Opened 6 months ago

Last modified 4 months ago

#33939 new task

Decide which components of Fenix to rip out, disable, or use

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, TorBrowserTeam202006
Cc: sysrqb, boklm Actual Points:
Parent ID: #33661 Points:
Reviewer: Sponsor: Sponsor58-must

Description

One thing we are struggling with when trying to write proper patches for building various parts of Fenix is that it's not clear yet which components we want to rip out/disable/use.

E.g. there are a number of things we might want to rip out of android-components (comment:4:ticket:33156) or maybe not, it's not clear. We have already a separate bug (#33594) to figure out what we should do with Glean.

So, in this ticket we should look over the various components involved and decide

a) which to rip (fully) out at build time
b) disable at run time

and document the reasoning (maybe that could be part of our release prep process documentation).

I think by default we should enable everything for usability reasons and disable potentially fingerprinting/tracking features where we don't have patches (yet) and rip out outright dangerous ones if we don't find a better solution. That's a similar method we follow for desktop audits.

Child Tickets

Change History (17)

comment:1 Changed 6 months ago by gk

Oh, and this is not just about ripping out/disabling things in android-components. We need to look at application-services, too, which android-components (and fenix) depend upon.

comment:2 Changed 5 months ago by sysrqb

Let's see. This is the initial pass over Fenix dependencies. It doesn't make any judgement about which features we should keep/disable/rip-out. It does not look at how these features are used within Fenix and which functionality within Fenix should be modified. These will come in later comments.

Based on Fenix (commit 3c29cb9f72cae1b3c425477750f718f912ff9b45) includes:
(git grep -n Deps\. | grep -o Deps\..*, and then manually filter out tests and duplicates, then resolving the aliases in buildSrc/src/main/java/Dependencies.kt)

# GeckoView
mozilla_browser_engine_gecko_nightly -> org.mozilla.components:browser-engine-gecko-nightly
mozilla_browser_engine_gecko_beta -> org.mozilla.components:browser-engine-gecko-beta

# Kotlin std library
kotlin_stdlib -> org.jetbrains.kotlin:kotlin-stdlib-jdk7

# Import/enable coroutine functionality in Kotlin
kotlin_coroutines -> org.jetbrains.kotlinx:kotlinx-coroutines-core
kotlin_coroutines_android -> org.jetbrains.kotlinx:kotlinx-coroutines-android

# AndroidX compatibility libraries
androidx_appcompat -> androidx.appcompat:appcompat
androidx_constraintlayout -> androidx.constraintlayout:constraintlayout
androidx_coordinatorlayout -> androidx.coordinatorlayout:coordinatorlayout

# Error/crash monitoring
sentry -> io.sentry:sentry-android

# Dynamically (?) creates license list
osslicenses_library -> com.google.android.gms:play-services-oss-licenses

# Customer engagement (with Firebase Cloud Messaging)
leanplum_core -> com.leanplum:leanplum-core
leanplum_fcm -> com.leanplum:leanplum-fcm

# High-level descriptions/contracts of a browser engine
mozilla_concept_engine -> org.mozilla.components:concept-engine

# High-level descriptions/contracts of a push service component
mozilla_concept_push -> org.mozilla.components:concept-push

# High-level descriptions/contracts of a storage layer
mozilla_concept_storage -> org.mozilla.components:concept-storage

# High-level descriptions/contracts of a data synchronization service component
mozilla_concept_sync -> org.mozilla.components:concept-sync

# High-level descriptions/contracts of a browser toolbar
mozilla_concept_toolbar -> org.mozilla.components:concept-toolbar

# High-level descriptions/contracts of a tabs tray component
mozilla_concept_tabstray -> org.mozilla.components:concept-tabstray

# A customizable Awesome Bar implementation for browsers
mozilla_browser_awesomebar -> org.mozilla.components:browser-awesomebar

# Feature implementation for apps that want to use Android downloads manager
mozilla_feature_downloads -> org.mozilla.components:feature-downloads

# APIs for managing localized and customizable domain lists
mozilla_browser_domains -> org.mozilla.components:browser-domains

# A customizable tabs tray for browsers implementation
mozilla_browser_tabstray -> org.mozilla.components:browser-tabstray

# An implementation for loading and storing website icons (like favicons)
mozilla_browser_icons -> org.mozilla.components:browser-icons

# A generic menu implementation with customizable items
mozilla_browser_menu -> org.mozilla.components:browser-menu

# Search plugins and companion code to load, parse and use them
mozilla_browser_search -> org.mozilla.components:browser-search

# A generic representation of a browser Session and a SessionManager to link browser sessions to underlying Engine Sessions and SessionStorage
mozilla_browser_session -> org.mozilla.components:browser-session

# Maintains the centralized state of a browser engine
mozilla_browser_state -> org.mozilla.components:browser-state

# A syncable implementation of `concept-storage` backed by application-services' Places lib
mozilla_browser_storage_sync -> org.mozilla.components:browser-storage-sync

# A customizable toolbar for browsers                                                                                                                                                                       
mozilla_browser_toolbar -> org.mozilla.components:browser-toolbar

# Contains building blocks for features implemented as web extensions
mozilla_support_extensions -> org.mozilla.components:support-webextensions

# Provides functionality for managing add-ons
mozilla_feature_addons -> org.mozilla.components:feature-addons

# Ties together an FxaAccountManager with the tabs feature, to facilitate OAuth authentication flows managed by the account manager
mozilla_feature_accounts -> org.mozilla.components:feature-accounts

# Support opening non-browser apps and `intent://` style URLs
mozilla_feature_app_links -> org.mozilla.components:feature-app-links

# Connects a concept-awesomebar implementation to a concept-toolbar implementation and provides implementations of various suggestion providers
mozilla_feature_awesomebar -> org.mozilla.components:feature-awesomebar

# Displaying context menus when *long-pressing* web content
mozilla_feature_contextmenu -> org.mozilla.components:feature-contextmenu

# Providing Custom Tabs functionality in browsers
mozilla_feature_customtabs -> org.mozilla.components:feature-customtabs

# Provides intent processing functionality by combining various other feature modules
mozilla_feature_intent -> org.mozilla.components:feature-intent

# Provides website media related features
mozilla_feature_media -> org.mozilla.components:feature-media

# Handles common prompt dialogs from web content like select, option and menu html elements
mozilla_feature_prompts -> org.mozilla.components:feature-prompts

# Implements push notifications with a supported push service
mozilla_feature_push -> org.mozilla.components:feature-push

