Is your feature request related to a problem? Please describe.
Tor Browser/Firefox per default provides "HTTPS-Only Mode" for enhanced security with regards to malicious exit nodes and cleartext HTTP connections ("Settings" -> "Privacy & Security"). Orbot currently doesn't support a comparable feature, which increases its own/proxied app's vulnerability to this type of attack.
Describe the Solution You'd Like
To make Orbot more secure and hardening process easy to maintain, I suggest to provide an HTTPS-enforcing mode similar to Tor Browser, integrated into Orbot user interface as configuration setting. This mode might either be configured globally or per app.
Describe the Alternatives You've Considered
It currently is needed to inspect each proxied app with regards to its support of plain HTTP (^1). Also an app might use socket API, in which case app policies won't help with blocking HTTP.
Another possible alternative would be some kind of filtering HTTP proxy app, e.g. on Android running in Always-on VPN mode. But In addition to blocking the VPN slot and me not knowing an existing solution (please let me know otherwise), proxy probably needs to be made aware of some of the Tor internals. For example there is an issue regarding dealing with OCSP on port 80, where current decision apparantely is to keep it enabled.
Additional Context
^1: App policy needs to be inspected manually by looking at AndroidManifest.xml for a flag android:usesCleartextTraffic. If exists and set to "true", app allows plain HTTP, which makes it unsafe for usage with Orbot. The other way is more fine-grained HTTP whitelisting via Network security config API. Corresponding config entries need to be looked up as well.
Is your feature request related to a problem? Please describe. Tor Browser/Firefox per default provides "HTTPS-Only Mode" for enhanced security with regards to malicious exit nodes and cleartext HTTP connections ("Settings" -> "Privacy & Security"). Orbot currently doesn't support a comparable feature, which increases its own/proxied app's vulnerability to this type of attack.
Describe the Solution You'd Like To make Orbot more secure and hardening process easy to maintain, I suggest to provide an HTTPS-enforcing mode similar to Tor Browser, integrated into Orbot user interface as configuration setting. This mode might either be configured globally or per app.
Describe the Alternatives You've Considered It currently is needed to inspect each proxied app with regards to its support of plain HTTP (^1). Also an app might use socket API, in which case app policies won't help with blocking HTTP.
Another possible alternative would be some kind of filtering HTTP proxy app, e.g. on Android running in Always-on VPN mode. But In addition to blocking the VPN slot and me not knowing an existing solution (please let me know otherwise), proxy probably needs to be made aware of some of the Tor internals. For example there is an issue regarding dealing with OCSP on port 80, where current decision apparantely is to keep it enabled.
Additional Context ^1: App policy needs to be inspected manually by looking at
AndroidManifest.xml
for a flagandroid:usesCleartextTraffic
. If exists and set to"true"
, app allows plain HTTP, which makes it unsafe for usage with Orbot. The other way is more fine-grained HTTP whitelisting via Network security config API. Corresponding config entries need to be looked up as well.