Fennec and trackers

fennec

#1

Hi!

I just downloaded Fennec today (version 61.0.2). Even with the awesomeness of the team for making a Firefox-libre version of the browser, I’m kind of worried about they’re still got the trackers. It’s one of the anti-features of F-Droid.

Since Fennec got the minimal propietary blobs, isn’t possible to delete the trackers?

Cheers to the maintainer and the team!


#2

Tracking is still optional. Turn it off and there is nothing to worry about.


#3

I mean trackers like Google Analytics. As it can be seen at Exodus, Firefox Beta has some trackers, and if you look for Fennec, it appears Firefox Nightly.


#4

Can it analyze the F-droid version or just the Google Play version?
(There are differences).


#5

Once you know which trackers are in, like firebase analytics, you can check any apk :
./dexdump FennecFdroid.apk | grep "Class descriptor" | grep com/google/firebase

You find dexdump in /system/bin via any emulator for android devices, or for your PC: /android-sdk/build-tools/"_version°" (alongside aapt & zipalign )
More info on Exodus https://exodus-privacy.eu.org/post/exodus_static_analysis/

On android you can also use Playstore AddonsDetector : https://reports.exodus-privacy.eu.org/reports/search/com.denper.addonsdetector

EDIT: Fennec doesn’t seem to include any known of these 4 trackers (Mozilla gecko products…)


#6

Pretty awesome, that is what I was looking for :slight_smile:

Thank you for the insight on some kind of static analysis in an apk, I definetly will look into that !


#7

@captainepoch you’d better check before making such statements.


#8

Thx to @captainepoch I discovered Exodus which was the right way to convince https://prism-break.org/en/categories/android/#web-browsers to swap firefox.apk with fennec_fdroid.apk : https://gitlab.com/prism-break/prism-break/issues/2061

For more info on Exodus/trackers capability : https://forum.xda-developers.com/android/software-hacking/dexdump-xodus-trackers-apk-static-t3833391 ; uploaded pocClassyShark there, is modified to list only the classes named in Exodus/trackers (signatures20182408), for any apk (non including odexeds).


#9

Pretty much out of topic, but where can one find proper documentation for binaries in /system/bin?


#10

When aosp is built, multiples bin(s) are built first inside /android/system/out/host/linux-x86/bin/ you can find some here :

Depending roms, some are also built in device specific abi : arm arm64 x86; for documentation you have to launch them with option -v(ersion). dexdump & oatdump should be always in.
As example you can easily add aapt to android devices : https://dl.xda-developers.com/4/5/8/6/4/5/4/aapt_diff.txt?key=x4nAS-twNa52Qf5nzZ-mmw&ts=1541690742

Here is an example list of all these aosp bin(s) : aapt / aapt2 / acp / adb / ahat / aidl / aidl-cpp / apf_disassembler / apf_run / apicheck / aprotoc / backtrace_test32 / backtrace_test64 / bcc / bcc_strip_attr / blk_alloc_to_base_fs / bluetoothtbd-host_test / bluetoothtbd-host_test32 / bluetoothtbd-host_test64 / bsdiff / bsdiff_unittest / checkfc / checkpolicy / checkseapp / ckati / clang-tblgen / conscrypt_generate_constants / dalvikvm / dalvikvm32 / dalvikvm64 / dex2oat / dex2oat32 / dexdeps / dexdump / dexdump2 / dexlist / dmtracedump / dx / e2fsck / fastboot / fc_sort / fs_config / fs_config_generate_cheeseburger / hierarchyviewer1 / hprof-conv / ijar / imgdiff / insertkeys.py / jack / jack-admin / ld.mc / llvm-rs-cc / llvm-tblgen / make_ext4fs / makeparallel / memory_replay / memory_replay_tests32 / memory_replay_tests64 / minigzip / mkbootfs / mkbootimg / mkuserimg.sh / oatdump / patchoat / profman / rmtypedefs / sefcontext_compile / sepolicy-analyze / simg2img / simpleperf / sqlite3 / toybox-instlist / tzdatacheck / zipalign / ziptime

btw my ClassyShark3xodus to scan trackers is now finalized : https://forum.xda-developers.com/android/software-hacking/dexdump-xodus-trackers-apk-static-t3833391 ; hope it will pass rfp -> MR soon (?) ; paired with app_PackagesInfos, you can scan any apk installed or not (exception to /system odexed apps).