FFUpdater: Updater for privacy friendly browser - Mirror of GitHub

Tobi823 c314e88095 * try replacing FileDownloader mit Android DownloadManager 2 роки тому
.github 4c45288269 * fix GitHub action (2/?) 3 роки тому
dev 215a672cf0 Release version 75.4.0 (98) 2 роки тому
fastlane 181873ccce Translated using Weblate (Turkish) 2 роки тому
ffupdater c314e88095 * try replacing FileDownloader mit Android DownloadManager 2 роки тому
gradle fc62b1ff96 * upgrade com.android.tools.build:gradle to 7.0.2 3 роки тому
.gitignore 6818dc74e0 - cleanup 2 роки тому
CHANGELOG.md 39f1db6d0f Release version 75.4.3 (101) 2 роки тому
GOALS.md f0ef856be0 Update GOALS.md 4 роки тому
HOW_TO_CONTRIBUTE.md c8dd18ecd3 * update the "how to contribute" chapter and add Weblate-links 2 роки тому
LICENSE 8b103f6ce2 Add license information 9 роки тому
README.md d543047ac3 - distinguish different kinds of browsers in full_description.txt and README.md 2 роки тому
build.gradle 04549e34cc - remove hamcrest library 2 роки тому
gradle.properties f55fbbbeb4 - cleanup 2 роки тому
gradlew fc62b1ff96 * upgrade com.android.tools.build:gradle to 7.0.2 3 роки тому
gradlew.bat 6af86ced55 update gradle 3 роки тому
settings.gradle 53536ad129 Use DownloadManager 9 роки тому

README.md

Get it on F-Droid

Firefox-Updater

Download, install and update browsers from Mozilla or based on Firefox:

good privacy browsers:

better than Google Chrome browsers:

and:

FFUpdater checks for updates in the background and downloads them as well. On Android 12+ or root devices, FFUpdater can also update the apps without user interaction.

How to contribute

You can add and update translations with Weblate. Go to ffupdater-app-translations for improving the translation of the Android app. To improve the translation of the release notes, go to ffupdater-release-notes.

For advanced users: How to contribute

Security measures

  • The certificate fingerprint of every downloaded APK file is checked and validated against an internal allowlist. This prevents the installation of malicious app versions that do not originate from the original developer. The certificate fingerprints will be displayed in the app and be check by yourself. Some websites like apkmirror.com list these fingerprints for every app.
  • No unencrypted traffic is used or accepted, which can potentially be modified by attackers. Only HTTPS connections.
  • Slight risk for a machine-in-the-middle-attack: FFUpdater trusts HTTPS certificates which are installed by the user ( called "user certificates"). This is necessary for AdGuard (see GitHub-Issue). Be careful which certificates you install. A malicious certificate can prevent FFUpdater finding new updates.
  • When using root permission, check for dangerous characters and use only values from an allow list. Only src/main/java/de/marmaro/krt/ffupdater/installer/RootInstaller.kt uses root permission.

Feel free to check my source code ;)

Download sources for applications

The applications are downloaded from these locations:

Other distribution channels

The main distribution method of FFUpdater remains F-Droid - this will not change. But you can use the APK files or the F-Droid repository to quickly install fixed versions.

You need to uninstall FFUpdater every time you switch between F-Droid version and my version.

I don't know if F-Droid shows an update notification when you have my version installed. Maybe you need to manually check for updates in the F-Droid app.

My versions will be signed with:

DN: CN=Tobi823, O=FFUpdater, ST=Germany, C=DE
SHA-256 digest: f4e642bb85cbbcfd7302b2cbcbd346993a41067c27d995df492c9d0d38747e62
SHA-1 digest: b432e9eb74512c0fa58c1ec45912a670f8dfa8e9
MD5 digest: 78a34e36cedd844954726f1e2076642c

The official F-Droid Android client sometimes has problems accessing the APK file from my F-Droid repository. But other clients like "Foxy Droid" work fine. Does anyone know the reason for this? Does the official F-Droid client has an internal cache and therefore needs more time before it can access a new version from my repository?

