Mobile browser Security.
 

I'm wondering what browser security addons work for Firefox on my S7 Edge phone & Nexus Tablet. For a while, I got one phone text per month (I suspect through my provider) with a link to some dodgy site on http://bit.ly/. On the PC, it looked dodgy; On the mobile it was a whole different experience - a draw, or a game; say yes once and you got a malware download. On Tor, it just didn't want to know. I couldn't read it on lynx.

I tried noscript, but I couldn't even get slashdot.org up, and didn't see a way to disable it on certain sites.

What are folks using?

Firefox on Android has nothing to do with phone text messages.
I did not understand what you are trying to achieve.
Generally speaking, all addons should at least be installable, most of them should work.

Yes firefox has nothing to do with texts. Did I say that? I mentioned the texts as traps, but I don't think firefox opens them.

I'm generally wondering what I can do to make phone browsing safer - something that would stop tripping over such a link as I used to receive from my last phone provider.

I use naked browser pro. It allows turning scripts and images on-off as easy as tapping an icon. So, I have it set to default off off. The non pro version of naked browser allows scripts/images off too, but you have to go into the preferences every time. It's about the best lightest functional browser I know of for droid.(matter of opinion)

I do not have google play store installed on any android device. I use fdroid or yalp store. Look that up on fdroid. It allows software to be downloaded/installed from the play store without a google account.

I don't hook up to public wifi, I have roaming turned off, I mostly use it as a phone.

So to answer your question, I leave scripts and images off in the web browser, I don't answer calls or texts from numbers I do not know. If you want to call me you will have to tell me your number before hand so I can put it into the address book. I don't get any weird texts. I think that maybe I got one. I do get calls from the spammers. It goes in spurts. They will call, spoofing their number, for 2 or 3 days, then it will stop for a while.

As far as mail, I get it browser based. I don't use an app for anything if I don't have to. I don't trust google, I don't trust android. For anything important I sit down at the pc.

Edit:
https://f-droid.org/en/packages/com....min.yalpstore/

https://f-droid.org/en/packages/com....kin.yalpstore/

https://play.google.com/store/apps/d...owser&hl=en_US

Comodo offers an Android security suite. We are using it on one of our devices and it seems to work nicely.

@teckk: "Just because they say you're paranoid doesn't mean they're not out to get you…" I suppose it's Tails on the pc?

Thanks, guys, both of you. I will definite look at those browsers. I'm not doing anything that requires security today, but I would like to get rid of my gmail account, but have to hold onto it for the play store. If those alternatives do the business, I can lose it. As I understand it, google is into selling advertising info, and passes police everything they want to know, and just about any site you mention (even LQ) sells on data to google anyhow.

As my phone has twin SIM capability, I mean to buy one of those anonymous type cash up front SIMS, but they're not common here.

Guys, have you links for any of that stuff?

Naked Browser I have. I followed their advice and started with the free one.
Fdroid, Yalp, or Android Security Suite aren't so easy.

fdroid, you simply go to their site and download the app that you want. Then side load it onto the phone. Know what that means? You have to go into to setup on the droid and allow installing from non play store. If you try to open the .apk file in your androids file browser, android will usually ask you if you want to allow installing from non play store and how it's bad, blah blah. Allow it. Now, you'll often times have to choose an .apk app for the version of droid that you have. Some will work with version 4.2 to present, others need at least 6.0 etc. Look at the specs for the app before you download it.

Yalp store is on fdroid. Get it, install it, run it. It seems to be like youtube-dl. Only good for a while until it no longer works and you'll need an upgrade.

I often times get an app that I want from the play store. And yalp will allow you to download an app from the play store without installing it, to a folder that you want. That means that you have the .apk file to do what you want with. You can transfer that to your desktop or external HD to keep a backup, you can also put that on other droid devices from your PC and install it on them. Another words download once, give it to whatever droid device that you want. But it'll only work if made for that droid version.

That's what I do. No google account on my droids. Period. If you want you can go into the settings and disable play store so that it won't hound you. I haven't done that for a while...I think that you need it for yalp, so you'll have to enable it for it to work.

Anyway..a droid can/will work without a google account. Not gmail, or the play store, no of course not. But you can open a browser and get your gmail. The site even allows basic html version without scripts turned on. Is it harder and less convenient to use that way? Of course.

Then there are sites across the internet that have free downloads of .apk files. Can you trust them? Decide for yourself.

Edit: Spelling

And to that end, open duckduckgo or google and search for
I neither promote or criticize those results. But it shows that play store is certainly not needed for a droid.

Then you might ask, what about the possibility of malware on those sites. I would say so.

Looked at the play store lately? Just about all of those apps are spyware for advertising and data collection. They are in the open about it.

Ever compile tcpdump for droid and let it run in jackpal terminal? About like installing zonealarm on a windows machine, and watching every single process that tries to access the internet without permission.

So.. I think that droid and security are oxymorons.

I have Galaxy Note 9
two browsers:
firefox
installed addons:
uBlock Origin for mobile
CanvasBlocker
decentraleyes

heavily edited prefs.js in a fashion similar to desktop version of firefox (some options are not available).

tested on very decent test site (e.g. panopticlick) and in everyday life. No issues so far. When connected to VPN router, no leaks detected.

that is good to fend off any trackers, cookies, adds
second browser: Tor - no modifications

In general, minimum software installed.
Even though this is not rooted device (too much bother with updates), I used adb to remove all google and Samsung bloatware (including a lot of apps that user is not able to remove).
Whenever possible replaced default apps with ones that do not call home.

total time required: 1 day.

Personally I am against all antivirus/security software for the phone.

And adb refers to android debug bridge
https://wiki.archlinux.org/index.php...d_Debug_Bridge
Which is way more info than you asked for @business_kid

But other people read these threads.

The same Addons you use at home. Noscript? uMatrix? Yes, and yes. Pain in the sphincter to use on a touchscreen device though.
Oh, and f-droid is here: https://f-droid.org/
and I use this version of FF: https://f-droid.org/en/packages/org.....fennec_fdroid

Very helpful & educational links & posts, guys. Thank you all for sharing your secrets. Curiously, I'm not in favour of anti-virus either.I do dislike telling google everything, I shun built-in apps, and I fear nasty javascript.

If you want to try ADB and bloatware removal get platform tools from here:
https://developer.android.com/studio...platform-tools

on linux this installs nothing, just decompresses the package (I have Slackware).
This is better that distro specific installation because you will avoid some bizarre dependencies.

I removed more than 150 apps (but I have seen users removing as much as 250 apps).
For ADB to work you will have to enable Developpers Options and from there USB debugging

Whole process is pretty easy and also reversible ("removal" just removes software from user account, so it is easy to re-install/enable it back if needed), there is an option do disable app, but in the view that software is not really removed, I don't see any point for this option. Also no need for system reset (which will re-enable all apps). Just re-connect Samsung to your computer and using adb install removed software.

I don't think that with exception of Tor browser you will find anything better than firefox, because all android firefox based browsers are really conservative in terms of enabling privacy security options so you will have to tweak prefs.js anyway.
Everything chrome derived is just waste of time.

If you really need to install something, make sure to check required prermissions. Don't keep location on if you are not using maps or bluetooth on if not connected to a bluetooth device.

That's the third spam post I reported today, one of them 3 days old.

I feel a witty remark on the back of my tongue, about moderators being too busy policing forum members to actually do the boring part of their job... oops, it slipped out. :D