Opened 2 years ago

Last modified 13 months ago

#26318 new enhancement

TBA - Consider different installation methods

Reported by: sysrqb Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, tbb-8.5, tbb-parity, TorBrowserTeam201907
Cc: igt0, gk, dmr, jan@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor8


Following from #26242, we must decide how we will distribute this app for initial download and installation.

1) Marketplaces (Google Play Store, F-Droid, etc.)
2) Direct download
3) ...?

We can't only rely on the marketplaces, because those are blocked on some networks. We can use the same mechanisms (such as gettor) for distributing TBA. One major difference on Android (when compared with desktop) is the difficulty with which a user can verify the downloaded blob is authentic. Simply checking the cryptographic signature is not easy, and bootstrapping trust is not as easy here. Have any other project solved this in a way we can use?

Child Tickets

#27539enhancementacceptedsysrqbCreate plan for releasing on F-Droid

Change History (24)

comment:1 Changed 2 years ago by igt0

There are few checks we can do, this article describes few of them:

comment:2 Changed 2 years ago by igt0

I have been thinking about this problem for some time and I propose two things:

  1. Add in the onboarding a link to the wiki about how to validate the APK.
  1. Add a button in the TBA menu called "Validate App". When the user clicks on it, TBA fetchs a json from the onion service with information about what is the current version and signin certificate and checks if the current certificate is the same of the installed app. We also should tech the user that this approach doesn't work if the app is tampered.

sysrqb, GeKo: any thoughts?

comment:3 Changed 2 years ago by dmr

Cc: dmr added

comment:4 Changed 2 years ago by dmr

F-Droid client (specifically Bazaar) is a great "offline" app store.

I haven't follow the progress of the project in a while, but it does allow for these sorts of things:

  • peer-to-peer app distribution over wifi
  • peer-to-peer app distribution over bluetooth
  • peer-to-peer app distribution over NFC, Android Beam
  • peer-to-peer app verification
  • .onion repos
  • sharing repo identities in person

Not the client, but also part of the F-Droid ecosystem:

  • trusted repos created with Repomaker, a web-based UI (not yet ready for production)

While arguably we can't get everyone to use F-Droid, I just wanted to point out that they have designed it much with these use cases and problems in mind.
I believe we should focus some resources on educating users about these peer-to-peer options, so that they can leverage existing trust relationships within communities.


It's worth noting that The Guardian Project has F-Droid repos on multiple distribution channels/platforms:

  • direct HTTPS
  • .onion
  • AWS S3 (so provides the collateral censorship-resistance properties akin to domain fronting)

On a different note, there is also the App Updater / update detector framework that may be of use for non-F-Droid devices (iiuc):

It's not necessarily relevant for the first download/install, but it may be helpful nonetheless in the broader scope of things.

comment:5 Changed 2 years ago by sysrqb

Parent ID: #26531

Required for first alpha.

comment:6 Changed 2 years ago by sysrqb

Keywords: TBA-a2 added
Parent ID: #26531

We have Google Play and direct download complete. Let's decide on how we accomplish the remaining tasks.

Moving to second-alpha TBA keyword.

comment:7 Changed 22 months ago by gk

Keywords: TorBrowserTeam201810 added

Putting on October radar.

comment:8 Changed 21 months ago by gk

Keywords: TorBrowserTeam201811 added; TorBrowserTeam201810 removed

Moving our tickets to November.

comment:9 Changed 21 months ago by pili

Sponsor: Sponsor8

comment:10 Changed 20 months ago by gk

Keywords: TorBrowserTeam201812 added; TorBrowserTeam201811 removed

Moving our tickets to December.

comment:11 Changed 20 months ago by gk

Keywords: TBA-a3 added

Setting tag for third Tor Browser for Android alpha milestone.

comment:12 Changed 20 months ago by gk

Keywords: TBA-a2 removed

We are beyond TBA-a2, TBA-a3 is the new black.

comment:13 Changed 20 months ago by darkspirit

Cc: jan@… added

comment:14 Changed 19 months ago by gk

Keywords: TorBrowserTeam201901 added; TorBrowserTeam201812 removed

Moving tickets to Jan 2019.

comment:15 Changed 18 months ago by gk

Keywords: TorBrowserTeam201902 added; TorBrowserTeam201901 removed

Moving tickets to February.

comment:16 Changed 18 months ago by gk

Keywords: TBA-8.5 added; TBA-a3 removed

Move tickets out of TBA-a3 into TBA-stable.

comment:17 Changed 17 months ago by gk

Keywords: TorBrowserTeam201903 added; TorBrowserTeam201902 removed

Moving remaining tickets to March.

comment:18 Changed 17 months ago by gk

Keywords: tbb-8.5 added

Tickets on our radar for 8.5

comment:19 Changed 17 months ago by gk

Keywords: tbb-parity added

tbb-parity items.

comment:20 Changed 17 months ago by gk

Keywords: TBA-8.5 removed

comment:21 Changed 16 months ago by gk

Keywords: TorBrowserTeam201904 added; TorBrowserTeam201903 removed

Moving tickets to April.

comment:22 Changed 15 months ago by gk

Keywords: TorBrowserTeam201905 added; TorBrowserTeam201904 removed

Moving tickets to May

comment:23 Changed 14 months ago by gk

Keywords: TorBrowserTeam201906 added; TorBrowserTeam201905 removed

Moving tickets to June

comment:24 Changed 13 months ago by gk

Keywords: TorBrowserTeam201907 added; TorBrowserTeam201906 removed

Moving tickets to July

Note: See TracTickets for help on using tickets.