# Implementation for Progressive Web Apps (PWA)
mozilla_feature_pwa -> org.mozilla.components:feature-pwa

# Provides functionality for scanning QR codes
mozilla_feature_qr -> org.mozilla.components:feature-qr

# Connects an (concept) engine implementation with the browser search module
mozilla_feature_search -> org.mozilla.components:feature-search

# Connects an (concept) engine implementation with the browser session module
mozilla_feature_session -> org.mozilla.components:feature-session

# Connects a (concept) toolbar implementation with the browser session module
mozilla_feature_toolbar -> org.mozilla.components:feature-toolbar

# Connects a trabs tray implementation with the session and toolbar modules
mozilla_feature_tabs -> org.mozilla.components:feature-tabs

# Provides Find in Page functionality
mozilla_feature_findinpage -> org.mozilla.components:feature-findinpage

# Shows site permission request prompts
mozilla_feature_site_permissions -> org.mozilla.components:feature-sitepermissions

# Wraps/Provides a Reader View WebExtension
mozilla_feature_readerview -> org.mozilla.components:feature-readerview

# Implementation for saving, restoring and organizing collections of tabs
mozilla_feature_tab_collections -> org.mozilla.components:feature-tab-collections

# Implementation for saving and removing top sites
mozilla_feature_top_sites -> org.mozilla.components:feature-top-sites

# Implementation for saving and sorting recent apps used for sharing
mozilla_feature_share -> org.mozilla.components:feature-share

# Sends tabs to other devices with a registered FxA Account
mozilla_feature_accounts_push -> org.mozilla.components:feature-accounts-push

# Website-hotfixing via the Web Compatibility System-Addon
mozilla_feature_webcompat -> org.mozilla.components:feature-webcompat                                                                                                                                       

# Displays web notifications
mozilla_feature_webnotifications -> org.mozilla.components:feature-webnotifications

# Integrating with Firefox Sync - Logins
mozilla_service_sync_logins -> org.mozilla.components:service-sync-logins

# Integrating with Firefox Accounts
mozilla_service_firefox_accounts -> org.mozilla.components:service-firefox-accounts

# Client-side telemetry SDK for collecting metrics and sending them to Mozilla's telemetry service
mozilla_service_glean -> org.mozilla.components:service-glean

# SDK for running experiments on user segments in multiple branches
mozilla_service_experiments -> org.mozilla.components:service-experiments

# Accessing Mozilla's and other location services
mozilla_service_location -> org.mozilla.components:service-location

# Base or core component containing building blocks and interfaces for other components
mozilla_support_base -> org.mozilla.components:support-base

# A set of (Mozilla) Kotlin extensions on top of the Android framework and Kotlin standard library
mozilla_support_ktx -> org.mozilla.components:support-ktx

# Enables logging from Rust code.
mozilla_support_rustlog -> org.mozilla.components:support-rustlog

# Generic utility classes to be shared between projects.
mozilla_support_utils -> org.mozilla.components:support-utils 

# Allow apps to change the system defined language by their custom one
mozilla_support_locale -> org.mozilla.components:support-locale

# Helper code to migrate from a Fennec-based (Firefox for Android) app to an Android Components based app
mozilla_support_migration -> org.mozilla.components:support-migration

# The standard set of Photon colors
mozilla_ui_colors -> org.mozilla.components:ui-colors

# A collection of often used browser icons.
mozilla_ui_icons -> org.mozilla.components:ui-icons

# A library for reading and using the Public Suffix List.
mozilla_ui_publicsuffixlist -> org.mozilla.components:lib-publicsuffixlist

# A generic crash reporter component that can report crashes to multiple services
mozilla_lib_crash -> org.mozilla.components:lib-crash

# A concept-push implementation using Firebase Cloud Messaging (FCM)
mozilla_lib_push_firebase -> org.mozilla.components:lib-push-firebase

# A component using AndroidKeyStore to protect user data
mozilla_lib_dataprotect -> org.mozilla.components:lib-dataprotect

# More AndroidX compatibility libraries
androidx_legacy -> androidx.legacy:legacy-support-v4
androidx_biometric -> androidx.biometric:biometric
androidx_paging -> androidx.paging:paging-runtime-ktx
androidx_preference -> androidx.preference:preference-ktx
androidx_fragment -> androidx.fragment:fragment-ktx
androidx_navigation_fragment -> androidx.navigation:navigation-fragment-ktx
androidx_navigation_ui -> androidx.navigation:navigation-ui
androidx_recyclerview -> androidx.recyclerview:recyclerview
androidx_lifecycle_livedata -> androidx.lifecycle:lifecycle-livedata-ktx
androidx_lifecycle_runtime -> androidx.lifecycle:lifecycle-runtime-ktx
androidx_lifecycle_viewmodel -> androidx.lifecycle:lifecycle-viewmodel-ktx
androidx_core -> androidx.core:core
androidx_core_ktx -> androidx.core:core-ktx
androidx_transition -> androidx.transition:transition                                                                                                                                                       
androidx_work_ktx -> androidx.work:work-runtime-ktx

# Material Components for Android
google_material -> com.google.android.material

# Provides similar capabilities of CSS Flexible Box Layout Module
google_flexbox -> com.google.android:flexbox

# Renders After Effects animations in real time
lottie -> com.airbnb.android:lottie

# Mobile measurement and fraud prevention (tracks app installation)
adjust -> com.adjust.sdk:adjust-android

# Install Referrer
installreferrer // Required by Adjust -> com.android.installreferrer:installreferrer

# Obtain the Google Advertising ID from the device for use as a unique telemetry identifier
google_ads_id // Required for the Google Advertising ID -> com.google.android.gms:play-services-ads-identifier

comment:3 in reply to:  2 ; Changed 5 months ago by sysrqb

The follow list partitions the dependencies into "include", "exclude", "disable", and "must-audit" sets

"Must Audit" includes dependencies that we could allow depending on their implementation

"Disable" includes dependencies that we probably do not want and we should always use "Dummy" implementations

"Disable" and "Exclude" may merge into a single set.

