Browser Blacklists: The Utopia of Phishing Protection

Mobile devices - especially smartphones - have gained widespread adoption in recent years, due to the plethora of features they offer. The use of such devices for web browsing, accessing email services and social networking is also getting continuously more popular. The same holds true for other more sensitive online activities, such as online shopping, contactless payments, and web banking. However, the security mechanisms available on smartphones are not yet mature, while their effectiveness is still questionable. As a result, smartphone users face increased risks when performing sensitive online activities with their devices, compared to desktop/laptop users. In this paper, we present an evaluation of the phishing protection mechanisms that are available with the popular web browsers of the Android and iOS platform. Following, we compare the protection they offer against their desktop counterparts, revealing and analyzing the significant gap between the two. Finally, we provide a comparison between the Safe Browsing API implementation in Google Chrome and the Safe Browsing Lookup API, revealing significant inconsistencies between the two mechanisms.