I just came across an interesting observation: According to the tool Exodus, Orfox (Tor browser for Android) contains 4 trackers:

- Adjust
- Google Ads
- Google DoubleClick
- Google Firebase Analytics

I uploaded the F-Droid version to

This test shows 18 connections to different websites (mostly owned by Mozilla).


This is a proof-of-concept on how the SYSTEM_ALERT_WINDOW Android permission can be used by malicious software to intercept user interaction.

@ordinarylava The F-Droid version is directly provided by afaik, so it's very likely that it also contains these files. The Orfox apk on contains the trackers.

The big question here is whether these java files are "just" included due to the building process of the apk or/and whether the trackers are enabled.

Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.