Include

> # GeckoView
> mozilla_browser_engine_gecko_nightly -> org.mozilla.components:browser-engine-gecko-nightly
> mozilla_browser_engine_gecko_beta -> org.mozilla.components:browser-engine-gecko-beta
> 
> # Kotlin std library
> kotlin_stdlib -> org.jetbrains.kotlin:kotlin-stdlib-jdk7
> 
> # Import/enable coroutine functionality in Kotlin
> kotlin_coroutines -> org.jetbrains.kotlinx:kotlinx-coroutines-core
> kotlin_coroutines_android -> org.jetbrains.kotlinx:kotlinx-coroutines-android
>
> # AndroidX compatibility libraries
> androidx_appcompat -> androidx.appcompat:appcompat 
> androidx_constraintlayout -> androidx.constraintlayout:constraintlayout
> androidx_coordinatorlayout -> androidx.coordinatorlayout:coordinatorlayout
> 
> # Dynamically (?) creates license list
> osslicenses_library -> com.google.android.gms:play-services-oss-licenses
> 
> # High-level descriptions/contracts of a browser engine
> mozilla_concept_engine -> org.mozilla.components:concept-engine
> 
> # High-level descriptions/contracts of a storage layer
> mozilla_concept_storage -> org.mozilla.components:concept-storage
>
> # High-level descriptions/contracts of a browser toolbar
> mozilla_concept_toolbar -> org.mozilla.components:concept-toolbar
> 
> # High-level descriptions/contracts of a tabs tray component
> mozilla_concept_tabstray -> org.mozilla.components:concept-tabstray
> 
> # A customizable Awesome Bar implementation for browsers
> mozilla_browser_awesomebar -> org.mozilla.components:browser-awesomebar
> 
> # APIs for managing localized and customizable domain lists
> mozilla_browser_domains -> org.mozilla.components:browser-domains
> 
> # A customizable tabs tray for browsers implementation
> mozilla_browser_tabstray -> org.mozilla.components:browser-tabstray
> 
> # A generic menu implementation with customizable items
> mozilla_browser_menu -> org.mozilla.components:browser-menu
>                                                                                                                                                                                                           
> # Search plugins and companion code to load, parse and use them
> mozilla_browser_search -> org.mozilla.components:browser-search
>
> # A generic representation of a browser Session and a SessionManager to link browser sessions to underlying Engine Sessions and SessionStorage
> mozilla_browser_session -> org.mozilla.components:browser-session
> 
> # A customizable toolbar for browsers
> mozilla_browser_toolbar -> org.mozilla.components:browser-toolbar
> 
> # Contains building blocks for features implemented as web extensions
> mozilla_support_extensions -> org.mozilla.components:support-webextensions
> 
> # Provides functionality for managing add-ons
> mozilla_feature_addons -> org.mozilla.components:feature-addons
> 
> # Ties together an FxaAccountManager with the tabs feature, to facilitate OAuth authentication flows managed by the account manager
> mozilla_feature_accounts -> org.mozilla.components:feature-accounts
> 
> # Connects a concept-awesomebar implementation to a concept-toolbar implementation and provides implementations of various suggestion providers
> mozilla_feature_awesomebar -> org.mozilla.components:feature-awesomebar
> 
> # Displaying context menus when *long-pressing* web content
> mozilla_feature_contextmenu -> org.mozilla.components:feature-contextmenu
>
> # Providing Custom Tabs functionality in browsers
> mozilla_feature_customtabs -> org.mozilla.components:feature-customtabs
> 
> # Provides website media related features
> mozilla_feature_media -> org.mozilla.components:feature-media
> 
> # Handles common prompt dialogs from web content like select, option and menu html elements
> mozilla_feature_prompts -> org.mozilla.components:feature-prompts
> 
> # Connects an (concept) engine implementation with the browser search module
> mozilla_feature_search -> org.mozilla.components:feature-search
>                                                                                                                                                                                                           
> # Connects an (concept) engine implementation with the browser session module
> mozilla_feature_session -> org.mozilla.components:feature-session
>
> # Connects a (concept) toolbar implementation with the browser session module
> mozilla_feature_toolbar -> org.mozilla.components:feature-toolbar
> 
> # Connects a trabs tray implementation with the session and toolbar modules
> mozilla_feature_tabs -> org.mozilla.components:feature-tabs
> 
> # Provides Find in Page functionality
> mozilla_feature_findinpage -> org.mozilla.components:feature-findinpage
> 
> # Shows site permission request prompts
> mozilla_feature_site_permissions -> org.mozilla.components:feature-sitepermissions
> 
> # Wraps/Provides a Reader View WebExtension
> mozilla_feature_readerview -> org.mozilla.components:feature-readerview
> 
> # Implementation for saving, restoring and organizing collections of tabs
> mozilla_feature_tab_collections -> org.mozilla.components:feature-tab-collections
> 
> # Implementation for saving and removing top sites 
> mozilla_feature_top_sites -> org.mozilla.components:feature-top-sites
> 
> # Displays web notifications
> mozilla_feature_webnotifications -> org.mozilla.components:feature-webnotifications
> 
> # Base or core component containing building blocks and interfaces for other components
> mozilla_support_base -> org.mozilla.components:support-base
>
> # A set of (Mozilla) Kotlin extensions on top of the Android framework and Kotlin standard library
> mozilla_support_ktx -> org.mozilla.components:support-ktx
> 
> # Enables logging from Rust code.
> mozilla_support_rustlog -> org.mozilla.components:support-rustlog
> 
> # Generic utility classes to be shared between projects.
> mozilla_support_utils -> org.mozilla.components:support-utils 
> 
> # Allow apps to change the system defined language by their custom one
> mozilla_support_locale -> org.mozilla.components:support-locale
> 
> # The standard set of Photon colors
> mozilla_ui_colors -> org.mozilla.components:ui-colors
> 
> # A collection of often used browser icons.
> mozilla_ui_icons -> org.mozilla.components:ui-icons
> 
> # A library for reading and using the Public Suffix List.
> mozilla_ui_publicsuffixlist -> org.mozilla.components:lib-publicsuffixlist
>                                                                                                                                                                                                           
> # More AndroidX compatibility libraries
> androidx_legacy -> androidx.legacy:legacy-support-v4
> androidx_paging -> androidx.paging:paging-runtime-ktx
> androidx_preference -> androidx.preference:preference-ktx
> androidx_fragment -> androidx.fragment:fragment-ktx
> androidx_navigation_fragment -> androidx.navigation:navigation-fragment-ktx
> androidx_navigation_ui -> androidx.navigation:navigation-ui 
> androidx_recyclerview -> androidx.recyclerview:recyclerview
> androidx_lifecycle_livedata -> androidx.lifecycle:lifecycle-livedata-ktx
> androidx_lifecycle_runtime -> androidx.lifecycle:lifecycle-runtime-ktx
> androidx_lifecycle_viewmodel -> androidx.lifecycle:lifecycle-viewmodel-ktx
> androidx_core -> androidx.core:core
> androidx_core_ktx -> androidx.core:core-ktx
> androidx_transition -> androidx.transition:transition
> androidx_work_ktx -> androidx.work:work-runtime-ktx
>
> # Material Components for Android
> google_material -> com.google.android.material
> 
> # Provides similar capabilities of CSS Flexible Box Layout Module
> google_flexbox -> com.google.android:flexbox
> 
> # Renders After Effects animations in real time
> lottie -> com.airbnb.android:lottie

