Don't let Android leak DNS queries

In #27431 (moved) and #27375 (moved), it was reported Android is leaking DNS requests. From [ticket:27431#comment:1 27431], in summary:

This is exactly what we feared. It looks like this is the result
of a bug within the Android core HTTP library. This leak is already
fixed in the more recent releases of Android. In particular, any
version after Android O (API 26+) should not leak DNS queries.

We should patch TBA so it relies on the Android core library as little as possible. We don't need the fancy optimizations Android provide with request pools and such, so I think we can simply create and manage a proxy connection ourselves.

#27822 (moved) maybe related (but there isn't enough info available).

added TorBrowserTeam201810R component::applications/tor browser owner::tbb-team parent::5709 priority::immediate resolution::fixed severity::normal sponsor::8 status::closed tbb-mobile tbb-proxy-bypass type::defect labels

-I made comment in #27822 (moved) and indeed i was using android o sdk 27 -so again i tested tor on android 7.1 -dns leaks on 7.1 -latest alpha leaks dns -but orfox is running fine does not leaks dns at all

Trac:
Username: new_user

Trac:
Keywords: N/A deleted, tbb-proxy-bypass added
Priority: Very High to Immediate

I have branch 28125 on my public repo. I haven't confirmed it prevents all leaks, yet (but it should). It simply prevents all non-Necko connections. A better patch will take some more time.

Trac:
Status: new to needs_review

Replying to new_user:

-I made comment in #27822 (moved) and indeed i was using android o sdk 27 -so again i tested tor on android 7.1 -dns leaks on 7.1 -latest alpha leaks dns -but orfox is running fine does not leaks dns at all

Are you using a physical device or an emulator?

Trac:
Keywords: N/A deleted, TorBrowserTeam201810R added

@sysrqb yes i used real device in all tests

and this app- https://f-droid.org/en/packages/org.adaway/

did not captured whole packet just dns.

although we can use binary for full capture witch comes with lineage os or you can install [https://f-droid.org/en/packages/com.termux/] and use tcpdump with root.

Trac:
Username: new_user

and one question why orfox was not leaking dns or my test was flawed??

i am just an end user, so wanna know expert's opinion should i continue to use orfox

Trac:
Username: new_user

Replying to sysrqb:

I have branch 28125 on my public repo. I haven't confirmed it prevents all leaks, yet (but it should). It simply prevents all non-Necko connections. A better patch will take some more time.

Looks good to me. Do we have an understanding about what those changes break (we'd need to mention that at least in our blog post).

igt0: could you give it a round of testing on your devices, so we can start getting the Firefox security updates to android.

Replying to new_user:

and one question why orfox was not leaking dns or my test was flawed??

i am just an end user, so wanna know expert's opinion should i continue to use orfox

Yes, Orfox uses a different Proxy type (HTTP CONNECT, instead of SOCKS5).

For all my tests I have been using a real device connected to my computer and I am using mitmproxy(https://mitmproxy.org/) to debug http(s) protocol and wireshark for non tls stuff.

mobile/android/geckoview/src/thirdparty/java/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java Steps:

1. Open https://bitmovin-a.akamaihd.net/content/MI201109210084_1/m3u8s/f08e80da-bf1d-4e3d-8899-f0f6155f6efa.m3u8 or https://content.jwplatform.com/manifests/yp34SRmf.m3u8
2. Look for connections to both URLs.

Result: I was not able to verify any connection open for those URLs.

mobile/android/base/java/org/mozilla/gecko/updater/UpdateService.java

Test cases:

1. Enabled MOZ_UPDATER
2. Click in the check for updates button
3. Verify if any connection was made to the update URL

Result: No request was made

mobile/android/base/java/org/mozilla/gecko/CrashReporter.java Not able to test.

mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java

It is disabled in our prefs and we don't plan to enable soon. So I didn't test it.

Great, thanks! I think the most noticeable change resulting from this patch is that favicons are not downloaded.

The patch prevents connections for the following functionality:

• Sending Crash reports (already disabled) - CrashReporter.java
• Search suggestions (SuggestClient.java)
• Pocket (already broken, needs API key) - PocketStoriesLoader.java
• After installation from Google Play (under certain conditions) - Distribution.java
• Downloadable Content (Disabled at compile time) - dlc/BaseAction.java
• Top/Suggested Sites - ImageLoader.java
• (Fav)Icon download per tab - IconDownloader.java
• Region-specific search engine (always default in TBA because missing API key) - SearchEngineManager.java
• Download A/B testing framework config (already disabled) - Switchboard.java

As a result, the newly broken functionality includes Image downloading for Top/Suggested sites and favicon download.

Okay, the broken functionality is not great but I think we should pick what we have. commit 2c4b103cfef5eafe276713478abf8bd1db057730 on tor-browser.60.3.0esr-8.5-1 has the fix.

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

More Sponsor8 items.

Trac:
Sponsor: N/A to Sponsor8

closed

mentioned in issue #28756 (moved)

mentioned in issue #29859 (moved)

mentioned in issue #30139 (moved)

mentioned in issue #30140 (moved)

mentioned in issue #30668 (moved)

mentioned in issue #31934 (moved)

moved to tpo/applications/tor-browser#28125 (closed)

mentioned in issue tpo/applications/tor-browser#30139

mentioned in issue tpo/applications/tor-browser#30140

mentioned in issue tpo/applications/tor-browser#31934 (closed)