\documentclass[aspectratio=169]{beamer} \mode { \usetheme{Hannover} \setbeamertemplate{authors}{} % Remove navigation symbols. \setbeamertemplate{navigation symbols}{} } % Dark theme. Comment if there's lots of ambient light. %\usecolortheme{owl} \usepackage{color} \usepackage[utf8]{inputenc} \usepackage{listings} \usepackage{graphicx} \usepackage[font=tiny,skip=0pt]{caption} \usepackage{verbatim} \graphicspath{{img/}} % Use symbols instead of numerals for footnotes. \renewcommand{\thefootnote}{\fnsymbol{footnote}} % Reset footnote counter every section. \makeatletter \@addtoreset{footnote}{subsection} \makeatother \newcommand{\iconframe}[2] { \begin{minipage}[t]{2.5em} \includegraphics[width=\textwidth]{app-icons/#1} \captionof*{figure}{#2} \end{minipage} } \title[The Chromium mess meets Android]{The Chromium mess meets Android} \subtitle{Proposals on how to get a fully free WebView build or replace it with something completely new} \author{David Ludovino \and Jeremy Rand \thanks{\footnotesize with support from Andrés D and Kurtis Hanna}} \institute[Replicant]{Replicant} \date{} \logo{\includegraphics[scale=0.25]{logo}} \titlegraphic{\includegraphics[width=4em]{logo}} \begin{document} \begin{frame} \maketitle \end{frame} \section{What is WebView?} \begin{frame}[fragile] \frametitle{What is WebView?} \begin{columns} \begin{column}{0.6\textwidth} Renders web content (HTML, CSS, JavaScript) inside apps.\\\bigskip API has been around since Android 1.\\\bigskip \lstset{ language=Java, basicstyle=\scriptsize\ttfamily, keywordstyle=\color{blue}, stringstyle=\color{orange}, } \begin{lstlisting} public class MainActivity extends Activity { @Override protected void onCreate(Bundle state) { super.onCreate(state); WebView v = new WebView(this); setContentView(v); v.loadUrl("https://replicant.us"); } } \end{lstlisting} \end{column} \begin{column}{0.3\textwidth} \includegraphics[width=\textwidth]{webview-sample} \end{column} \end{columns} \end{frame} \subsection{Which apps use it?} \begin{frame} \frametitle{Which apps use WebView?} Apps that render HTML: email clients, RSS readers, etc.\\\bigskip Became pervasive with the advent of cross-platform mobile frameworks.\\\medskip \begin{block}{Half of the apps listed at PRISM Break depend on WebView} \vspace{1ex} \centering \begin{tabular}{c | c} uses WebView & does not use WebView \\ \hline \iconframe{k9mail}{K-9 Mail} \iconframe{osmand}{OsmAnd} \iconframe{nextcloud}{Nextcloud} \iconframe{ttrss}{Tiny Tiny RSS} \iconframe{i2p}{I2P} & \iconframe{orbot}{Orbot} \iconframe{fdroid}{F-Droid} \iconframe{andotp}{andOTP} \iconframe{shaarlier}{Shaarlier} \iconframe{briar}{Briar} \\ \iconframe{wallabag}{wallabag} \iconframe{openkeychain}{OpenKeychain} \iconframe{etesync}{EteSync} \iconframe{syncthing}{Syncthing} \iconframe{signal}{Signal} & \iconframe{conversations}{Conversations} \iconframe{silence}{Silence} \iconframe{tincapp}{Tinc App} \iconframe{keepassdx}{KeePass DX} \iconframe{jami}{Jami} \\ \iconframe{dandelion}{dandelion*} \iconframe{nomad}{Nomad} \iconframe{tusky}{Tusky} \iconframe{movim}{Movim} & \iconframe{bitmask}{Bitmask} \iconframe{wireguard}{Wireguard} \iconframe{fennec}{Fennec F-Droid} \iconframe{torbrowser}{Tor Browser} \iconframe{thorium}{Thorium} \\ \end{tabular} \end{block} \end{frame} \subsection{What's underneath it?} \begin{frame} \frametitle{What is underneath WebView?} \includegraphics[width=3em]{webkit} WebKit until Android 4.3 Jelly Bean (API 18).