Disable

> # Implements push notifications with a supported push service
> mozilla_feature_push -> org.mozilla.components:feature-push
> 
> # Feature implementation for apps that want to use Android downloads manager
> mozilla_feature_downloads -> org.mozilla.components:feature-downloads
> 
> # High-level descriptions/contracts of a push service component
> mozilla_concept_push -> org.mozilla.components:concept-push
> 
> # Client-side telemetry SDK for collecting metrics and sending them to Mozilla's telemetry service
> mozilla_service_glean -> org.mozilla.components:service-glean
> 
> # SDK for running experiments on user segments in multiple branches
> mozilla_service_experiments -> org.mozilla.components:service-experiments
> 

Must Audit

> # An implementation for loading and storing website icons (like favicons)
> mozilla_browser_icons -> org.mozilla.components:browser-icons
>
> # Maintains the centralized state of a browser engine
> mozilla_browser_state -> org.mozilla.components:browser-state
> 
> # A syncable implementation of `concept-storage` backed by application-services' Places lib
> mozilla_browser_storage_sync -> org.mozilla.components:browser-storage-sync
> 
> # High-level descriptions/contracts of a data synchronization service component
> mozilla_concept_sync -> org.mozilla.components:concept-sync> 
>
> # Provides functionality for scanning QR codes
> mozilla_feature_qr -> org.mozilla.components:feature-qr
>
> # Support opening non-browser apps and `intent://` style URLs
> mozilla_feature_app_links -> org.mozilla.components:feature-app-links
> 
> # Provides intent processing functionality by combining various other feature modules                                                                                                                     
> mozilla_feature_intent -> org.mozilla.components:feature-intent
> 
> # Implementation for saving and sorting recent apps used for sharing
> mozilla_feature_share -> org.mozilla.components:feature-share
> 
> # Sends tabs to other devices with a registered FxA Account
> mozilla_feature_accounts_push -> org.mozilla.components:feature-accounts-push
> 
> # Implementation for Progressive Web Apps (PWA)
> mozilla_feature_pwa -> org.mozilla.components:feature-pwa
> 
> # Website-hotfixing via the Web Compatibility System-Addon
> mozilla_feature_webcompat -> org.mozilla.components:feature-webcompat
> 
> # Integrating with Firefox Sync - Logins
> mozilla_service_sync_logins -> org.mozilla.components:service-sync-logins
> 
> # Integrating with Firefox Accounts
> mozilla_service_firefox_accounts -> org.mozilla.components:service-firefox-accounts
> 
> # Accessing Mozilla's and other location services
> mozilla_service_location -> org.mozilla.components:service-location
> 
> # A generic crash reporter component that can report crashes to multiple services
> mozilla_lib_crash -> org.mozilla.components:lib-crash
> 
> # Helper code to migrate from a Fennec-based (Firefox for Android) app to an Android Components based app
> mozilla_support_migration -> org.mozilla.components:support-migration
>
> # A concept-push implementation using Firebase Cloud Messaging (FCM)
> mozilla_lib_push_firebase -> org.mozilla.components:lib-push-firebase
> 
> # A component using AndroidKeyStore to protect user data
> mozilla_lib_dataprotect -> org.mozilla.components:lib-dataprotect
> 
> androidx_biometric -> androidx.biometric:biometric

Exclude (best-effort, many of these are disabled already due to missing API keys)

> # Error/crash monitoring
> sentry -> io.sentry:sentry-android
> 
> # Customer engagement (with Firebase Cloud Messaging)
> leanplum_core -> com.leanplum:leanplum-core
> leanplum_fcm -> com.leanplum:leanplum-fcm
> 
> # Mobile measurement and fraud prevention (tracks app installation)
> adjust -> com.adjust.sdk:adjust-android
> 
> # Install Referrer
> installreferrer // Required by Adjust -> com.android.installreferrer:installreferrer
>                                                                                                                                                                                                           
> # Obtain the Google Advertising ID from the device for use as a unique telemetry identifier
> google_ads_id // Required for the Google Advertising ID -> com.google.android.gms:play-services-ads-identifier
Last edited 5 months ago by sysrqb (previous) (diff)

comment:4 Changed 5 months ago by gaba

Sponsor: Sponsor58-must

comment:5 Changed 5 months ago by gk

Thanks, that's a good start. Two thoughts while skimming the list (I did not look carefully yet)

1) At least the progressive web apps (PWA) part should probably be in the Must Audit section. We even have a ticket for that already: #25845 :)

2) I was wondering how the dependencies those dependencies have would influence where we put them category-wise. So, starting with one layer seems good to me but I feel we might need to dig deeper to have a final assessment. One of the things I am already wary of is getting all the application-services parts roped in "for free". Not all components are probably needing that (I've not checked) but I bet some would move into the Must Audit part alone due to that. And there's probably other stuff that is bubbling in this morass, under the quiet surface... :)

Last edited 5 months ago by gk (previous) (diff)

comment:6 in reply to:  5 ; Changed 5 months ago by sysrqb

Replying to gk:

Thanks, that's a good start. Two thoughts while skimming the list (I did not look carefully yet)

1) At least the progressive web apps (PWA) part should probably be in the Must Audit section. We even have a ticket for that already: #25845 :)

That's probably a smart thing, yes. PWA is only available in non-private browsing mode in Fennec, but we should audit it in Fenix. Indeed, PWA is available in private browsing mode in Fenix...

2) I was wondering how the dependencies those dependencies have would influence where we put them category-wise. So, starting with one layer seems good to me but I feel we might need to dig deeper to have a final assessment. One of the things I am already wary of is getting all the application-services parts roped in "for free". Not all components are probably needing that (I've not checked) but I bet some would move into the Must Audit part alone due to that. And there's probably other stuff that is bubbling in this morass, under the quiet surface... :)

Ideally, we should audit everything, but I don't think that is realistic. We should quickly look at all components in the Include category and confirm they do not make any network calls or expose personal/device information. I placed them in this category purely based on my assumption of how these components are implemented.

