PSA: Stop the Wrap

Stop sharing and clicking on share.google.com links—they are a privacy concern and a phishing risk!

What are share.google.com links?

When someone attempts to share a link from their Android phone, Google has started automatically applying their "link shortening" service to the link you want to share. At face value, this may seem like a harmless, convenient feature. But that is not the case for two simple reasons:

  • The recipient is no longer able to tell what they are clicking.
  • Google tracks you for sharing the link and associates you with anyone who clicks it.

The Phishing Risk

Normally, when you receive a link, you can check to see what domain it's going to and whether the URL contains suspicious keywords or is unusually long. This enables you to vet the validity and reputation of the website before you click.

When someone clicks a share.google.com link, they have no access to any of this information until the redirect happens. Unless you are savvy enough to use a specific tool to extract that data, you are flying blind.

If no one shares these links and everyone educates anyone who does, the risk can be eliminated. Seeing these in the wild should be an automatic red flag.

The Privacy Risk

When that link is generated, your device requests it from Google's servers. This request includes who requested it and when. This is logged. When someone clicks that link, that data is also logged.

If the person clicking is logged into their Google account, their identity is likely tied to that event. Over time, Google uses this to build a social graph to map your real-world relationships. This enhances their tracking capabilities far beyond simple web browsing.

How to Disable It

On Android, you can opt-out of this tracking:

  1. Open the Google App
  2. Tap your Profile Picture > Settings
  3. Go to Other Settings
  4. Toggle off "Shorten links to web pages"