audit or disable Apple HLS implementation on Android

[mcs]

As of Firefox 59, Apple's HTTPS Live Streaming (HLS) protocol is supported on Android for both audio and video. We should audit this or at least look at how it is implemented, and possible disable it. Mozilla says: "There is not currently any plan to implement it on Firefox Desktop." See:

​​https://bugzilla.mozilla.org/show_bug.cgi?id=577084

[gk]

It seems there are already proxy bypasses found in this implementation, see: #26028. igt0: do you think we should keep this enabled with your fix or is there more that's an issue?

[gk]

Bumping prio.

[igt0]

When looking the code I looked for:

• proxy bypasses: the browser implementation uses just the http implementation and it has a proxy bypass, this one is fixed, we just need to backport to FF60.

• disk avoidance: I wanted to make sure if the player stores any data in the disk and it does, however, it stores the data in the app internal cache using the android context.getCacheDir method. The internal cache can not be accessed by other apps and it has a short life span.

• fingerprinting: I looked for locale and screen size leaks, and the HLS implementation doesn't leak them. All the text and video selections happen in the app side. The browser doesn't send any data to the server.

So I would say yes we can enable it.

[gk]

Great, so we are done here.

[gk]

Sponsor8 in July 2018.