BÁNKI KÖZLEMÉNYEK 3. ÉVFOLYAM 1. SZÁM General characteristics of Android browsers with focus on security and privacy features Petar Čisar*, Sanja Maravic Cisar**, Igor Fürstner*** Academy of Criminalistic and Police Studies, Belgrade, Serbia, **Subotica Tech, Subotica, Serbia, ***Óbuda University, Bánki Donát Faculty of Mechanical and Safety Engineering, Budapest, Hungary, [email protected], [email protected], [email protected] • Incognito browsing mode - offers real private Abstract —Satisfactory level of security in the use of the browsing experience without leaving any historical Internet in mobile devices depends on several factors. One of data. them is safe browsing. A key factor in providing secure • Using of HTTPS protocol - enforces SSL (Secure browsing is the application of a browser with the appropriate Socket Layer) security protocol (using of certificates) methods applied: clearing cookies, cache and history, ability wherever that’s possible. of incognito browsing, using of whitelists and encryptions and others. This paper presents an overview of the various • Disabling features like JavaScript, DOM (Document security and privacy features used in the most frequently Object Model) storage used Android browsers. Also, in the case of several browsers • Using fingerprinting techniques and types of mobile devices, the use of benchmark tests is Further sections of this paper provide an overview of the shown. Bearing in mind the differences, when choosing a applied security and privacy methods for more popular browser, special attention should be paid to the applied Android browsers. Also, in order to compare the adequate security and privacy features. features of browsers, the use of benchmark tests on different mobile devices will be shown. Keywords: Android browser, security, adblock, tracking, encryption, benchmark test 2 SECURITY AND PRIVACY FEATURES OF DIFFERENT ANDROID BROWSERS 1 INTRODUCTION This chapter provides an overview of most important The increased use of mobile devices to store large security features of a large number of popular Android amounts of data also carries a risk of loss or theft, which browsers. can compromise the security of information. In order to minimize the risks of such abuses, mobile and wireless Ghostery [9] users need to be aware of security issues relating to the • Provides an instant overview of the trackers on each technology [1]. One of the factors that significantly affects visited site, then block or allow them. the level of security in the use of mobile devices is browser • Manage website whitelists. [2]-[4]. Safe browsing concept protects users against • Largest tracker database - with over 2200 trackers and Internet security threats by allowing applications to check 4500 scripts. URLs against lists of unsafe web resources, such as social engineering sites (phishing and deceptive sites), and sites • Additional privacy options with quick and easy access that host PHAs (Potentially Harmful Applications) or to clear cookies, cache, and granular history. unwanted software. When users attempt to visit an unsafe Dolphin Zero [10] web resource, their safe browsing-supported browser • Adblock is one of the best adblock-browser. displays a warning. There are a large number of browsers • Incognito browsing. on the market with very different security features. Before installing one of them, it is useful to first know their • Clean UI (user interface) and fast navigation - user can capabilities and compare them with each other [5]-[8]. add most visited websites as speed dial icons with a friendly UI and one-touch access. Android browsers use different security features (general overview): That includes theming (theming consists of changing the user interface without changing the application logic), • Using website whitelists - list of items (e-mail flash support, ad-block, incognito mode, and some tertiary addresses or domain names) from which a blocking features like gesture controls. There is also optional add- program (spam filter) will allow messages to be on and extension support. received. When a whitelist is used, all entities are denied access, except those included in the whitelist. Firefox Focus [11] • Blocks a wide range of common Web trackers without • Possibility of clearing cookies, cache, and granular any settings to set. history (no passwords, no cookies, no trackers). • Erases user's history. • Blocking or allowing trackers. • By removing trackers and ads, Web pages may require • Adblocker - user can block pop-ups, advertisements, fewer data and load faster. banners & ad-videos. ©The author(s). Open access is under the terms of the Creative Commons Attribution Non-Commercial No 30 Derivatives 4.0 International Licence. Čisar, P., Cisar, S. M., Fürstner, I.