[tbb-dev] Tor Browser for Android Roadmap/Proposal
matthew.finkel at gmail.com
Fri Mar 9 17:54:34 UTC 2018
Below is the current (rough) roadmap and outline of Tor Browser for
Android. There remains some uncertainly of some aspects (and timing),
but we should be able to make some decisions in Rome.
(Igor, sorry if you wanted to make additional changes - we can continue
modifying it this next week)
The Tor Browser for Android Design Proposal and Roadmap
Tor Browser for Android, from here on referred to as TBA, is a new
implementation of Tor Browser targeted at recent Android platforms.
In addition to the existing implementation, where Tor Browser is
supported on Microsoft Windows, Apple OS X, and Unix-like systems,
Tor Browser for Android will provide similar functionality on Android.
Currently Tor Browser is based on the most recent Mozilla Firefox ESR.
Unfortunately, Mozilla does not support an ESR for Firefox for
Android, therefore TBA must follow the most recent Mozilla Firefox
releases. This reduces the risk introduced by using vulnerable and
unsupported code, and allows leveraging Mozilla's teams for support.
Tor Browser for Android will provide an implementation of the Private
Browsing Mode, as documented in the Tor Browser Design. Currently,
the Guardian Project maintain and support Orfox as the initial
implementation of TBA. The goal is using Orfox as a base and improving
upon it such that TBA obtains privacy, security, and usability parity
with Tor Browser (for Desktop).
Over the following one year, we will work toward this goal. If we
divide this time frame into quarters, we can set expectations for
what will be accomplished.
In Q1 2018:
- Orfox patches will be reviewed and merged into tor-browser.git
- Porting Torbutton for TBA will begin.
- Porting TorLauncher for TBA will begin
- Rebasing TBA patches onto Firefox for Android 60 will begin
- A new version of Orfox will be released in parallel with Tor
Browser, based on ESR 52.6
- XXX Discuss in Rome with TGP, coordinating releases
- Add TBA into tor-browser-builder and eliminate reproducibility
- Continue porting Torbutton and TorLauncher including implementing
- UI design discussions will take place in Rome
- Investigate mobile-specific fingerprinting vectors
- Release Orfox updates in parallel with Tor Browser
- TBA is fully reproducible
- Release first version of TBA (alpha?) (probably based on Firefox for
Android (Fennec) 60)
- XXX We can considering coordinating this with an announcement at
HOPE XII in July
- Begin auditing GeckoView and Mozilla Focus implementation as
upstream of TBA
- Focus has different "look and feel", evaluate UX impact
- Release first version of TBA with TorLauncher integration
Tor Browser for Android will adhere to the Tor Browser design
requirements and it will maintain the same adversary model with
increasing adversary capabilities. The user interface restrictions
present on Android platforms introduce additional obstacles and
require re-design and re-implementation of some existing Tor Browser
features. However, the end result is maintaining the same "look and
feel" on desktop and Android.
3. Adversary Capabilities - Attack
a. Read and change Tor configuration variables through the Tor Control
- An adversary (malicious application) could access the Android IPC
mechanism and change the configuration values.
4. Additional Information
- Supported Android versions
- Android 6 and above.
More information about the tbb-dev