infosec-handbook.eu is a user on mastodon.at. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

infosec-handbook.eu @infosechandbook@mastodon.at

Interestingly, the latest Orfox apk from guardianproject.info also contains Google Ads, DoubleClick and Adjust in its java files:

privatebin.net/?6574f3bd0dcce1

I uploaded the F-Droid version to htbridge.com:

htbridge.com/mobile/?id=AiAuWm

This test shows 18 connections to different websites (mostly owned by Mozilla).

I just came across an interesting observation: According to the tool Exodus, Orfox (Tor browser for Android) contains 4 trackers:

- Adjust
- Google Ads
- Google DoubleClick
- Google Firebase Analytics

reports.exodus-privacy.eu.org/

guardianproject.info/apps/orfo

Compromised packages on the Arch User Repository (AUR) so far:

* acroread 9.5.5-8
* balz 1.20-3
* minergate 8.1-2

Source: lists.archlinux.org/pipermail/