I expect we'll spend a large amount of time auditing components within the Must Audit category because this includes the complex application services, and ripping out any of them will be painful.

Last edited 5 months ago by gk (previous) (diff)

comment:7 in reply to:  3 Changed 5 months ago by sysrqb

Parent ticket is #34324

Replying to sysrqb:

Must Audit

> # An implementation for loading and storing website icons (like favicons)
> mozilla_browser_icons -> org.mozilla.components:browser-icons

#34323

>
> # Maintains the centralized state of a browser engine
> mozilla_browser_state -> org.mozilla.components:browser-state

#34325

> 
> # A syncable implementation of `concept-storage` backed by application-services' Places lib
> mozilla_browser_storage_sync -> org.mozilla.components:browser-storage-sync

#34326

> 
> # High-level descriptions/contracts of a data synchronization service component
> mozilla_concept_sync -> org.mozilla.components:concept-sync> 

#34327

>
> # Provides functionality for scanning QR codes
> mozilla_feature_qr -> org.mozilla.components:feature-qr

#34328

>
> # Support opening non-browser apps and `intent://` style URLs
> mozilla_feature_app_links -> org.mozilla.components:feature-app-links

#34329

> 
> # Provides intent processing functionality by combining various other feature modules                                                                                                                     
> mozilla_feature_intent -> org.mozilla.components:feature-intent

#34330

> 
> # Implementation for saving and sorting recent apps used for sharing
> mozilla_feature_share -> org.mozilla.components:feature-share

#34331

> 
> # Sends tabs to other devices with a registered FxA Account
> mozilla_feature_accounts_push -> org.mozilla.components:feature-accounts-push

#34332

> 
> # Implementation for Progressive Web Apps (PWA)
> mozilla_feature_pwa -> org.mozilla.components:feature-pwa

#34333

> 
> # Website-hotfixing via the Web Compatibility System-Addon
> mozilla_feature_webcompat -> org.mozilla.components:feature-webcompat

#34334

> 
> # Integrating with Firefox Sync - Logins
> mozilla_service_sync_logins -> org.mozilla.components:service-sync-logins

#34335

> 
> # Integrating with Firefox Accounts
> mozilla_service_firefox_accounts -> org.mozilla.components:service-firefox-accounts

#34336

> 
> # Accessing Mozilla's and other location services
> mozilla_service_location -> org.mozilla.components:service-location

#34337

> 
> # A generic crash reporter component that can report crashes to multiple services
> mozilla_lib_crash -> org.mozilla.components:lib-crash

#34338

> 
> # Helper code to migrate from a Fennec-based (Firefox for Android) app to an Android Components based app
> mozilla_support_migration -> org.mozilla.components:support-migration

#34339

>
> # A concept-push implementation using Firebase Cloud Messaging (FCM)
> mozilla_lib_push_firebase -> org.mozilla.components:lib-push-firebase

#34340

> 
> # A component using AndroidKeyStore to protect user data
> mozilla_lib_dataprotect -> org.mozilla.components:lib-dataprotect

#34341

> 
> androidx_biometric -> androidx.biometric:biometric

#34342

comment:8 in reply to:  6 ; Changed 5 months ago by gk

Replying to sysrqb:

Replying to gk:

Thanks, that's a good start. Two thoughts while skimming the list (I did not look carefully yet)

1) At least the progressive web apps (PWA) part should probably be in the Must Audit section. We even have a ticket for that already: #25845 :)

That's probably a smart thing, yes. PWA is only available in non-private browsing mode in Fennec, but we should audit it in Fenix. Indeed, PWA is available in private browsing mode in Fenix...

2) I was wondering how the dependencies those dependencies have would influence where we put them category-wise. So, starting with one layer seems good to me but I feel we might need to dig deeper to have a final assessment. One of the things I am already wary of is getting all the application-services parts roped in "for free". Not all components are probably needing that (I've not checked) but I bet some would move into the Must Audit part alone due to that. And there's probably other stuff that is bubbling in this morass, under the quiet surface... :)

Ideally, we should audit everything, but I don't think that is realistic. We should quickly look at all components in the Include category and confirm they do not make any network calls or expose personal/device information. I placed them in this category purely based on my assumption of how these components are implemented.

Just to be clear: I was _not_ saying we need to audit everything (yes, ideally we would), just that it might be worth looking in particular at the Mozilla dependencies of those dependencies to figure out whether things should be re-categorized so that we have a closer second look on components that really need it (even if the dependency check you did or the assumptions you had indicated otherwise).

comment:9 in reply to:  8 Changed 5 months ago by gk

Replying to gk:

Replying to sysrqb:

Replying to gk:

Thanks, that's a good start. Two thoughts while skimming the list (I did not look carefully yet)

1) At least the progressive web apps (PWA) part should probably be in the Must Audit section. We even have a ticket for that already: #25845 :)

That's probably a smart thing, yes. PWA is only available in non-private browsing mode in Fennec, but we should audit it in Fenix. Indeed, PWA is available in private browsing mode in Fenix...

2) I was wondering how the dependencies those dependencies have would influence where we put them category-wise. So, starting with one layer seems good to me but I feel we might need to dig deeper to have a final assessment. One of the things I am already wary of is getting all the application-services parts roped in "for free". Not all components are probably needing that (I've not checked) but I bet some would move into the Must Audit part alone due to that. And there's probably other stuff that is bubbling in this morass, under the quiet surface... :)

Ideally, we should audit everything, but I don't think that is realistic. We should quickly look at all components in the Include category and confirm they do not make any network calls or expose personal/device information. I placed them in this category purely based on my assumption of how these components are implemented.

Just to be clear: I was _not_ saying we need to audit everything (yes, ideally we would), just that it might be worth looking in particular at the Mozilla dependencies of those dependencies to figure out whether things should be re-categorized so that we have a closer second look on components that really need it (even if the dependency check you did or the assumptions you had indicated otherwise).

