Follow

I just came across an interesting observation: According to the tool Exodus, Orfox (Tor browser for Android) contains 4 trackers:

- Adjust
- Google Ads
- Google DoubleClick
- Google Firebase Analytics

reports.exodus-privacy.eu.org/

guardianproject.info/apps/orfo

I uploaded the F-Droid version to htbridge.com:

htbridge.com/mobile/?id=AiAuWm

This test shows 18 connections to different websites (mostly owned by Mozilla).

@infosechandbook

This is a proof-of-concept on how the SYSTEM_ALERT_WINDOW Android permission can be used by malicious software to intercept user interaction.
github.com/noln/system-alert-w

@ordinarylava The F-Droid version is directly provided by guardianproject.info afaik, so it's very likely that it also contains these files. The Orfox apk on guardianproject.info contains the trackers.

The big question here is whether these java files are "just" included due to the building process of the apk or/and whether the trackers are enabled.

Sign in to participate in the conversation
Mastodon

mastodon.at is a microblogging site that federates with most instances on the Fediverse.