in your Allow list. If you disable it, those rules go away.

The main problem here is that there doesn’t seem to be an equivalent option for Android, so you can never disable it if you see it.

I have this problem too. I found both https://[%2A.]firebaseapp.com and https://accounts.google.com in Brave Android browser, site settings/cookies/site exceptions. They cannot be removed, but I was able to change them both from “allowed” to “blocked”. I’m using Brave 1.13.87.

You should be able to remove them after this feature lands.

@urbenlegend thanks for linking the issue. Closing the thread as its an expected behaviour as per this comment