APK files on GitHub

The APK files are available on GitHub and GitLab.

F-Droid repository

Click here to add the FFUpdater repository to your F-Droid client.

If the link is not clickable, you can use this help website https://tobi823.github.io/ffupdaterrepo.html.

Repository address: https://raw.githubusercontent.com/Tobi823/ffupdaterrepo/master/fdroid/repo

Fingerprint: 6E4E6A597D289CB2D4D4F0E4B792E14CCE070BDA6C47AF4918B342FA51F2DC89

F-Droid repository link

How to Add a Repo to F-Droid

It seems that this F-Droid repository is sometimes a little buggy. If F-Droid fails to download FFUpdater, try to install the version from the official F-Droid repository first.

On the app page under the item "Versions" you can see from which repository (my FFUpdater repository or the official F-Droid repository) the app version was installed

FAQ

  • By clicking on the "i"-Icon, you can see the time of the last successful background update check.
  • Firefox Nightly: Replace the minutes with 'xx' because FFUpdater can only access the start time of the build and not the version name of the app update (finish time). The builds always starts at 5:00 and 17:00 and usually takes a few minutes.
  • I don't optimize the APK file with minifyEnabled and shrinkResources because it makes the app harder to debug
  • Tor Browser / Orbot: I will not support them because they can be installed with F-Droid. (Go to Settings > Repositories > Enable "Guardian Project Official Releases".) I don't feel confident enough that I can install and update the Tor Browser / Orbot securely (because I think there is much more at stake than with other browsers).
  • Please reopen FFUpdater after moving it to the internal/external storage.

Git repositories

3rd-party libraries

  • AndroidX by Google (Apache 2.0): user interface
  • Material Components by Google (Apache 2.0): user interface
  • Gson by Google (Apache 2.0): parsing network responses to GSON
  • Shared Preferences Mock by Ivan Shafran (MIT): * testing SharedPreferences*
  • Kotlin by Jetbrains: programming language Kotlin
  • kotlinx.coroutines by Jetbrains (Apache 2.0): concurrency
  • Partially copy and modify Crasher by James Fenn (Apache 2.0): crash reports
  • version-compare by Thomas Wirth (Apache 2.0): compare versions of installed and available apps
  • OkHttp by Square, Inc (Apache 2.0): download files and make network requests
  • Kotlin coroutines await extension for OkHttp3 by Andrey Mischenko (Apache 2.0): add async/await support to OkHttp
  • JUnit 5 by The JUnit Team (MIT): software testing
  • android-junit5 by Marcel Schnelle (Apache 2.0): use JUnit5 software tests with Android
  • MockK (Apache 2.0): for easier software testing
  • Partially copy and modify Root app installer by Aurora Store / Rahul Patel (GPL): for installing/updating apps without user interaction
  • libsu by John Wu (Apache 2.0): for executing root commands

My motivation / Project goals

Goals

Deprecated browsers

Styx Browser

02.01.2022 https://github.com/Tobi823/ffupdater/issues/101

Styx is only temporarily removed from Google Play:

Sorry for the premature end of Styx. But in the future the Styx browser will appear again. Currently styx is migrated to Fulguris base. When this is completed then Styx will return as well as in the Play Store.

30.12.2021: https://github.com/Tobi823/ffupdater/issues/101

It seems that @jamal2362 does not maintain the Styx browser any longer:

Due to the deleted GitHub repository, Styx cannot be downloaded by FFUpdater. And even if - end users should not use a browser that is no longer updated.

Kiwi Browser

17.04.2021: https://github.com/Tobi823/ffupdater/issues/35 Answer from the Kiwi developer:

It's actually quite simple, Kiwi earns money for every search it forwards to Yahoo or Microsoft Bing.

It seems that the developers have to forward search requests to their servers and then to the search engine in order to get paid by the search engine.

The parameters and integration method are defined by the search engines themselves, we don't have our words at all how the integration is done.

