Programs that respect your privacy

Privacy Browser 1.8

I have decided that I am going to make a regular habit of posting when a new version of Privacy Browser is released, detailing what users can expect from the new version and what I am working on for the subsequent release.

The main feature in Privacy Browser 1.8 is a bookmark implementation. This is a fairly robust implementation that allows for the creation of bookmarks, folders, and subfolders, reordering of bookmarks, moving of bookmarks between folders, and editing of bookmarks and folders.

For Privacy Browser 1.9, I intend to implement SSL certificate controls, as well as WebView font size controls, both of which are features that have been requested by users.

I have also received a request to hold off on implementing features that require the addition of dangerous permissions. For users on Android Marshmallow or newer (version >= 6.0, API >= 23), dangerous permissions are not an issue because they can choose to only enable those that are required for the features they want to use. But for those on older versions of Android, they do not have the option to disable individual permissions. Several planned feature will require the use of dangerous permissions, particularly READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE. The concern is that websites will be able to take advantage of 0-day flaws in WebView to abuse the user’s phone through the use of these permissions.

My thought is to implement all the planned features that don’t require dangerous permissions before implementing those that do. Hopefully, by that time more people will have devices that run at least Android 6.0. Privacy Browser 1.8 runs on Android KitKat (4.4, API 19) and newer. According to the July 2016 Android Dashboard, 78.5% of devices that access the Google Play Store are running Android 4.4 or newer. Of the group that can install Privacy Browser, only 16.9% (13.3 / 78.5) are running Android 6.0. I would like to see that number closer to 50% before implementing features with dangerous permissions.

Android Dashboard

Early adopters of Privacy Browser tend to be a more technologically savvy group and have more advanced hardware than the average Android user. The Google Play Store provides summary installation information that shows that 41.67% of current Privacy Browser installations and 33.33% of Privacy Browser Free installations are on devices running Android 6.0. These numbers only represent installations throught the Google Play Store, which doesn’t account for the few installations through the Amazon Marketplace or what I am assuming are the fairly large number of installations through F-Droid.

Last updated


6 responses to “Privacy Browser 1.8”

  1. Hello and great browser!
    I also use a browser with tor inside (fire.onion) who ask in the settings if you want “downloads” and “external storage”. I suppose it’s another form to avoid some dangerous permissions when the user chooses to use it or not, but I’m not sure if it helps you.
    Great to read about the font size and ssl certificate controls. I love this browser and what you’re doing.
    Cheers!

    • Unfortunately, for Android versions < 6.0, even if an app tries to disable permissions in the settings, they are still declared in the manifest file and are still granted to the app. If a website is able to compromise the app through an exploit in the rendering or JavaScript engines, it can then use those permissions to do nefarious things. So for Android versions < 6.0 this only provides the illusion of security. For Android versions >= 6.0 this does provide increased security because unless the user enables these options in the settings the app will never request the permissions and the user will not accidentally grant them without understanding the implications.

  2. […] Downloaded files are now saved under /sdcard/Android/data/com.stoutner.privacybrowser.standard/files, which is accessible by other programs.  In the future, downloads will default to /sdcard/Download, and the path will be user selectable, but doing so requires the WRITE_EXTERNAL_STORAGE permission, which I am not yet prepared to add. […]