I just came across an interesting observation: According to the tool Exodus, Orfox (Tor browser for Android) contains 4 trackers:
- Google Ads
- Google DoubleClick
- Google Firebase Analytics
I uploaded the F-Droid version to htbridge.com:
This test shows 18 connections to different websites (mostly owned by Mozilla).
This is a proof-of-concept on how the SYSTEM_ALERT_WINDOW Android permission can be used by malicious software to intercept user interaction.
@infosechandbook is the f-droid version affected too?
@ordinarylava The F-Droid version is directly provided by guardianproject.info afaik, so it's very likely that it also contains these files. The Orfox apk on guardianproject.info contains the trackers.
The big question here is whether these java files are "just" included due to the building process of the apk or/and whether the trackers are enabled.
mastodon.at is a microblogging site that federates with most instances on the Fediverse.