1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
|
# The Chromium mess meets Android
Proposals on how to get a fully free WebView build or replace it with something
completely new.
## What is WebView?
The WebView API[1] has been around since the first version of Android. It allows
developers to render web content (HTML, CSS, JavaScript) inside their
applications. It's use was at first limited to apps that needed to show bits of
HTML, such as email clients and RSS readers. However it's use has become much
more pervasive with the advent of cross-platform mobile frameworks such as
Cordova, Xamarin and React Native, that render most of the apps' content inside
WebView. A quick run through the apps listed at PRISM Break[2] showed that
almost half on them depend on WebView.
WebView was at first built out of the WebKit code tree, but it switched to a
Chromium based build from Android 4.4 (KitKat) onwards[3]. As the years go by,
Chromium has proved to be a minefield of privacy[4] and freedom issues[5][6] and
thus unfit for inclusion[7] in distributions that abide by the Free System
Distribution Guidelines (FSDG)[8].
## WebView and Replicant
Replicant[9], a fully free-software Android distribution that follows the FSDG,
has been using an outdated build of WebView, based on Chromium 43, back from
when the Chromium Android build did not depend on proprietary libraries. This
outdated version is becoming a severe security hazard[10] and must be replaced
soon. Unfortunately this means that Replicant is now left with the burden of
creating a WebView build that respects user's privacy and freedom. We have been
exploring different paths to do so, that go all the way from further cleaning
the Chromium source after projects like ungoogled-chromium-android[11], to fully
replacing WebView by a shim built around GeckoView[12].
## Approach 1: Chromium forks
At first, we reviewed the several ongoing projects that strive to clean the
Chromium mess:
- ungoogled-chromium seemed to be aligned with both privacy and software
freedom[4].
- Bromite is quite interesting for the fact that the codebase is used to build
WebView[13]. However it is only focused on privacy and ad blocking, not on
software freedom.
- Debian has a limited patch set that strives to use system libs instead of
binaries[14] but does not go as deep as ungoogled-chromium when it comes to
removing Google services[15].
- Iridium tries a step on every direction[16]. It isn't as thorough as
ungoogled-chromium about ungoogling and doesn't seem to replace built-in
binaries for system libs.
We then found out that Guix, a FSDG compliant distro, claims a good measure of
success[17][18][19] with an approach based on ungoogled-chromium. They run it
through a build recipe that removes a few extra files[20].
Both the upstream ungoogled-chromium as well as the Guix recipe target desktop
builds of Chromium. Unfortunately a build for Android requires many more
prebuilts and proprietary dependencies such as the Google Mobile Services
(GMS)[21]. On the bright side, there are projects that strive to get clean
Chromium builds for Android too:
- ungoogled-chromium-android[11] builds upon ungoogled-chromium with Android
specific patches and fixes. It even provides a F-Droid repository with a
WebView build[22]. Unfortunately, supporting Android meant adding prebuilts
that could no yet be removed[23].
- Unobtainium[24] is a project that, besides removing Google services and
libraries from Chromium, also tried to get rid of all prebuilts. The goal was
to be built from within F-Droid. Unfortunately the project has been dormant
for an year now, while Chromium advanced full speed ahead.
### Fully free WebView apk with existing Chromium forks
So far no project could yet produce a WebView apk that is 100% free software and
void of privacy concerns. At Replicant we devised the following path that builds
upon these projects and could potentially lead to an acceptable WebView apk:
1. Start off with Guix's source code for ungoogled-chromium, i.e. after being
cleaned by their build recipe.
2. Run Ubuntu license check script on top of it.
3. Check if any "BlockedOn" issue from the original Chromium bug[5] still
applies (hint: most of them should be related to third-party code that was
removed).
4. Try to build WebView out of it (will probably fail).
5. Cherry pick all the necessary patches from ungoogled-chromium-android and
Unobtainium.
6. Try to build everything from fdroid-server like Unobtainium does. It's a
great way to pick leftover prebuilts.
7. Send recipe to be peer-reviewed at GNU-linux-libre, written in plain English,
and explaining how it addresses Luke's concerns[6].
## Approach 2: WebView API compatibility shim for GeckoView
Despite sensible and achievable, this previous approach would be met with a
constant maintenance burden, as the Chromium tree evolves and more proprietary
dependencies or privacy issues get added. Our major issue is that Google's
interests do not seem aligned with ours. As such, we turned our attention to
GeckoView[25][26], as Mozilla's interests seem much more aligned with us.
