Privacy Browser Android

There is some discussion about background playback services at #275. The short version is that it will probably have to wait until the 4.x series.

There are some possible privacy or security implications to such a service. For example, it might require the addition of additional notification permissions, which I have generally been reluctant to add.

The most unusual privacy issue of a media notification, is that an another unsecure application might snoop into the notification and know what media is being run. Other than that, I don't think there could be a possibility of DDOSing.

The user should have to be careful not to use any such insecure apps in the first place.

This is the attack vector concern:

Adding the permission necessary to display a notification while Privacy Browser is in the background allows Privacy Browser to run any code it wants while in the background. You can see this with Privacy Cell (which has such permissions and runs code to monitor the cell phone network). Once that permission has been granted, it become an additional exploitation surface.

https://www.stoutner.com/minimizing-privacy-browsers-attack-surface/

So, imagine a website that discovers a 0-day flaw in the Android's System WebView that allows it to inject arbitrary code into Privacy Browser's process. With the current design, that code could only run when Privacy Browser is on the screen. But if the foreground process permission were added, then that code could run all the time.

There might be ways to mitigate that, but I would want to look at it very closely before implementing such a feature. And, as Android's WebView doesn't even provide a mechanism for extracting an audio stream, it isn't really possible until the 4.x series with Privacy WebView, so I have deferred looking closely at it until then.

From a personal usability perspective, I have NewPipe installed on my phone.

https://f-droid.org/en/packages/org.schabi.newpipe/

For the sites it supports, like YouTube, if you are viewing a video in Privacy Browser, you can tap Options > Share > Open with App and it will open NewPipe and go directly to that video. NewPipe has a background audio playback option, blocks ads, supports downloading of the audio/video, and basically does everything else you could imagine wanting. Because it is completely separate from Privacy Browser, it can do all these things without the potential negative impacts of expanding Privacy Browser's attack or exploitation surface.

NewPipe doesn't look like it currently supports piped.video, but they might be open to a feature request to add support.

If privacy webview is as lightweight as the browser itself, or closer to that, will definitely be worth looking into it. Caz being a webview based browser has a lightweightness advantage compared to a standalone browser that's bundled with it's own webview.

Btw, I'm using Bromite Webview instead that comes with AOSP. Both aren't much different, other than some fingerprinting safety measures. Are you planning to release Privacy Webview as a webview, or directly going to inbuilt it into the browser ?

Also. NewPipe is worth, only if one doesn't care about hitting google servers. Fortunately, I used to be a Libretube user for the past 2 years. It has been improved a lot lately.

#86 contains a brief description of the plans for Privacy WebView.

Regarding Libretube, Privacy Browser's Open with App feature queries the OS for any installed app that has registered support for the current URL. So, if Libretube supports piped.video, then it should appear in the list. And, if you select it as the default, then it should open immediately without displaying a list.