(2020): General characteristics of Android... Bánki Közlemények 3(1), 30-35. This is a security-focused browser application. • Password protected - Prevent any snooping on recent Basically, every session is in privacy mode. Some features browsing activity, even if it is still active in recently include a one-tap history deletion process, a fairly decent opened applications. Only the user can open the ad-block, and it blocks most types of web trackers. browser. Firefox [12] CM Secure [17] Private browsing mode with added tracking protection - • Fraud prevention - Warns when browsing potentially stops ads that track and follow user around the Internet. fraudulent or malicious websites. Browsing history will not be remembered or cookies saved • Malicious download protection - Scans apk file after the action. downloads for malware, keeping the device secure. Frost Incognito Browser [13] • User agent - Supports user agent switching to access • Tabbed browsing - Fast, full featured tabbed browser desktop sites. with HTML 5 video support, popup blocker, and user agent switching. Chrome [18] • Privacy – use incognito mode to browse without • Ad blocking - Built in ad blocker speeds up page saving the history. loading and reduces data usage. • Do Not Track feature - Chrome will automatically • Privacy protection - Automatically clears all browsing send a Do Not Track request with the browsing traffic. history when closing the application. • Safe browsing technology - showing a warning on • Image & bookmark vault - Download images from the screen if user tries and navigates to a page which it web and save bookmarks into a hidden, password deems to be unsafe. protected vault. • Autofill and payments - Given it pre-populates • Import & export images - Import or export pictures addresses and credit card details on applications and between device storage and image vault. websites, someone with access to user's phone could • Complete stealth - Frost looks and functions like any not only steal his identity but also rack up a significant other normal browser, until user enter his password amount of spending before he realize something is into the address bar, which reveals image and wrong. bookmark vaults. • Setting of site permissions • Vault protection - The contents of vaults is hidden • Managing user's syncing options from other applications (for instance, gallery or camera) and not viewable when connected to a • Disabling sending of (security) reports to Google computer. • Disabling prediction services (suggestion of search Privacy Browser [14] terms and websites) This browser protects the privacy by disabling features InBrowser [19] like JavaScript, DOM (Document Object Model) storage, • No data is saved. and cookies that are used by websites to track users. • TOR support via Orbot. Settings can be adjusted by domain and on-the-fly to enable these features when needed. In addition, the • Supports agent cloaking (no more mobile version of browser incorporates the EasyList block lists, which block sites). many tracking technologies even when JavaScript is • Deep integration with LastPass. enabled. Asus Browser [20] Security and privacy features: • Lightning speeds - ASUS Browser runs on leading • TOR (The Onion Router) Orbot proxy support Chrome-based engine to load web pages rapidly. • SSL certificate pinning • Adapts to a region - The Navigation panel displays the • Full screen browsing mode popular websites according to user's location. • Night mode • Secure Browsing - Built-in security features protect from malware and phishing sites. Krypton [15] • Do-It-Later - Mark pages as a task to be read later • Privacy - History, cookies and site data are never when convenient. stored on disk, and never transmitted. • Import bookmarks - Import saved pages in Google • Security - Each tab is isolated in a separate OS Chrome to user's browser. process. Every tab is treated as a distinct instance, with its own memory storage and state. Puffin [21] • Anonymity - Enable TOR with a single tap to hide the • Puffin speeds up mobile browsing by shifting the IP, avoid surveillance, and circumvent censorship. workload from the resource-limited devices to the Includes HTTPS Everywhere (enforces SSL security cloud servers. wherever that’s possible), and mitigates common • It’s safe to use public non-secure WiFi through Puffin, fingerprinting techniques. but not safe at all for most browsers. Javelin [16] • Puffin uses a proprietary compression algorithm to • Ad block - web browsing with no ads. transmit web data to device, and it can save up to 90% of bandwidth on regular web browsing. • Always incognito - The web history is never saved, and cookies are always deleted. No one needs to know Brave [22] someone's surfing habits.