Consider different installation methods for Android

added TorBrowserTeam201907 in Legacy / Trac component::applications/tor browser in Legacy / Trac owner::tbb-team in Legacy / Trac priority::medium in Legacy / Trac severity::normal in Legacy / Trac sponsor::8 in Legacy / Trac status::new in Legacy / Trac tbb-8.5 in Legacy / Trac tbb-mobile in Legacy / Trac tbb-parity in Legacy / Trac type::enhancement in Legacy / Trac labels

There are few checks we can do, this article describes few of them:

https://www.airpair.com/android/posts/adding-tampering-detection-to-your-android-app

I have been thinking about this problem for some time and I propose two things:

Add in the onboarding a link to the wiki about how to validate the APK.
Add a button in the TBA menu called "Validate App". When the user clicks on it, TBA fetchs a json from the onion service with information about what is the current version and signin certificate and checks if the current certificate is the same of the installed app. We also should tech the user that this approach doesn't work if the app is tampered.

sysrqb, GeKo: any thoughts?

Trac:
Cc: igt0, gk to igt0, gk, dmr

F-Droid //client// (specifically Bazaar) is a great "offline" app store.

I haven't follow the progress of the project in a while, but it does allow for these sorts of things:

peer-to-peer app distribution over wifi
peer-to-peer app distribution over bluetooth
peer-to-peer app distribution over NFC, Android Beam
peer-to-peer app verification
.onion repos
sharing repo identities in person Not the //client//, but also part of the F-Droid ecosystem:
trusted repos created with Repomaker, a web-based UI (not yet ready for production)

While arguably we can't get everyone to use F-Droid, I just wanted to point out that they have designed it much with these use cases and problems in mind. I believe we should focus some resources on educating users about these peer-to-peer options, so that they can leverage existing trust relationships within communities.

References:

[- How to Send and Receive Apps Offline]
[- How to Add a Repo to F-Droid] - specifically see Option 2: Scan a QR Code from Another Device
[- How do I send a Repo configuration using NFC?]
[- How can I send the F-Droid app using NFC or Android Beam?]
[F-Droid presentation talking about collateral freedom, among other things]
[blog post on F-Droid app sharing in Cuba]
[project wiki]
[(not yet ready for production)]
[Repomaker usability study]

It's worth noting that The Guardian Project has [repos on multiple distribution channels/platforms]:

direct HTTPS
.onion
AWS S3 (so provides the collateral censorship-resistance properties //akin to// domain fronting)

On a different note, there is also the App Updater / update detector framework that may be of use for non-F-Droid devices (iiuc):

[blog post]
[repo]
[[https://gitlab.com/fdroid/update-channels/blob/master/appupdater/README.markdown|README.markdown]] ([no JS required]) It's not necessarily relevant for the //first// download/install, but it may be helpful nonetheless in the broader scope of things.

Required for first alpha.

Trac:
Parent: N/A to legacy/trac#26531 (moved)

We have Google Play and direct download complete. Let's decide on how we accomplish the remaining tasks.

Moving to second-alpha TBA keyword.

Trac:
Keywords: N/A deleted, TBA-a2 added
Parent: legacy/trac#26531 (moved) to N/A

Putting on October radar.

Trac:
Keywords: N/A deleted, TorBrowserTeam201810 added

Moving our tickets to November.

Trac:
Keywords: TorBrowserTeam201810 deleted, TorBrowserTeam201811 added

Trac:
Sponsor: N/A to Sponsor8

Moving our tickets to December.

Trac:
Keywords: TorBrowserTeam201811 deleted, TorBrowserTeam201812 added

Setting tag for third Tor Browser for Android alpha milestone.

Trac:
Keywords: N/A deleted, TBA-a3 added

We are beyond TBA-a2, TBA-a3 is the new black.

Trac:
Keywords: TBA-a2 deleted, N/A added

Trac:
Username: darkspirit
Cc: igt0, gk, dmr to igt0, gk, dmr, jan@ikenmeyer.eu

Moving tickets to Jan 2019.

Trac:
Keywords: TorBrowserTeam201812 deleted, TorBrowserTeam201901 added

Moving tickets to February.

Trac:
Keywords: TorBrowserTeam201901 deleted, TorBrowserTeam201902 added

Move tickets out of TBA-a3 into TBA-stable.

Trac:
Keywords: TBA-a3 deleted, TBA-8.5 added

Moving remaining tickets to March.

Trac:
Keywords: TorBrowserTeam201902 deleted, TorBrowserTeam201903 added

Tickets on our radar for 8.5

Trac:
Keywords: N/A deleted, tbb-8.5 added

tbb-parity items.

Trac:
Keywords: N/A deleted, tbb-parity added

Trac:
Keywords: TBA-8.5 deleted, N/A added

Moving tickets to April.

Trac:
Keywords: TorBrowserTeam201903 deleted, TorBrowserTeam201904 added

Moving tickets to May

Trac:
Keywords: TorBrowserTeam201904 deleted, TorBrowserTeam201905 added

Moving tickets to June

Trac:
Keywords: TorBrowserTeam201905 deleted, TorBrowserTeam201906 added

Moving tickets to July

Trac:
Keywords: TorBrowserTeam201906 deleted, TorBrowserTeam201907 added

moved from legacy/trac#26318 (moved)

added Feature label and removed 1 deleted label

added Android Platform Parity labels and removed 1 deleted label

added Icebox label

changed title from TBA - Consider different installation methods to Consider different installation methods for Android

marked this issue as related to tpo/anti-censorship/rdsys#42 (closed)

We can use the same mechanisms (such as gettor) for distributing TBA.

This is happening here: tpo/anti-censorship/rdsys#42 (closed)

We also have this ticket for automated(?) F-Droid releases here: #27539

Lastly, Nathan has a ticket to consider the broader UX issue of using the Guardian Project's F-Droid repo in censored regions here: tpo/ux/team#77 (closed)

@gaba @richard @gus Is this ticket still necessary in your view, or can we close?

marked this issue as related to tpo/ux/team#77 (closed)

marked this issue as related to #27539

<3

closed

Consider different installation methods for Android

Designs

Child items 0

Activity