Opened 9 months ago

Last modified 3 days ago

#26318 new enhancement

TBA - Consider different installation methods

Reported by: sysrqb Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, TBA-8.5, TorBrowserTeam201903, tbb-8.5, tbb-parity
Cc: igt0, gk, dmr, jan@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor8

Description

Following from #26242, we must decide how we will distribute this app for initial download and installation.

1) Marketplaces (Google Play Store, F-Droid, etc.)
2) Direct download
3) ...?

We can't only rely on the marketplaces, because those are blocked on some networks. We can use the same mechanisms (such as gettor) for distributing TBA. One major difference on Android (when compared with desktop) is the difficulty with which a user can verify the downloaded blob is authentic. Simply checking the cryptographic signature is not easy, and bootstrapping trust is not as easy here. Have any other project solved this in a way we can use?

Child Tickets

TicketTypeStatusOwnerSummary
#27539enhancementnewtbb-teamCreate plan for releasing on F-Droid

Change History (19)

comment:1 Changed 9 months ago by igt0

There are few checks we can do, this article describes few of them:

https://www.airpair.com/android/posts/adding-tampering-detection-to-your-android-app

comment:2 Changed 9 months ago by igt0

I have been thinking about this problem for some time and I propose two things:

  1. Add in the onboarding a link to the wiki about how to validate the APK.
  1. Add a button in the TBA menu called "Validate App". When the user clicks on it, TBA fetchs a json from the onion service with information about what is the current version and signin certificate and checks if the current certificate is the same of the installed app. We also should tech the user that this approach doesn't work if the app is tampered.

sysrqb, GeKo: any thoughts?

comment:3 Changed 9 months ago by dmr

Cc: dmr added

comment:4 Changed 9 months ago by dmr

F-Droid client (specifically Bazaar) is a great "offline" app store.

I haven't follow the progress of the project in a while, but it does allow for these sorts of things:

  • peer-to-peer app distribution over wifi
  • peer-to-peer app distribution over bluetooth
  • peer-to-peer app distribution over NFC, Android Beam
  • peer-to-peer app verification
  • .onion repos
  • sharing repo identities in person

Not the client, but also part of the F-Droid ecosystem:

  • trusted repos created with Repomaker, a web-based UI (not yet ready for production)

While arguably we can't get everyone to use F-Droid, I just wanted to point out that they have designed it much with these use cases and problems in mind.
I believe we should focus some resources on educating users about these peer-to-peer options, so that they can leverage existing trust relationships within communities.

References:

It's worth noting that The Guardian Project has F-Droid repos on multiple distribution channels/platforms:

  • direct HTTPS
  • .onion
  • AWS S3 (so provides the collateral censorship-resistance properties akin to domain fronting)

On a different note, there is also the App Updater / update detector framework that may be of use for non-F-Droid devices (iiuc):

It's not necessarily relevant for the first download/install, but it may be helpful nonetheless in the broader scope of things.

comment:5 Changed 9 months ago by sysrqb

Parent ID: #26531

Required for first alpha.

comment:6 Changed 6 months ago by sysrqb

Keywords: TBA-a2 added
Parent ID: #26531

We have Google Play and direct download complete. Let's decide on how we accomplish the remaining tasks.

Moving to second-alpha TBA keyword.

comment:7 Changed 6 months ago by gk

Keywords: TorBrowserTeam201810 added

Putting on October radar.

comment:8 Changed 4 months ago by gk

Keywords: TorBrowserTeam201811 added; TorBrowserTeam201810 removed

Moving our tickets to November.

comment:9 Changed 4 months ago by pili

Sponsor: Sponsor8

comment:10 Changed 3 months ago by gk

Keywords: TorBrowserTeam201812 added; TorBrowserTeam201811 removed

Moving our tickets to December.

comment:11 Changed 3 months ago by gk

Keywords: TBA-a3 added

Setting tag for third Tor Browser for Android alpha milestone.

comment:12 Changed 3 months ago by gk

Keywords: TBA-a2 removed

We are beyond TBA-a2, TBA-a3 is the new black.

comment:13 Changed 3 months ago by darkspirit

Cc: jan@… added

comment:14 Changed 2 months ago by gk

Keywords: TorBrowserTeam201901 added; TorBrowserTeam201812 removed

Moving tickets to Jan 2019.

comment:15 Changed 6 weeks ago by gk

Keywords: TorBrowserTeam201902 added; TorBrowserTeam201901 removed

Moving tickets to February.

comment:16 Changed 5 weeks ago by gk

Keywords: TBA-8.5 added; TBA-a3 removed

Move tickets out of TBA-a3 into TBA-stable.

comment:17 Changed 11 days ago by gk

Keywords: TorBrowserTeam201903 added; TorBrowserTeam201902 removed

Moving remaining tickets to March.

comment:18 Changed 11 days ago by gk

Keywords: tbb-8.5 added

Tickets on our radar for 8.5

comment:19 Changed 3 days ago by gk

Keywords: tbb-parity added

tbb-parity items.

Note: See TracTickets for help on using tickets.