wiki:org/meetings/2018MexicoCity/Notes/EmbeddingTorInAndroid

Embedding system level vs app

Firewalling is difficult for DNS resolution because those are sent via UID 0 rather than per-app UID

  • this happens in the Android guts, socket requests internally direct DNS requests to a system process
  • probably will require modifications to these Android internals
  • this could be managed using SELinux with SECMARK and/or CONNSECMARK

All DNS over Tor:

  • More likely susceptible to hijacking
  • use DNS over TLS or HTTPS

Why not use Android VPN?

  • Only one VPN can be enabled at a time on the device
  • User notification about VPN enabled with big scary warning

Using iptables for restricting per-app traffic

Make the UX when there is a system app look/feel like Orbot

There should be a UI for picking and choosing which apps should go through tor, which apps should be denied all, etc Three options:

  • Direct connection
  • Over Tor
  • No network

Copperhead allows restricting android.permission.INTERNET permission, but that can leak

  • see "No Permission Remote Shell" demo app
  • iptables at root level is much safer

iptables initialization early in startup, preventing all network connections

  • Run Orwall (or similar) after startup

Full-disk encryption vs file-based encryption?

  • FDE should remain, file-based encryption could be useful but not necessary

We should look at the Accounts API for if/when it connects to servers

Boot verification?

  • Some phones don't have full support
  • Optional when it is supported, but $100-200 phones likely won't support it
  • it is not the end of the world if it is not available

Support for bridges/PTs:

  • Use Orbot?

We'd need something similar to TAILS with an insecure, directly-connected browser

Android support for captive portal

If we use DNS-over-TLS, then there's a catch-22 where we never receive the hijacked response from a captive portals

Captive portal autodetection, can we auto-fill?

MVP:

  • early iptables
  • boot verification
  • No captive portal support?
    • not likely - this would make it very difficult
Last modified 2 months ago Last modified on Oct 11, 2018, 2:00:32 PM