\\ \vspace{3\baselineskip} \includegraphics[width=3em]{chromium} Chromium from Android 4.4 KitKat (API 19) onwards. \end{frame} \section{What's the matter with Chromium?} \begin{frame} \frametitle{What's the matter with Chromium?} Privacy issues: \begin{itemize} \item Background requests to Google during build and run. \item Depends on Google services for several features (e.g. Safe Browsing). \item Limited privacy controls. \item API prevents extensions from blocking ads. \end{itemize} \medskip \pause Security issues: \begin{itemize} \item Prevents users from escaping the certificate authority system for TLS. \end{itemize} \medskip \pause Freedom issues: \begin{itemize} \item Pre-built binaries throughout the code base. \item Missing license in some source files. \end{itemize} \medskip \pause Verdict: unfit for fully free-software distributions. \end{frame} \section{WebView and Replicant} \begin{frame} \frametitle{WebView and Replicant} \begin{columns} \begin{column}{0.1\textwidth} \includegraphics[width=\textwidth]{replicant} \end{column} \begin{column}{0.9\textwidth} Replicant: \begin{itemize} \item Android distribution \item compliant with GNU Free System Distribution Guidelines (FSDG) \end{itemize} \end{column} \end{columns} \vspace{2\baselineskip} Using outdated WebView based on Chromium 43: lots of security concerns.\\ \vspace{2\baselineskip} How to create a WebView build that respects user's privacy and freedom? \end{frame} \section{Chromium forks} \subsection{Desktop Chromium} \begin{frame} \frametitle{Desktop Chromium forks} \begin{itemize} \item \includegraphics[height=2em]{chromium} ungoogled-chromium: aligned with privacy and freedom \item \includegraphics[height=2em]{bromite} Bromite: can build WebView; only focused on privacy and ad blocking \item \includegraphics[height=2em]{debian} Debian: replaces pre-builts with system libs; Google services not removed \item \includegraphics[height=2em]{iridium} Iridium: one step on every direction; not as thorough as others \end{itemize} \vspace{2\baselineskip} \begin{columns} \begin{column}{0.1\textwidth} \includegraphics[width=\textwidth]{guix} \end{column} \begin{column}{0.9\textwidth} Guix, a FSDG compliant distro, uses:\\ ungoogled-chromium + build recipe that removes some files. \end{column} \end{columns} \end{frame} \lstset{ basicstyle=\fontsize{5}{5}\ttfamily, keywordstyle=\color{brown}\bfseries\underbar, otherkeywords={google,Google} } \subsection{Android Chromium} \begin{frame} \frametitle{Android Chromium forks} Android builds require many more pre-builts and proprietary dependencies.\\ E.g.: Google Mobile Services (GMS)\\\bigskip \begin{itemize} \item \includegraphics[height=2em]{chromium} ungoogled-chromium-android: ungoogled-chromium + Android specific patches; has some remaining pre-builts \item \includegraphics[height=2em]{unobtainium} Unobtainium: aimed to be built within F-Droid (forbids pre-builts); project is unmaintained \end{itemize} \end{frame} \begin{frame}[fragile] \frametitle{Android Chromium forks} \verb;strings classes.dex | grep google; \begin{block}{Chromium 78 WebView - 227 lines} \lstinputlisting{txt/chromium78-webview-google-strings} \end{block} \end{frame} \begin{frame}[fragile] \frametitle{Android Chromium forks} \verb;strings classes.dex | grep google; \begin{block}{Bromite 78 WebView - 124 lines} \lstinputlisting{txt/bromite78-webview-google-strings} \end{block} \end{frame} \begin{frame}[fragile] \frametitle{Android