[Android] https://[%2A.]firebase app.com in allowed cookies

[srirambv]

Description

Report from community https://community.brave.com/t/found-https-2a-firebase-app-com-in-allowed-cookies/154373

Steps to reproduce

1. Go to settings
2. Click on site settings
3. Click on all sites or cookies
4. https://[%2A.]firebase app.com is in both all sites and allowed cookies and cannot be deleted.

Actual result

https://[%2A.]firebase app.com is in both all sites and allowed cookies and cannot be deleted.

Expected result

Not set any cookies by default

Issue reproduces how often

Easy

Version/Channel Information:

• Can you reproduce this issue with the current Play Store version? Yes
• Can you reproduce this issue with the current Play Store Beta version? Yes
• Can you reproduce this issue with the current Play Store Nightly version? Yes

Device details

• Install type (ARM, x86): ARM
• Device type (Phone, Tablet, Phablet): Phone
• Android version: 10

Brave version

1.12.113

Website problems only

• Does the issue resolve itself when disabling Brave Shields? NA
• Does the issue resolve itself when disabling Brave Rewards? NA
• Is the issue reproducible on the latest version of Chrome? NA

Additional information

[urbenlegend]

This is not just on Android. I see this on Desktop as well.

[urbenlegend]

Found out what's causing it on Desktop at least. If you enable Allow Google login buttons on third party sites, these cookie rules will show up in the Allow section. If you turn it off, those rules disappear.

However, I can not find the equivalent option on mobile.

[pes10k]

This is not a bug, its intentionally tied to google auth, since firebase depends on google for auth (in other words, you can only auth with a firebase app in most cases with a google login button) This was discussed in: brave/brave-core#5952 . We can reopen of course if needed, but wanted to at least provide that as background.

There is already an issue for adding UI to control this (and other privacy settings) in android too #9536. If this is getting more user attention / notes, maybe that should be prioritized higher?

Also, fwiw, these kinds of intentional-but-maybe-unexpected-connections should be much less needed once #8514 lands.

TL;DR; i think this issue is a duplicate and can be closed, mostly because the actionable parts are either existing-intentional choices, or covered by other issues.

[pes10k]

I'm going to close this issue for the reasons described above, but thanks much to @srirambv for reporting and for @urbenlegend for adding the details. I'll also note in #9536 that the feature is being requested / useful for community raised issues too. Thanks all!