To give a practical example for that: if you look at Fenix you see that it's building code that should do something useful in case crashes are happening. Now, that depends on android-components' lib-crash. However, if you look at the build.gradle file for that one you see:

    compileOnly Gecko.geckoview_nightly

But we won't be basing Fenix on geckoview_nightly anytime soon. Thus, it's reasonable to move this component out of the "Must Audit" to something like "Disable" for the current purposes just by looking at the second level dependencies and save time for auditing other stuff. But that's obviously not a one way direction. :)

comment:10 Changed 5 months ago by gk

Another thought I had: Maybe it's smarter to start with the things we actually think we have to/should include (for the basic proxy bypasses/fingerprinting checks mentioned in comment:6) so we have a base to build upon and move afterwards to the "Must Audit" pieces. If we don't have time for those, then we might try to neuter them meanwhile by disabling them etc.

comment:11 Changed 5 months ago by gk

Keywords: TorBrowserTeam202006 added; TorBrowserTeam202004 removed

comment:12 Changed 5 months ago by gk

Parent ID: #33184#33661

comment:13 in reply to:  3 ; Changed 4 months ago by sysrqb

Replying to sysrqb:

The follow list partitions the dependencies into "include", "exclude", "disable", and "must-audit" sets

"Must Audit" includes dependencies that we could allow depending on their implementation

"Disable" includes dependencies that we probably do not want and we should always use "Dummy" implementations

"Disable" and "Exclude" may merge into a single set.

Include

> # GeckoView
> mozilla_browser_engine_gecko_nightly -> org.mozilla.components:browser-engine-gecko-nightly
> mozilla_browser_engine_gecko_beta -> org.mozilla.components:browser-engine-gecko-beta


#34177

>  
> # Kotlin std library
> kotlin_stdlib -> org.jetbrains.kotlin:kotlin-stdlib-jdk7
>
> # Import/enable coroutine functionality in Kotlin
> kotlin_coroutines -> org.jetbrains.kotlinx:kotlinx-coroutines-core
> kotlin_coroutines_android -> org.jetbrains.kotlinx:kotlinx-coroutines-android                                                                                                                           > >
> # AndroidX compatibility libraries
> androidx_appcompat -> androidx.appcompat:appcompat 
> androidx_constraintlayout -> androidx.constraintlayout:constraintlayout
> androidx_coordinatorlayout -> androidx.coordinatorlayout:coordinatorlayout

Presumed safe.

>
> # Dynamically (?) creates license list
> osslicenses_library -> com.google.android.gms:play-services-oss-licenses

It seems like play-services-oss-licenses is closed source? :(

The plugin seems fine and is a gradle build-time thing. As I understand it, the plugin grabs all of the <license> elements from the dependencies and places them in some-format in res/raw/third_party_license_metadata. Then, com.google.android.gms.oss.licenses.OssLicensesMenuActivity takes that third_party_license file and renders it. Therefore, play-services-oss-licenses *should* be proxy-safe, but I'd feel better if we could audit the code.

>
> # High-level descriptions/contracts of a browser engine
> mozilla_concept_engine -> org.mozilla.components:concept-engine

No references to net, tcp, udp, write, read, send, recv, launch, startActivity. Uri is only used for parsing a string. write used for serializing data (in memory). connect in Engine::speculativeConnect() interface.

>
> # High-level descriptions/contracts of a storage layer                                                                                                                                                  
> mozilla_concept_storage -> org.mozilla.components:concept-storage

No references to net, connect, tcp, udp, write, read, Uri, send, recv, launch, startActivity.

> 
> # High-level descriptions/contracts of a browser toolbar
> mozilla_concept_toolbar -> org.mozilla.components:concept-toolbar


No references to net, connect, tcp, udp, write, read, Uri, send, recv, launch, startActivity.

>  
> # High-level descriptions/contracts of a tabs tray component
> mozilla_concept_tabstray -> org.mozilla.components:concept-tabstray

No references to net, connect, tcp, udp, write, read, Uri, send, recv, launch, startActivity.

>
> # A customizable Awesome Bar implementation for browsers
> mozilla_browser_awesomebar -> org.mozilla.components:browser-awesomebar

No references to net, connect, tcp, udp, write, read, Uri, send, recv, startActivity. launch used for coroutines.

>
> # APIs for managing localized and customizable domain lists
> mozilla_browser_domains -> org.mozilla.components:browser-domains

No references to net, connect, tcp, udp, write, read, Uri, send, recv, startActivity. launch used for coroutines.

>
> # A customizable tabs tray for browsers implementation
> mozilla_browser_tabstray -> org.mozilla.components:browser-tabstray

No references to net, connect, tcp, udp, write, read, Uri, send, recv, launch, startActivity.

>
> # A generic menu implementation with customizable items
> mozilla_browser_menu -> org.mozilla.components:browser-menu

No references to net, connect, tcp, udp, write, read, Uri, send, recv, startActivity. launch used for coroutines.

>                                                                                                                                                                                                           
> # Search plugins and companion code to load, parse and use them
> mozilla_browser_search -> org.mozilla.components:browser-search                                                                                                                                         

No references to net, connect, tcp, udp, write, read, send, recv, startActivity. launch used for coroutines. Uri is used for local Search Engine files.

>
> # A generic representation of a browser Session and a SessionManager to link browser sessions to underlying Engine Sessions and SessionStorage
> mozilla_browser_session -> org.mozilla.components:browser-session

No references to net, connect, tcp, udp, send, recv, startActivity. write and read used for reading/writing session history/state files. load for receiving load requests from the OS. Uri is only used for parsing a string. #34427

>  
> # A customizable toolbar for browsers
> mozilla_browser_toolbar -> org.mozilla.components:browser-toolbar

No references to net, tcp, udp, write, read, or Uri. connect is used for setting ConstraintSet for the UI. launch used for coroutines.

>
> # Contains building blocks for features implemented as web extensions
> mozilla_support_extensions -> org.mozilla.components:support-webextensions

No references to net, tcp, udp, write, read, Uri, recv, launch, startActivity. connect used for NativeMessaging. send for sending messages from a webextension into Content.

> 
> # Provides functionality for managing add-ons
> mozilla_feature_addons -> org.mozilla.components:feature-addons

No references to net, connect, tcp, udp, Uri, send, recv, startActivity. read/write used for caching on disk a list of installed addons. The AddOn's feature periodically triggers an update check which is handled by Gecko. launch used for coroutines.

>
> # Ties together an FxaAccountManager with the tabs feature, to facilitate OAuth authentication flows managed by the account manager
> mozilla_feature_accounts -> org.mozilla.components:feature-accounts

No references to net, connect, tcp, udp, write, read, send, recv, launch, startActivity. Uri is only used for parsing a string. launch used for coroutines.