Chromium forks} \verb;strings classes.dex | grep google;\\\bigskip \begin{block}{ungoogled-chromium-android 77 WebView - 10 lines} \lstinputlisting{txt/ungoogled77-webview-google-strings} \end{block} \begin{block}{Replicant 6 WebView - 7 lines} \lstinputlisting{txt/replicant6-webview-google-strings} \end{block} \end{frame} \subsection{Stepwise cleansing} \begin{frame} \frametitle{Approach \#1: Stepwise cleansing} Still no 100\% free-software WebView apk void of privacy concerns.\\\bigskip Tentative approach: \begin{enumerate} \item Start with Guix's source code for ungoogled-chromium. \item Run Ubuntu's license check script on it. \item Check if original Chromium bug about licensing still applies (was mostly related to third-party code). \item Try to build WebView (will probably fail). \item Cherry pick patches from ungoogled-chromium-android and Unobtainium. \item Build everything in fdroid-server (picks leftover pre-builts). \item Send recipe for peer-review at GNU-linux-libre. \end{enumerate} \end{frame} \section{GeckoView shim} \begin{frame} \frametitle{Approach \#2: WebView API compatibility shim for GeckoView} Chromium fork requires constant maintenance burden.\\\smallskip Google's interests do not align with ours. Check Mozilla.\\ \vspace{2\baselineskip} \begin{columns} \begin{column}{0.1\textwidth} \includegraphics[width=\textwidth]{geckoview} \end{column} \begin{column}{0.9\textwidth} GeckoView: \begin{itemize} \item Java wrapper for Gecko browser engine. \item Used in Android apps as replacement for WebView. \item API is incompatible with WebView: not meant to be a drop-in. \end{itemize} \end{column} \end{columns} \end{frame} \subsection{Mapping WebView to GeckoView} \begin{frame}[fragile] \frametitle{Mapping WebView to GeckoView} \begin{itemize}[<+->] \setlength\itemsep{1em} \item Some functions have a 1:1 mapping.\\\smallskip {\small \begin{tabular}{l | l} WebView & GeckoView \\ \hline \verb|goBack()|, \verb|goForward()| & \verb|GeckoSession.NavigationDelegate|\\ \verb|loadUrl()| & \verb|GeckoSession.loadUri()|\\ \verb|stopLoading()| & \verb|GeckoSession.stop()| \end{tabular} } \item Others require emulation.\\\smallskip {\small \begin{tabular}{l | l} WebView & GeckoView \\ \hline \verb|getTitle()| & \verb|GeckoSession.HistoryDelegate.HistoryItem.getTitle()|\\ \verb|pageDown()| & \verb|PanZoomController.scrollBy(width,height)| \end{tabular} } \item Others require more features from Gecko to be exposed via GeckoView, e.g. \verb|zoomIn()|. \item Others still, added on latest Android APIs (26-29), seem too tied to Chromium, e.g. \verb|getWebViewLooper()|, \verb|getWebChromeClient()|, \verb|getWebViewClient()|. \end{itemize} \end{frame} \begin{frame} \frametitle{Mapping WebView to GeckoView} Requires a considerable effort.\\\bigskip Can pay off in the long-term: no need to constantly scout for proprietary dependencies and privacy issues.\\\bigskip Burden may be lessened by collaborations, e.g., qt5-webengine replacement with Gecko underneath. \end{frame} \section{GeckoView on apps} \begin{frame} \frametitle{Approach \#3: GeckoView on apps} Fork apps to use GeckoView instead of WebView.\\\bigskip Impossible for the small Replicant team to maintain.\\\bigskip Would only work if app maintainers perceive GeckoView as a better alternative.\\\bigskip GeckoView adds a $\sim$20 MiB bloat to any app. \end{frame} \section{Feedback?