Google’s App Engine No Longer Facilitates 'Domain Fronting'

Google’s App Engine no longer supports ‘domain fronting.’ Technically speaking, App Engine has never officially supported domain fronting although it was a feature those using Google’s solution were previously able to take advantage of. That, however, has now changed as a recent update to App Engine has now removed all traces of backend support.

If does not seem as thought Google has officially announced the change (as it never officially supported the use of domain fronting in the first place), although the change was previously noted as in effect on the Tor bug tracker on April 13. Since then, The Verge has received confirmation from Google of the discontinuation of the unofficial support through the release of a recent update. Once again, the representative confirmed Google has never officially supported the feature, and the recent update itself was also not specifically designed to target the use of the feature. Instead, the feature’s ability to be used has ceased as a byproduct of the update applied to the underlying framework that the feature took advantage of. With the representative also quoted stating Google does not “have any plans to offer it as a feature” going forward.

Domain fronting is better understood as the ability to spoof a location. This is something that a lot of services offer and for multiple reasons. VPNs being one such example and geo-restricted or otherwise censored content being prime examples of why an app or a service might want to spoof the location. The reason this was unofficially available was due to how App Engine works as this is a web and mobile app-based platform designed to take away the need for developers to worry about the infrastructure needed to scale an app or website. Instead, App Engine afforded developers with the ability to concentrate on the code and provide them with a fully-ready infrastructure for use. Up until now, that has also meant redirecting traffic through Google domains first, before sending them on to a final destination. Not only this, but Google’s encryption also stopped anyone from understanding or knowing the traffic was going anywhere beyond the Google domain. Thereby inadvertently providing a method for app developers to spoof a location.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author

John Anon

John has been writing about and reviewing tech products since 2014 after making the transition from writing about and reviewing airlines. With a background in Psychology, John has a particular interest in the science and future of the industry. Besides adopting the Managing Editor role at AH John also covers much of the news surrounding audio and visual tech, including cord-cutting, the state of Pay-TV, and Android TV. Contact him at [email protected]