Hi,
Below is the current (rough) roadmap and outline of Tor Browser for Android. There remains some uncertainly of some aspects (and timing), but we should be able to make some decisions in Rome.
(Igor, sorry if you wanted to make additional changes - we can continue modifying it this next week)
Thanks, Matt
---------------------------------------------------------------------
The Tor Browser for Android Design Proposal and Roadmap
0. Introduction
Tor Browser for Android, from here on referred to as TBA, is a new implementation of Tor Browser targeted at recent Android platforms. In addition to the existing implementation, where Tor Browser is supported on Microsoft Windows, Apple OS X, and Unix-like systems, Tor Browser for Android will provide similar functionality on Android.
Currently Tor Browser is based on the most recent Mozilla Firefox ESR. Unfortunately, Mozilla does not support an ESR for Firefox for Android, therefore TBA must follow the most recent Mozilla Firefox releases. This reduces the risk introduced by using vulnerable and unsupported code, and allows leveraging Mozilla's teams for support.
Tor Browser for Android will provide an implementation of the Private Browsing Mode, as documented in the Tor Browser Design[0]. Currently, the Guardian Project maintain and support Orfox as the initial implementation of TBA. The goal is using Orfox as a base and improving upon it such that TBA obtains privacy, security, and usability parity with Tor Browser (for Desktop).
1. Roadmap
Over the following one year, we will work toward this goal. If we divide this time frame into quarters, we can set expectations for what will be accomplished.
In Q1 2018:
- Orfox patches will be reviewed and merged into tor-browser.git - Porting Torbutton for TBA will begin. - Porting TorLauncher for TBA will begin - Rebasing TBA patches onto Firefox for Android 60 will begin - A new version of Orfox will be released in parallel with Tor Browser, based on ESR 52.6 - XXX Discuss in Rome with TGP, coordinating releases
In Q2:
- Add TBA into tor-browser-builder and eliminate reproducibility issues - Continue porting Torbutton and TorLauncher including implementing mobile-UI - UI design discussions will take place in Rome - Investigate mobile-specific fingerprinting vectors - Release Orfox updates in parallel with Tor Browser
In Q3:
- TBA is fully reproducible - Release first version of TBA (alpha?) (probably based on Firefox for Android (Fennec) 60) - XXX We can considering coordinating this with an announcement at HOPE XII in July - Begin auditing GeckoView and Mozilla Focus implementation as upstream of TBA - Focus has different "look and feel", evaluate UX impact
In Q4:
- Release first version of TBA with TorLauncher integration
2. Design
Tor Browser for Android will adhere to the Tor Browser design requirements[0] and it will maintain the same adversary model with increasing adversary capabilities. The user interface restrictions present on Android platforms introduce additional obstacles and require re-design and re-implementation of some existing Tor Browser features. However, the end result is maintaining the same "look and feel" on desktop and Android.
3. Adversary Capabilities - Attack
a. Read and change Tor configuration variables through the Tor Control protocol. - An adversary (malicious application) could access the Android IPC mechanism and change the configuration values.
4. Additional Information
- Supported Android versions - Android 6 and above.
5. References: