[tbb-bugs] #26318 [Applications/Tor Browser]: TBA - Consider different installation methods

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 20 13:42:28 UTC 2018

#26318: TBA - Consider different installation methods
 Reporter:  sysrqb                    |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-mobile                |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by igt0):

 I have been thinking about this problem for some time and I propose two

 1. Add in the onboarding a link to the wiki about how to validate the APK.

 2. Add a button in the TBA menu called "Validate App". When the user
 clicks on it, TBA fetchs a json from the onion service with information
 about what is the current version and signin certificate and checks if the
 current certificate is the same of the installed app. We also should tech
 the user that this approach doesn't work if the app is tampered.

 sysrqb, GeKo: any thoughts?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26318#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list