It is time to update to a stronger signing key for your Android app! The old default RSA 1024-bit key is weak and officially deprecated. What? The Android OS requires that every application installed be signed by a digital key. The purpose behind this signature is to identify the author of the application, allow this author and this author alone…
Category: Research
First Reproducible Builds Summit
I was just in Athens for the “Reproducible Builds Summit“, an Aspiration-run meeting focused on the issues of getting all software builds to be reproducible. This means that anyone starting with the same source code can build the exact same binary, bit-for-bit. At first glance, it sounds like this horrible, arcane detail, which it is really. But it provides tons…
Orfox: Aspiring to bring Tor Browser to Android
Update 24 September, 2015: Orfox BETA is now on Google Play: https://play.google.com/store/apps/details?id=info.guardianproject.orfox In the summer of 2014 (https://lists.mayfirst.org/pipermail/guardian-dev/2014-August/003717.html), we announced that the results of work by Amogh Pradeep (https://github.com/amoghbl1), our 2014 Google Summer of Code student, has proven we could build Firefox for Android with some of the settings and configurations from the Tor Browser desktop software. We called this…
Recent news on Orweb flaws
August 2014: New browser development news here, including Orfox, our Firefox-based browser solution: https://lists.mayfirst.org/pipermail/guardian-dev/2014-August/003717.html On Saturday, a new post was relased by Xordern entitled IP Leakage of Mobile Tor Browsers. As the title says, the post documents flaws in mobile browser apps, such as Orweb and Onion Browser, both which automatically route communication traffic over Tor. While we appreciate the…
Improving trust and flexibility in interactions between Android apps
Android provides a flexible system of messaging between apps in the form of Intents. It also provides the framework for reusing large chunks of apps based on the Activity class. Intents are the messages that make the requests, and Activitys are the basic chunk of functionality in an app, including its interface. This combination allows apps to reuse large chunks…