They [Yahoo or Microsoft Bing] have a standard guide on how to integrate, either you follow this guide, or you don't work with them.

I guess it's fine. Although i don't like it, i understand that the money for the app development has to come from somewhere (even Firefox is paid to use "Google" as the default search engine).

But I think that Kiwi should not be managed by FFUpdater because this browser has additional usability features and no additional privacy features. FFUpdater is about privacy and not usability.

Firefox Lite

02.12.2021: End of support for Firefox Lockwise https://support.mozilla.org/en-US/kb/end-of-support-firefox-lockwise

Mozilla will end support for the Firefox Lockwise app on Android and iOS, effective December 13, 2021.

14.03.2021: The latest release of Firefox Lite is not longer signed and thereby can't be used to upgrade an existing Firefox Lite installation. Moreover the developers haven't responded to the Github issue "[BUG] Unsigned apk ?" from 30.01.2021 https://github.com/mozilla-mobile/FirefoxLite/issues/5353. And Firefox Lite will only receive bug fixes in the future:

Firefox Lite is currently in Maintenance Mode. No active feature is being done on the product. Older Pull Requests and Issues have been marked with the archived label and have been closed. However, if you feel an issue is critical enough to be re-opened, please leave a note on the issue with an explanation.

30.06.2021: Firefox Lite is removed from Google Play and Galaxy Store, its repository is archived (https://github.com/mozilla-mobile/FirefoxLite) and development stopped.

Effective June 30, 2021, this app will no longer receive security or other updates. Download the official Firefox Android app now for a fast, private & safe web browser.

These are the reasons why I will remove Firefox Lite.

Fennec

16.05.2020: Mozilla wants to migrate from Fennec to Fenix. Fennec Beta and Fennec Nightly are already end-of-life and Fennec Release will be soon.

27.07.2020: 68.11.0 is the last released update for Fennec version, all Fennec browsers are deprecated.

Fennec is being replaced by our new state-of-the-art mobile browser codenamed "Fenix". We're slowly migrating users in order to make sure the experience is as painless and as enjoyable as possible. We started to migrate users who were using Fennec Nightly in January (bug 1608882). It took us several weeks to be sure of the result and to finally offer Fenix Nightly to all users using Fennec Nightly. Another few weeks later, we repeated the same process with Fennec Beta (bug 1614287). Fenix Beta has been offered to the whole Fennec Beta population on April 22nd. We're planning to do the same with Fennec Release sometimes this year. The schedule is still to be determined.

The Google Play Store[1] has a lot of nice features, but it's still pretty basic whenever a software publisher wants to slowly migrate users. Once a migration is started, we can't provide any Fennec updates to the population who wasn't offered Fenix, yet. I can say this restriction is painful to manage for Android developers, Mozilla included. Because of it, we had to stop shipping Fennec Nightly/Beta APKs at the beginning of each migration. This explains the dates of the last builds. At the same time, we stopped building Fennec Nightly/Beta because it enabled us to save technical resources[2] as well as people's time[3].

https://bugzilla.mozilla.org/show_bug.cgi?id=1627518

Build app

Use Android Studio to clone and run the app. Nothing special needs to be done.

Maintainer:

Tobiwan (now)

Boris Kraut (https://gitlab.com/krt/ffupdater, until April 2019)

Since I left F-Droid (and Android/Smartphones) about a year ago, I am looking for a new maintainer to take over. Unfortunately the upstream issue I opened years ago is still not solved in 2019. While Fennec F-Droid is back in the mainline repo and other binary repos do serve Firefox, some might still prefer this updater. So as I said: Maintainers welcome. The main task should be to test the last few merge requests (especially the background update stuff) and release a new version. New Maintainer: https://notabug.org/Tobiwan/ffupdater

License

FFUpdater -- Updater for privacy friendly browser
Copyright (C) 2019-2021 Tobias Hellmann https://github.com/Tobi823
Copyright (C) 2015-2019 Boris Kraut <krt@nurfuerspam.de>

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.