Bug_43786: Add new UX flow for changing security level (Android)

Merge Info

Issues

Resolves

• #43786 (closed)

Merging

Target Branches

• tor-browser - !fixups to tor-browser-specific commits, new features, security backports
• base-browser and mullvad-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
  • ⚠️ IMPORTANT: Please list the base-browser-specific commits which need to be cherry-picked to the base-browser and mullvad-browser branches here

Target Channels

• Alpha: esr128-14.5
• Stable: esr128-14.0
• Legacy: esr115-13.5

Backporting

Timeline

• No Backport (preferred): patchset for the next major stable
• Immediate: patchset needed as soon as possible (fixes CVEs, 0-days, etc)
• Next Minor Stable Release: patchset that needs to be verified in nightly before backport
• Eventually: patchset that needs to be verified in alpha before backport

(Optional) Justification

• Security update: patchset contains a security fix (be sure to select the correct item in Timeline)
• Censorship event: patchset enables censorship circumvention
• Critical bug-fix: patchset fixes a bug in core-functionality
• Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
• Sponsor required: patchset required for sponsor
• Localization: typos and other localization changes that should be also in the release branch
• Other: please explain

Upstream

• Patchset is a candidate for uplift to Firefox
• Patchset is a backport from Firefox
  • Bugzilla link:
  • Upstream commit:

Issue Tracking

• Link resolved issues with appropriate Release Prep issue for changelog generation

Review

Request Reviewer

@dan @henry @morgan

• Request review from an applications developer depending on modified system:
  • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since Gitlab only allows 1 reviewer)
  • accessibility : henry
  • android : clairehurst, dan
  • build system : boklm
  • ci/cd: brizental, henry
  • extensions : ma1
  • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
  • fonts : pierov
  • frontend (implementation) : henry
  • frontend (review) : donuts, morgan
  • localization : henry, pierov
  • macOS : clairehurst, dan
  • nightly builds : boklm
  • rebases/release-prep : brizental, clairehurst, dan, ma1, pierov, morgan
  • security : jwilde, ma1
  • signing : boklm, morgan
  • updater : pierov
  • windows : jwilde, morgan
  • misc/other : pierov, morgan

Change Description

Updated Security Level settings screen by replacing the existing fragment with a new one that allows for TextViews and Buttons (the old one only allowed prefs), and added a TextView description at the top and buttons at the bottom following the UX designs. Checking an option now only saves once the "Save and restart Tor Browser" button is pressed, which also restarts Tor Browser. Also refactored some already existing Security Level to make it more clear.

How Tested

Ensure that the Security Level settings page generally works as expected UI/UX wise.

Some examples:

1. Tapping on different buttons in different orders
2. Navigating back and forth between settings pages in different ways (back button vs back arrow button, "Cancel" button)
3. "Save and restart Tor Browser" is only enabled when the setting is different from the (current level) one
4. Checking that the "(current level)" text is only shown on the actual current level, and displays correctly

Ensure that the Security Level setting affects the browsing experience.

Some examples:

1. Ensuring Security level only changes when a new one is selected and "Save and restart" is pressed
2. Ensuring each selected security level works as expected
3. Ensuring switching the security level with the "Save and restart Tor Browser" button actually fully switches it, for example by using this site https://browserbench.org/JetStream/. It should run and display a score in Standard. In my experience it doesn't run in Safer (if it does though, and it displays a similar score to Standard, that is an issue). And it should never run in Safest due to JS being disabled.