privacyguides.org/docs/mobile-browsers.md
Redoomed 00b3ddd217
fix: Apply Wikipedia's style of bolding (#2662)
Signed-off-by: Jonah Aragon <jonah@triplebit.net>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2024-07-25 00:34:15 +09:30

16 KiB
Raw Blame History

meta_title title icon description cover schema
Privacy Respecting Mobile Web Browsers for Android and iOS - Privacy Guides Mobile Browsers material/cellphone-information These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. mobile-browsers.webp
@context @type name url relatedLink
http://schema.org WebPage Private Mobile Browser Recommendations ./ ../desktop-browsers/
@context @type name image url applicationCategory operatingSystem subjectOf
http://schema.org MobileApplication Brave /assets/img/browsers/brave.svg https://brave.com Web Browser
Android
@type url
WebPage ./
@context @type name image url applicationCategory operatingSystem subjectOf
http://schema.org MobileApplication Safari /assets/img/browsers/safari.svg https://apple.com/safari Web Browser
iOS
@type url
WebPage ./

These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use Tor instead.

Android

Brave

Brave logo{ align=right }

Brave Browser includes a built-in content blocker and privacy features, many of which are enabled by default.

Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :simple-torbrowser:{ .card-link title="Onion Service" } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" }

Downloads

Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the Tor Browser will be traceable by somebody in some regard or another.

These options can be found in :material-menu: → SettingsBrave Shields & privacy

Shields

Brave includes some anti-fingerprinting measures in its Shields feature. We suggest configuring these options globally across all pages that you visit.

Brave shields global defaults

Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following:

  • Select Aggressive under Block trackers & ads
Use default filter lists

Brave allows you to select additional content filters within the internal brave://adblock page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use.

  • Select Auto-redirect AMP pages
  • Select Auto-redirect tracking URLs
  • Select strict under Upgrade connections to HTTPS
  • (Optional) Select Block Scripts (1)
  • Select Block third-party cookies under Block Cookies
  • Select Block fingerprinting
  • Select Prevent fingerprinting via language settings
  1. This option provides functionality similar to uBlock Origin's advanced blocking modes or the NoScript extension.
Clear browsing data
  • Select Clear data on exit
Social Media Blocking
  • Uncheck all social media components
Other privacy settings
  • Select Disable non-proxied UDP under WebRTC IP handling policy
  • (Optional) Select No protection under Safe Browsing (1)
  • Uncheck Allow sites to check if you have payment methods saved
  • Uncheck IPFS Gateway (2)
  • Select Close tabs on exit
  • Uncheck Allow privacy-preserving product analytics (P3A)
  • Uncheck Automatically send diagnostic reports
  • Uncheck Automatically send daily usage ping to Brave
  1. Brave's implementation of Safe Browsing on Android does not proxy Safe Browsing network requests like its desktop counterpart. This means that your IP address may be seen (and logged) by Google. Note that Safe Browsing is not available for Android devices without Google Play Services.
  2. InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it.

Leo

These options can be found in :material-menu: → SettingsLeo

  • Uncheck Show autocomplete suggestions in address bar

Brave Sync

Brave Sync allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE.

Mull

Mull logo{ align=right }

Mull is a privacy oriented and deblobbed Android browser based on Firefox. Compared to Firefox, it offers much greater fingerprinting protection out of the box, and disables JavaScript Just-in-Time (JIT) compilation for enhanced security. It also removes all proprietary elements from Firefox, such as replacing Google Play Services references.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation } :octicons-code-16:{ .card-link title="Source Code" }

Downloads

Danger

Firefox (Gecko)-based browsers on Android lack site isolation,1 a powerful security feature that protects against a malicious site performing a Spectre-like attack to gain access to the memory of another website you have open.2 Chromium-based browsers like Brave will provide more robust protection against malicious websites.

Enable DivestOS's F-Droid repository to receive updates directly from the developer. Downloading Mull from the default F-Droid repo will mean your updates could be delayed by a few days or longer.

Mull enables many features upstreamed by the Tor uplift project using preferences from Arkenfox. Proprietary blobs are removed from Mozilla's code using the scripts developed for Fennec F-Droid.

We would suggest installing uBlock Origin as a content blocker if you want to block trackers within Mull.

Mull comes with privacy protecting settings configured by default. You might consider configuring the Delete browsing data on quit options in Mull's settings if you want to close all your open tabs when quitting the app automatically, or clear other data such as browsing history and cookies automatically.

Because Mull has more advanced and strict privacy protections enabled by default compared to most browsers, some websites may not load or work properly unless you adjust those settings. You can consult this list of known issues and workarounds for advice on a potential fix if you do encounter a broken site. Adjusting a setting in order to fix a website could impact your privacy/security, so make sure you fully understand any instructions you follow.

iOS

On iOS, any app that can browse the web is restricted to using an Apple-provided WebKit framework, so there is little reason to use a third-party web browser.

Safari

Safari logo{ align=right }

Safari is the default browser in iOS. It includes privacy features such as Intelligent Tracking Prevention, Privacy Report, isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and Private Relay for those with a paid iCloud+ subscription. It also allows you to separate your browsing with different profiles and lock private tabs with your biometrics/PIN.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation}

We would suggest installing AdGuard as a content blocker if you want to block trackers within Safari.

The following privacy/security-related options can be found in the ⚙️ Settings app → Safari

Profiles

All of your cookies, history, and website data will be separate for each profile. You should use different profiles for different purposes e.g. Shopping, Work, or School.

Privacy & Security
  • Enable Prevent Cross-Site Tracking

    This enables WebKit's Intelligent Tracking Protection. The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.

  • Enable Require Face ID to Unlock Private Browsing

    This setting allows you to lock your private tabs behind biometrics/PIN when not in use.

Advanced → Privacy

The Advanced Tracking and Fingerprinting Protection setting will randomize certain values so that it's more difficult to fingerprint you:

  • Select All Browsing or Private Browsing
Privacy Report

Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.

Privacy Report is accessible via the Page Settings menu.

Privacy Preserving Ad Measurement
  • Disable Privacy Preserving Ad Measurement

Ad click measurement has traditionally used tracking technology that infringes on user privacy. Private Click Measurement is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.

The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature.

Always-on Private Browsing

Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.

  • Select Private

Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new ephemeral session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpages address to Apple when using Safari's translation feature.

Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.

iCloud Sync

Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, by default, bookmarks are not. Apple can decrypt and access them in accordance with their privacy policy.

You can enable E2EE for your Safari bookmarks and downloads by enabling Advanced Data Protection. Go to your Apple ID name → iCloud → Advanced Data Protection.

  • Turn On Advanced Data Protection

If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in ⚙️ SettingsSafariGeneralDownloads.

Criteria

Please note we are not affiliated with any of the projects we recommend. In addition to our standard criteria, we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

Minimum Requirements

  • Must support automatic updates.
  • Must receive engine updates from upstream releases quickly.
  • Must support content blocking.
  • Any changes required to make the browser more privacy-respecting should not negatively impact user experience.

  1. This should not be mistaken for state partitioning (or dynamic first party isolation), where website data such as cookies and cache is restricted so that a third-party embedded in one top-level site cannot access data stored under another top-level site. This is an important privacy feature to prevent cross-site tracking and is supported by Firefox on Android. ↩︎

  2. GeckoView also does not take advantage of Android's native process sandboxing by using the isolatedProcess flag, which normally allows an app to safely run less trusted code in a separate process that has no permissions of its own. ↩︎