} \begin{frame} \frametitle{Feedback?} \begin{itemize} \setlength\itemsep{1em} \item Questions \item Comments \item Ideas \item Collaboration \end{itemize} \vspace{2em} All welcomed! \end{frame} \begin{frame} \frametitle{Licenses (I)} {\scriptsize \begin{tabular}{l | l | l} item & source & license \\ \hline K-9 Mail logo & \url{https://github.com/k9mail/k-9} & Apache-2.0 \\ OsmAnd logo & \url{https://github.com/osmandapp/Osmand} & CC-BY-NC-ND 4.0 \\ Nextcloud logo & \url{https://github.com/nextcloud/android} & AGPLv3 \\ Tiny Tiny RSS logo & \url{https://gitlab.com/derSchabi/tttrsss} & GPLv3 \\ I2P logo & \url{https://github.com/i2p/i2p.android.base} & Apache-2.0 \\ Orbot logo & \url{https://gitweb.torproject.org/orbot.git} & BSD \\ F-Droid logo & \url{https://gitlab.com/fdroid/fdroidclient} & GPLv3 \\ andOTP logo & \url{https://github.com/andOTP/andOTP} & MIT \\ Shaarlier logo & \url{https://github.com/dimtion/Shaarlier} & GPLv3 \\ wallabag logo & \url{https://github.com/wallabag/android-app} & GPLv3 \\ OpenKeychain logo & \url{https://github.com/open-keychain/open-keychain} & GPLv3 \\ EteSync logo & \url{https://github.com/etesync/android} & GPLv3 \\ Syncthing logo & \url{https://github.com/syncthing/syncthing-android} & MPLv2 \\ Briar logo & \url{https://code.briarproject.org/briar/briar} & GPLv3 \\ Conversations logo & \url{https://github.com/siacs/Conversations} & GPLv3 \\ Signal logo & \url{https://github.com/signalapp/Signal-Android} & GPLv3 \\ Silence logo & \url{https://git.silence.dev/Silence/Silence-Android} & GPLv3 \\ Tinc App logo & \url{https://github.com/pacien/tincapp} & GPLv3 \\ KeePass DX logo & \url{https://github.com/Kunzisoft/KeePassDX} & GPLv3 \\ dandelion* logo & \url{https://github.com/gsantner/dandelion} & GPLv3 \\ Nomad logo & \url{https://framagit.org/disroot/AndHub} & GPLv3 \\ \end{tabular} } \end{frame} \begin{frame} \frametitle{Licenses (II)} {\scriptsize \begin{tabular}{l | l | l} item & source & license \\ \hline Tusky logo & \url{https://github.com/tuskyapp/Tusky} & GPLv3 \\ Movim logo & \url{https://github.com/movim/movim_android} & AGPLv3 \\ Jami logo & \url{https://git.jami.net/savoirfairelinux/ring-client-android} & GPLv3 \\ Bitmask logo & \url{https://0xacab.org/leap/bitmask_android} & GPLv3 \\ WireGuard logo & \url{https://git.zx2c4.com/wireguard-android} & Apache-2.0 \\ Fennec logo & \url{https://hg.mozilla.org/releases/mozilla-esr68} & MPL-2.0 \\ Tor Browser logo & \url{https://gitweb.torproject.org/tor-browser.git} & MPL-2.0 \\ Thorium logo & \url{https://github.com/sschueller/peertube-android} & AGPLv3 \\ WebKit logo & \url{https://en.wikipedia.org/wiki/File:WebKit_logo_(2015).svg} & non-free \\ Chromium logo & \url{https://commons.wikimedia.org/wiki/File:Chromium_11_Logo.svg} & CC-BY 2.5 \\ Replicant logo & \url{https://redmine.replicant.us/projects/replicant/wiki/Artwork} & CC-BY-SA 3.0 \\ Guix logo & \url{https://git.savannah.gnu.org/cgit/guix/guix-artwork.git/} & CC-BY-SA 4.0 \\ Bromite logo & \url{https://github.com/bromite/bromite.github.io} & GPLv3 \\ Iridium logo & \url{https://github.com/iridium-browser/artwork} & non-free \\ Debian logo & \url{https://www.debian.org/logos/} & CC-BY-SA 3.0 \\ Unobtainium logo & \url{https://gitlab.com/thermatk/Unobtainium} & BSD \\ GeckoView logo & \url{https://github.com/mozilla/geckoview} & non-free \\ everything else & this slideshow & CC BY-SA 4.0 \end{tabular} } \end{frame} \end{document}