[tbb-dev] Tor Browser for Android Roadmap/Proposal

Matthew Finkel matthew.finkel at gmail.com
Fri Mar 9 17:54:34 UTC 2018


Below is the current (rough) roadmap and outline of Tor Browser for
Android. There remains some uncertainly of some aspects (and timing),
but we should be able to make some decisions in Rome.

(Igor, sorry if you wanted to make additional changes - we can continue
modifying it this next week)



The Tor Browser for Android Design Proposal and Roadmap

0. Introduction

  Tor Browser for Android, from here on referred to as TBA, is a new
  implementation of Tor Browser targeted at recent Android platforms.
  In addition to the existing implementation, where Tor Browser is
  supported on Microsoft Windows, Apple OS X, and Unix-like systems,
  Tor Browser for Android will provide similar functionality on Android.

  Currently Tor Browser is based on the most recent Mozilla Firefox ESR.
  Unfortunately, Mozilla does not support an ESR for Firefox for
  Android, therefore TBA must follow the most recent Mozilla Firefox
  releases. This reduces the risk introduced by using vulnerable and
  unsupported code, and allows leveraging Mozilla's teams for support.

  Tor Browser for Android will provide an implementation of the Private
  Browsing Mode, as documented in the Tor Browser Design[0]. Currently,
  the Guardian Project maintain and support Orfox as the initial
  implementation of TBA. The goal is using Orfox as a base and improving
  upon it such that TBA obtains privacy, security, and usability parity
  with Tor Browser (for Desktop).

1. Roadmap

  Over the following one year, we will work toward this goal. If we
  divide this time frame into quarters, we can set expectations for
  what will be accomplished.

  In Q1 2018:

    - Orfox patches will be reviewed and merged into tor-browser.git
    - Porting Torbutton for TBA will begin.
    - Porting TorLauncher for TBA will begin
    - Rebasing TBA patches onto Firefox for Android 60 will begin
    - A new version of Orfox will be released in parallel with Tor
      Browser, based on ESR 52.6
      - XXX Discuss in Rome with TGP, coordinating releases

  In Q2:

    - Add TBA into tor-browser-builder and eliminate reproducibility
    - Continue porting Torbutton and TorLauncher including implementing
    - UI design discussions will take place in Rome
    - Investigate mobile-specific fingerprinting vectors
    - Release Orfox updates in parallel with Tor Browser

  In Q3:

    - TBA is fully reproducible
    - Release first version of TBA (alpha?) (probably based on Firefox for
      Android (Fennec) 60)
      - XXX We can considering coordinating this with an announcement at
        HOPE XII in July
    - Begin auditing GeckoView and Mozilla Focus implementation as
      upstream of TBA
    - Focus has different "look and feel", evaluate UX impact

  In Q4:

    - Release first version of TBA with TorLauncher integration

2. Design

  Tor Browser for Android will adhere to the Tor Browser design
  requirements[0] and it will maintain the same adversary model with
  increasing adversary capabilities. The user interface restrictions
  present on Android platforms introduce additional obstacles and
  require re-design and re-implementation of some existing Tor Browser
  features. However, the end result is maintaining the same "look and
  feel" on desktop and Android.

3. Adversary Capabilities - Attack

  a. Read and change Tor configuration variables through the Tor Control
     - An adversary (malicious application) could access the Android IPC
       mechanism and change the configuration values.

4. Additional Information

  - Supported Android versions
    - Android 6 and above.

5. References:

  [0] https://www.torproject.org/projects/torbrowser/design/

More information about the tbb-dev mailing list