>
> # Connects a concept-awesomebar implementation to a concept-toolbar implementation and provides implementations of various suggestion providers
> mozilla_feature_awesomebar -> org.mozilla.components:feature-awesomebar

No references to net, tcp, udp, write, read, Uri, send, recv, launch, startActivity. ClipboardSuggestionProvider triggers a speculativeConnect when a suggestion is created. Nifty.

>                                                                                                                                                                                                         
> # Displaying context menus when *long-pressing* web content
> mozilla_feature_contextmenu -> org.mozilla.components:feature-contextmenu

No references to net, connect, tcp, udp, write, read, Uri, recv, launch. startActivity is called when "Share link" transfers control to the operating system with a request to show the user a "Chooser" menu. send comes with sendSearch() where a search query is initiatiated based on text selection (when the user requests the search).

>
> # Providing Custom Tabs functionality in browsers
> mozilla_feature_customtabs -> org.mozilla.components:feature-customtabs

No references to net, connect, tcp, udp, write, read, recv. Uri is used for parsing a string, and it is passed to Android OS for letting the OS (or user) to choose which app should open/handle that request. launch used for coroutines. send from sendWithSession for mutating a PendingIntent with a session's Uri.

#34428

DigitalAssetLinksHandler triggers background request.

#34429
#21657

> 
> # Provides website media related features
> mozilla_feature_media -> org.mozilla.components:feature-media

No references to net, connect, tcp, udp, write, read, Uri, send, recv, startActivity. launch used for coroutines, and creating a PendingIntent for itself that is used when a notification is pressed. And MediaService?

> 
> # Handles common prompt dialogs from web content like select, option and menu html elements
> mozilla_feature_prompts -> org.mozilla.components:feature-prompts

No references to net, connect, tcp, udp, write, read, send, recv. startActivity is an abstract function. Also, startActivity is called for launching a Camera app ("capture"). Uri is used for passing around file paths.
#33661

> 
> # Connects an (concept) engine implementation with the browser search module
> mozilla_feature_search -> org.mozilla.components:feature-search

No references to net, connect, tcp, udp, write, read, recv, Uri, launch, startActivity. send is seen:

/** 
 * May be implemented by client code in order to allow a component to start searches.
 */
interface SearchAdapter {
  
    /**
     * Called by the component to indicate that the user should be shown a search.                                                                                                                          
     */
    fun sendSearch(isPrivate: Boolean, text: String)
>                                                                                                                                                                                                           
> # Connects an (concept) engine implementation with the browser session module
> mozilla_feature_session -> org.mozilla.components:feature-session

No references to net, connect, tcp, udp, write, send, read, recv, launch, startActivity. Uri is used for saving history state.

#34431

>
> # Connects a (concept) toolbar implementation with the browser session module
> mozilla_feature_toolbar -> org.mozilla.components:feature-toolbar

No references to net, connect, tcp, udp, write, read, recv, Uri, startActivity. send and launch used for coroutines.

> 
> # Connects a trabs tray implementation with the session and toolbar modules
> mozilla_feature_tabs -> org.mozilla.components:feature-tabs

No references to net, connect, tcp, udp, write, read, recv, Uri, send, launch, startActivity

> 
> # Provides Find in Page functionality
> mozilla_feature_findinpage -> org.mozilla.components:feature-findinpage

No references to net, connect, tcp, udp, write, read, recv, Uri, send, launch, startActivity

(I'll finish the remainder tomorrow, and begin auditing/eliminating dependencies from Must Audit)

comment:14 in reply to:  13 ; Changed 4 months ago by gk

Replying to sysrqb:

Replying to sysrqb:

The follow list partitions the dependencies into "include", "exclude", "disable", and "must-audit" sets

"Must Audit" includes dependencies that we could allow depending on their implementation

"Disable" includes dependencies that we probably do not want and we should always use "Dummy" implementations

"Disable" and "Exclude" may merge into a single set.

Include

> # GeckoView
> mozilla_browser_engine_gecko_nightly -> org.mozilla.components:browser-engine-gecko-nightly
> mozilla_browser_engine_gecko_beta -> org.mozilla.components:browser-engine-gecko-beta


#34177

One thing I've been thinking about the requirement for having multiple engines included at the same time when building is how to make sure we avoid that when actually building releases/alphas. I am not sure yet how to do that in the best way. I started playing with ripping things our in android-components so that we e.g. don't require some gecko_nightly code anymore. But it feels a bit awkward so far.

The reason for doing that is tha I don't want to land in a situation that due to a bug not-proxy-safe and not audited nightly code is suddenly used in our builds. That's not a problem with geckoview per se as there is a branch per series (mozilla-central -> gecko_nightly, mozilla-beta -> gecko_beta etc.) but that's not the case anymore for those dependencies in android-components and fenix.

comment:15 in reply to:  3 Changed 4 months ago by sysrqb

Replying to sysrqb:

> # Shows site permission request prompts
> mozilla_feature_site_permissions -> org.mozilla.components:feature-sitepermissions
> 

No references to net, connect, tcp, udp, write, send, read, recv, startActivity. Uri is used for converting a Uri to a String. launch used for coroutines.

> # Wraps/Provides a Reader View WebExtension
> mozilla_feature_readerview -> org.mozilla.components:feature-readerview
> 

No references to net, connect, tcp, udp, write, recv, Uri, launch, startActivity. Lots of read matches, but that's because it's part of the name of the component. send is matched because readerview is a bundled webextension and messages are sent between the app and the webextension.

> # Implementation for saving, restoring and organizing collections of tabs
> mozilla_feature_tab_collections -> org.mozilla.components:feature-tab-collections
> 

No references to net, connect, tcp, udp, send, recv, Uri, launch, startActivity. read/write are used for interacting with state saved/cached on disk. #34438

> # Implementation for saving and removing top sites 
> mozilla_feature_top_sites -> org.mozilla.components:feature-top-sites
> 

No references to net, connect, tcp, udp, send, recv, Uri, read, write, launch, startActivity.

> # Displays web notifications
> mozilla_feature_webnotifications -> org.mozilla.components:feature-webnotifications
> 

No references to net, connect, tcp, udp, send, recv, read, write, launch, startActivity. Uri used for holding a uri. #34439

> # Base or core component containing building blocks and interfaces for other components
> mozilla_support_base -> org.mozilla.components:support-base
>

No references to net, connect, tcp, udp, recv, Uri, read, launch, startActivity. send and write` matches related to local logging.

