Top security slider feature for the Android application Orfox browser

Author: Ritesh Mehta

Orfox is an Android web browser that is based on the similar source code as the Tor Browser, but with several privacy modifications being added to it. There are several best Android apps that could be used, but this feature strengthens security further. Orfox browser ships with Tor Browser Settings and the NoScript add-ons. NoScript is a script blocker that’s extremely rated, supporting other security protections on top of its main functionality. Developers of the Tor Project partnered with the Guardian Project to release the first app iteration last December. Essentially, it’s an Android compatible fork of the Tor Browser repository, which uses a proxy application that serves as an instance of the Tor network. It brings the security slider feature into the fold of an Android app.

Tor is a free software to enable anonymous communication. It is short for The Onion Router that directs web traffic via free, worldwide, volunteer overlay network that consists of more than 7,000 relays. The user of Tor is intended to protect the user’s personal privacy, as well as their ability and freedom to do confidential communication by keeping internet activities monitored. Android devices are open to several threats, most coming from apps that are downloaded. During installation, every application requests specific permissions, like the capability to access contacts list or open websites. The Android OS tells a user what data and systems an application will access. However, the operating system will not block any application activity after installation. Thus, each and every Android device must have an Android malware protection program.

SECURITY SLIDER FEATURE

The Security Slider feature application allows users to decide how tightly reined they would like their mobile browsing experience to be. Users could opt to disable JavaScript on all sites or only on non-HTTP sites, make all HTML5 video and audio elements tap-to-play, or disable all symbols, icons, fonts and images, depending on the concern of users of their security. The adoption of the slider to Orfox was not easy. Developers had to redesign the security settings of the application as well as overhaul the slider’s user interface to work on a mobile application. Roughly, the project took four months and another four to find its way into the application. Developers stated that adding the feature helped to better embrace the user experience best practices, something that must factor into Tor Project in the future. This was the first time that Tor made a full development cycle following user experience best practices.

APP’S LATEST VERSION

Users could download the latest version of the application via the Android Apps store or via Google Play, download APK installation file through the git repository of the Tor Project or through F-Droid’s Android apps catalog. Something small but considerably significant occurred in the Tor world. With the added security, it’s easier for users to set predetermined privacy levels without getting bogged won in settings that they may not understand fully.

From its early days, Orfox wants to offer the same privacy that users of Tor would derive from the desktop browser of the Project, but without making a chore of configuration. Simply put, there is not much point in offering a high privacy level if the application is hard to configure. If it’s difficult to configure, then it could leave users exposed.

HOW ORFOX IS DIFFERENT FROM FIREFOX FOR ANDROID?

Beyond the Tor Browser core components, Orfox also has to ensure that all Android-specific code is routed properly via the Tor proxy, and otherwise hardened to protect from privacy and data leaks. Moreover, it adds patches at the Android Java code layer to allow proxy-ing of all network HTTP communications of Java via the local Orbot HTTP proxy. Orfox removes Android permissions for camera, microphone, contacts, location and NFC as the capability of using the features aren’t in line with the Tor Browser spirit. Furthermore, it also removes features such as WebRTC and support for Chromecasts interaction or Roku devices interaction, because this kind of communication is not compatible with proxy communication via a TCP-based network such as Tor.

The year 2016, by some measures was the year that mobile web traffic exceeded desktops, particularly in developing countries, which one day could be the heartland of Tor. Also, these countries are full of older versions of Android, which explains why it maintains compatibility. Users of mobile devices gravitate to online services asking them to log in. The minute they do, it is game over for anonymity, despite the reduction of ad tracking.

The Android Market provides various Android malware protection applications. However, most of them are fairly the same. Applications typically will scan a program for malware even before the user installs it on his/her device. If malware is detected, it notifies the user and prevent installation.