AMP a security risk?

In an effort to make the Internet a bit better and faster, Google has launched Accelerated Mobile Pages, better known as AMP which is a really good. Many online portals and websites use this facility to deliver their content even more quickly and in the mobile search marked with a small flash this tells the user about the fast loading times. But where light is, there is always shadow.

In the case of AMP, the AMP cache provides for pain. Google would like to take advantage of the speed and load the content of websites into their own cache, then deliver them from there again. The idea behind it is good and has certainly contributed to the good distribution of AMP. However, an oversight was the security risk associated with it after quickly realizing that phishing is an option, because up until recently, there were almost no security checks.

AMP content delivered through the Google servers just appeared at and all the tools that Google offers itself as a protection against phishing, malware, and so on have the domain on their whitelist. So Google provided a secure URL for sites that could contain nasty surprises for users. As we have seen, there are already a number of phishing sites that use this advantage. Google itself knows about this problem and is probably currently taking some measures to get it back under control. However, there are no details.

But it became known that Google cooperates with the manufacturers of browsers to make AMP more secure. One solution might be to take the path /amp/ away from the whitelists. This would then re-activate the security tools and could do their job. Another solution might be that the AMP content will no longer be delivered via This process could be outsourced and thus provide more security, since has so far simply suggested too much security and users trust the content to the fullest extent when they are distributed under the Google domain.