Hi!
I just downloaded Fennec today (version 61.0.2). Even with the awesomeness of the team for making a Firefox-libre version of the browser, I’m kind of worried about they’re still got the trackers. It’s one of the anti-features of F-Droid.
Since Fennec got the minimal propietary blobs, isn’t possible to delete the trackers?
Cheers to the maintainer and the team!
Tracking is still optional. Turn it off and there is nothing to worry about.
I mean trackers like Google Analytics. As it can be seen at Exodus, Firefox Beta has some trackers, and if you look for Fennec, it appears Firefox Nightly.
Can it analyze the F-droid version or just the Google Play version?
(There are differences).
Once you know which trackers are in, like firebase analytics, you can check any apk :
./dexdump FennecFdroid.apk | grep "Class descriptor" | grep com/google/firebase
You find dexdump in /system/bin via any emulator for android devices, or for your PC: /android-sdk/build-tools/“_version°” (alongside aapt & zipalign )
More info on Exodus https://exodus-privacy.eu.org/post/exodus_static_analysis/
_On android you can also use Playstore AddonsDetector : https://reports.exodus-privacy.eu.org/reports/search/com.denper.addonsdetector_
EDIT: Fennec doesn’t seem to include any known of these 4 trackers (Mozilla gecko products…)
Pretty awesome, that is what I was looking for 
Thank you for the insight on some kind of static analysis in an apk, I definetly will look into that !
Thx to @anon36515525 I discovered Exodus which was the right way to convince Android - Platforms - PRISM Break to swap firefox.apk with fennec_fdroid.apk : Add Fennec (#2061) · Issues · PRISM Break / PRISM Break · GitLab
For more info on Exodus/trackers capability : [dexdump] εxodus >TRACKERS< apk static analysis | XDA Forums ; uploaded pocClassyShark there, is modified to list only the classes named in Exodus/trackers (signatures20182408), for any apk (non including odexeds).
Pretty much out of topic, but where can one find proper documentation for binaries in /system/bin?
When aosp is built, multiples bin(s) are built first inside /android/system/out/host/linux-x86/bin/ you can find some here :
Depending roms, some are also built in device specific abi : arm arm64 x86; for documentation you have to launch them with option -v(ersion). dexdump & oatdump should be always in.
As example you can easily add aapt to android devices : https://dl.xda-developers.com/4/5/8/6/4/5/4/aapt_diff.txt?key=x4nAS-twNa52Qf5nzZ-mmw&ts=1541690742
Here is an example list of all these aosp bin(s) : aapt / aapt2 / acp / adb / ahat / aidl / aidl-cpp / apf_disassembler / apf_run / apicheck / aprotoc / backtrace_test32 / backtrace_test64 / bcc / bcc_strip_attr / blk_alloc_to_base_fs / bluetoothtbd-host_test / bluetoothtbd-host_test32 / bluetoothtbd-host_test64 / bsdiff / bsdiff_unittest / checkfc / checkpolicy / checkseapp / ckati / clang-tblgen / conscrypt_generate_constants / dalvikvm / dalvikvm32 / dalvikvm64 / dex2oat / dex2oat32 / dexdeps / dexdump / dexdump2 / dexlist / dmtracedump / dx / e2fsck / fastboot / fc_sort / fs_config / fs_config_generate_cheeseburger / hierarchyviewer1 / hprof-conv / ijar / imgdiff / insertkeys.py / jack / jack-admin / ld.mc / llvm-rs-cc / llvm-tblgen / make_ext4fs / makeparallel / memory_replay / memory_replay_tests32 / memory_replay_tests64 / minigzip / mkbootfs / mkbootimg / mkuserimg.sh / oatdump / patchoat / profman / rmtypedefs / sefcontext_compile / sepolicy-analyze / simg2img / simpleperf / sqlite3 / toybox-instlist / tzdatacheck / zipalign / ziptime
btw my ClassyShark3xodus to scan trackers is now finalized : [dexdump] εxodus >TRACKERS< apk static analysis | XDA Forums ; hope it will pass rfp → MR soon (?) ; paired with app_PackagesInfos, you can scan any apk installed or not (exception to /system odexed apps).
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.