> # A set of (Mozilla) Kotlin extensions on top of the Android framework and Kotlin standard library
> mozilla_support_ktx -> org.mozilla.components:support-ktx
> 

No references to net, connect, tcp, udp, send, recv, Uri, read, write, launch. Context.share is a wrapper around startActivity. Additional helper utility classes for AtomicFile, Uri, String, Preferences, etc.

> # Enables logging from Rust code.
> mozilla_support_rustlog -> org.mozilla.components:support-rustlog
> 

No references to net, connect, tcp, udp, send, recv, Uri, read, write, launch, startActivity.

> # Generic utility classes to be shared between projects.
> mozilla_support_utils -> org.mozilla.components:support-utils 
> 

No references to net, connect, tcp, udp, send, recv, read, write, launch, startActivity. Uri used for storing and parsing uris.

> # Allow apps to change the system defined language by their custom one
> mozilla_support_locale -> org.mozilla.components:support-locale
> 

No references to net, connect, tcp, udp, send, recv, Uri, read, write, launch, startActivity.

> # The standard set of Photon colors
> mozilla_ui_colors -> org.mozilla.components:ui-colors
> 

No references to net, connect, tcp, udp, send, recv, Uri, read, write, launch, startActivity.

> # A collection of often used browser icons.
> mozilla_ui_icons -> org.mozilla.components:ui-icons
> 

No references to net, connect, tcp, udp, send, recv, Uri, read, write, launch, startActivity.

> # A library for reading and using the Public Suffix List.
> mozilla_ui_publicsuffixlist -> org.mozilla.components:lib-publicsuffixlist
>  

No references to net, connect, tcp, udp, send, recv, read, write, launch, startActivity. Uri for parsing strings.

> # More AndroidX compatibility libraries
> androidx_legacy -> androidx.legacy:legacy-support-v4
> androidx_paging -> androidx.paging:paging-runtime-ktx
> androidx_preference -> androidx.preference:preference-ktx
> androidx_fragment -> androidx.fragment:fragment-ktx
> androidx_navigation_fragment -> androidx.navigation:navigation-fragment-ktx
> androidx_navigation_ui -> androidx.navigation:navigation-ui 
> androidx_recyclerview -> androidx.recyclerview:recyclerview
> androidx_lifecycle_livedata -> androidx.lifecycle:lifecycle-livedata-ktx
> androidx_lifecycle_runtime -> androidx.lifecycle:lifecycle-runtime-ktx
> androidx_lifecycle_viewmodel -> androidx.lifecycle:lifecycle-viewmodel-ktx
> androidx_core -> androidx.core:core
> androidx_core_ktx -> androidx.core:core-ktx
> androidx_transition -> androidx.transition:transition
> androidx_work_ktx -> androidx.work:work-runtime-ktx
>

Presumed safe. #34440

> # Material Components for Android
> google_material -> com.google.android.material
> 

https://github.com/material-components/material-components-android/tree/1.1.0
#34441

> # Provides similar capabilities of CSS Flexible Box Layout Module
> google_flexbox -> com.google.android:flexbox
> 

#34442

> # Renders After Effects animations in real time
> lottie -> com.airbnb.android:lottie

#34443

comment:16 in reply to:  14 ; Changed 4 months ago by sysrqb

Replying to gk:

Replying to sysrqb:

Replying to sysrqb:

The follow list partitions the dependencies into "include", "exclude", "disable", and "must-audit" sets

"Must Audit" includes dependencies that we could allow depending on their implementation

"Disable" includes dependencies that we probably do not want and we should always use "Dummy" implementations

"Disable" and "Exclude" may merge into a single set.

Include

> # GeckoView
> mozilla_browser_engine_gecko_nightly -> org.mozilla.components:browser-engine-gecko-nightly
> mozilla_browser_engine_gecko_beta -> org.mozilla.components:browser-engine-gecko-beta


#34177

One thing I've been thinking about the requirement for having multiple engines included at the same time when building is how to make sure we avoid that when actually building releases/alphas. I am not sure yet how to do that in the best way. I started playing with ripping things our in android-components so that we e.g. don't require some gecko_nightly code anymore. But it feels a bit awkward so far.

The reason for doing that is tha I don't want to land in a situation that due to a bug not-proxy-safe and not audited nightly code is suddenly used in our builds. That's not a problem with geckoview per se as there is a branch per series (mozilla-central -> gecko_nightly, mozilla-beta -> gecko_beta etc.) but that's not the case anymore for those dependencies in android-components and fenix.

Do you suggest we only keep beta and production? Should we simply carry a patch that deletes/comments-out the geckoNightly variant, so it can never be built accidentally?

comment:17 in reply to:  16 Changed 4 months ago by gk

Replying to sysrqb:

Replying to gk:

Replying to sysrqb:

Replying to sysrqb:

The follow list partitions the dependencies into "include", "exclude", "disable", and "must-audit" sets

"Must Audit" includes dependencies that we could allow depending on their implementation

"Disable" includes dependencies that we probably do not want and we should always use "Dummy" implementations

"Disable" and "Exclude" may merge into a single set.

Include

> # GeckoView
> mozilla_browser_engine_gecko_nightly -> org.mozilla.components:browser-engine-gecko-nightly
> mozilla_browser_engine_gecko_beta -> org.mozilla.components:browser-engine-gecko-beta


#34177

One thing I've been thinking about the requirement for having multiple engines included at the same time when building is how to make sure we avoid that when actually building releases/alphas. I am not sure yet how to do that in the best way. I started playing with ripping things our in android-components so that we e.g. don't require some gecko_nightly code anymore. But it feels a bit awkward so far.

The reason for doing that is tha I don't want to land in a situation that due to a bug not-proxy-safe and not audited nightly code is suddenly used in our builds. That's not a problem with geckoview per se as there is a branch per series (mozilla-central -> gecko_nightly, mozilla-beta -> gecko_beta etc.) but that's not the case anymore for those dependencies in android-components and fenix.

Do you suggest we only keep beta and production? Should we simply carry a patch that deletes/comments-out the geckoNightly variant, so it can never be built accidentally?

I am not sure yet which approach we should take. I've not looked close enough to decide which of several potential approaches would be best. However, what I like to see is either geckoFoo not being around when building geckoBar OR using geckoFoo when building geckoBar failing hard OR removing the dependencies that rope in geckoFoo when building geckoBar OR... So, yeah, it should not be possible to use geckoFoo accidentally (be it due to a bug or some other issues) when building geckoBar (using "Foo" and "Bar" here because that holds for any of the Nightly, Beta, and Production variant).

Note: See TracTickets for help on using tickets.