On Tue, 30 May 2017 20:22:09 +0200 Hans-Christoph Steiner hans@guardianproject.info wrote: [snip]
Android is a very different OS than all the desktops. GNU/Linux, OSX and Windows are much more similar to each other than to Android. Android is also the most popular computing platform in the world, so its worth investing it. More users and more page views than Windows.
Given the desire for stronger sandboxing, it could make sense to keep tor in something like Orbot, which is installed separately. That means its isolated from the browser part with all the Android tricks. Things like CopperheadOS make that sandboxing even stronger.
As for Android apps updating their own code, it is possible, and it is occasionally done. It is considered a bad practice, and Google has been gradually locking that down over time. Android already provides a solid install procedure, at best, I think it would be a waste of time to build a custom in-app updater to replace that. For example, that will break nice security properties like the code being installed read-only even to the app itself.
The general gist I'm getting from this is:
Continue to treat Android like the red headed stepchild that it is, because a tor-launcher deprecation/rewrite doesn't affect the one platform that doesn't really even use tor-launcher in the first place.
nb: If there is special code required for Fenec to interact with Orbot, I don't see why that requires it's own launcher process.
There's also no reason why, "Vidalla++" (or whatever it ends up getting called, if it happens) can't support Android, however:
* Downloading/installing/updating the browser - Handled by whatever app store people use (and if people are sideloading apks, it's handled by the person).
* Configuring/Launching Tor - Handled by Orbot.
* Sandboxing - Handled by the OS. There's probably more that could be done here, but I will profess ignorance to how much kernel support is available in deployed Android installations for any of the mechanisms (And I assume that things like AppArmor that require root fall into the realm of "Not useful in a general case").
So I'm not seeing much of a point here.
Regards,