GeckoView is Java wrapper for the Gecko browser engine that turns it into a
reusable Android library. It can be used by Android apps as a substitute of
WebView, but unfortunately it has an incompatible API that wasn't meant to be a
drop-in replacement. As such, we analyzed the possibility of creating a shim to
bridge GeckoView and WebView APIs:
- Some functions have a 1:1 mapping, e.g.:
`WebView.goBack()` and `WebView.goForward()` > `GeckoSession.NavigationDelegate`
`WebView.loadUrl()` > `GeckoSession.loadUri()`
`WebView.stopLoading()` > `GeckoSession.stop()`
- Others would require emulation, e.g.:
`WebView.getTitle()` > `GeckoSession.HistoryDelegate.HistoryItem.getTitle()`
(iterate the list to get the most recent one)
`WebView.pageDown()` > `PanZoomController.scrollBy(width,height)`
- Others are nowhere to be found in GeckoView and would require modifications to
it in order to expose more features from Gecko, e.g.: `WebView.zoomIn()`
- Others still, which have been added to WebView on the latest APIs (26-29) are
too tied to Chromium, and perhaps the best option would be simply to not
support those, e.g.: `WebView.getWebViewClient()`,
`WebView.getWebViewLooper()`, `WebView.getWebChromeClient()`
The conclusion is that, as is, making GeckoView compatible with the WebView API
would require a considerable effort. However, the end result has the potential
to require much less maintenance: we wouldn't have to constantly scout the Gecko
source for proprietary dependencies and privacy issues.
The burden of this effort could also be lessened by trying to involve other FSDG
compliant distros as well as the KDE Free Qt Foundation. qt5-webengine, one of
the components of Qt, uses Chromium underneath and is currently embargoed from
FSDG compliant distros due to the same privacy and freedom concerns. Perhaps
some of this work could be shared with them in order to build a qt5-webengine
replacement with Gecko underneath.
## Approach 3: replace WebView for GeckoView on apps themselves
Another possible approach would be to fork the most important apps that depend
on WebView to use GeckoView instead. This approach would be almost madness as
too many apps depend on WebView. It would be impossible for the small Replicant
team to maintain this. It would only work if the app maintainers themselves
perceive GeckoView as a better alternative and start using it upstream.
## Feedback welcomed
Comments, ideas and specially collaborations are much welcomed.
## References
[1] https://developer.android.com/reference/android/webkit/WebView
[2] https://prism-break.org/en/categories/android/
[3] https://developer.chrome.com/multidevice/webview/overview
[4] https://github.com/Eloston/ungoogled-chromium#motivation-and-philosophy
[5] https://bugs.chromium.org/p/chromium/issues/detail?id=28291
[6] https://lists.nongnu.org/archive/html/gnu-linux-libre/2018-03/msg00098.html
[7] https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser
[8] https://www.gnu.org/distros/free-system-distribution-guidelines.html
[9] https://replicant.us
[10] https://redmine.replicant.us/issues/1780#note-10
[11] https://github.com/wchen342/ungoogled-chromium-android
[12] https://mozilla.github.io/geckoview
[13] https://www.bromite.org/system_web_view
[14] https://salsa.debian.org/chromium-team/chromium/tree/master/debian/patches/system
[15] https://salsa.debian.org/chromium-team/chromium/tree/master/debian/patches/disable
[16] https://github.com/iridium-browser/tracker/wiki/Differences-between-Iridium-and-Chromium
[17] https://lists.gnu.org/archive/html/help-guix/2019-04/msg00225.html
[18] https://lists.gnu.org/archive/html/guix-devel/2019-02/msg00294.html
[19] https://lists.nongnu.org/archive/html/gnu-linux-libre/2019-10/msg00020.html
[20] https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/chromium.scm#n75
[21] https://www.android.com/gms/
[22] https://github.com/wchen342/ungoogled-chromium-android#f-droid-repository
[23] https://github.com/wchen342/ungoogled-chromium-android/issues/7#issuecomment-545573899
[24] https://gitlab.com/fdroid/fdroiddata/merge_requests/3351
[25] https://mozilla.github.io/geckoview
[26] https://wiki.mozilla.org/Mobile/GeckoView
|
