Thursday, October 11, 2012

Phishing and malware protection arrives on mobile devices

I'm happy to announce malware and phishing protection is now enabled in Firefox for Android, and available in the Aurora and Nightly builds. It will be released in Firefox 18. As far as I could tell, Firefox is the first browser to offer this feature to mobile users.

The phishing and malware protection works by regularly updating a local list of known, bad sites, graciously provided by Google through their SafeBrowsing database. Whenever Firefox detects that you navigate to such a site, or that a page you visit is trying to pull data from it, Firefox will present you with a warning page and allow you to abort the operation.

I blogged previously about our intent to rework the database to a size acceptable to mobile devices, and the subsequent rewrite of the SafeBrowsing backend. The remainder of the work had to be postponed a little as we worked vigorously to finish the new Native Firefox for Android for phones and tablets.

Some of the remaining tasks were verifying that the new backend processes all SafeBrowsing updates correctly. This was done by writing an external Python program that can read in both the old and new format files, which turned out to be very useful in debugging the file format documentation as well.

Another issue that remained was the need for the updates to be very resilient on a mobile platform. For example on Android the application can be killed nearly at will by the Operating System, and care must be taken that the database not only doesn't get corrupted, but that as little data as possible is lost if this happens in the middle of an update. The old backend got this functionality mostly for free through the ACID features of SQLite, but for the new backend some extra work was necessary.

The final step was then updating the SafeBrowsing warning screens and support code for Firefox for Android, which we finished last week. For the future, our UX team is currently busy with a new, nicer visual design for the warning pages that will be shared between Firefox for Android and Firefox OS. But in the mean time, enjoy the added protection already. I sincerely wish you will never have to encounter either of these pages, anyway!

Phishing warning

New UX Design


14 comments:

  1. Hi Gian Carlo,
    can I have your feedback about this?
    Thanks!

    ReplyDelete
    Replies
    1. We already implement V2 of the protocol (NSS is probably confused there). I think you're talking about the extra "download protection" service. This has been covered in previous blog posts here. Basically the privacy issues with that protocol are too severe to allow it to be included in Firefox. I also already replied to issues with the measurement methodology of the NSS reports.

      Delete
    2. Thanks for the explanetion.

      Delete
  2. Means Alert page would start coming on Mobile, Since now.
    But this is good for the health of mobile internet browsing....

    ReplyDelete
  3. >"As far as I could tell, Firefox is the first browser to offer this feature to mobile users."
    Not really : http://www.opera.com/press/releases/2012/10/09/ :)

    ReplyDelete
    Replies
    1. We've had the feature for a few days, but I only just got to writing the announcement for it.

      Sorry Opera, Firefox had it first!

      Delete
  4. Replies
    1. What is your question exactly? You are probably thinking of Private Browsing, which is an entirely different feature.

      Delete
  5. i' am missing further the support of client certificates for using https.

    ReplyDelete
  6. Another thing that the would really prevent phishing and scams would be if the damn URL displayed in the address bar instead of the page title.

    ReplyDelete
  7. Gian where i can suggest some features? A home button would be nice. I had to add about:home in favorites so I can go back. Change the download folder as well as private navigation option. Sorry for disturbing you!

    ReplyDelete
    Replies
    1. At our feedback site on input.mozilla.org or (if you want to keep following up) file a bug at https://bugzilla.mozilla.org/

      We have work in progress to make the about:home page customizable. Private browsing is already in the Aurora and Nightly versions, you probably want to try those if you want new features faster.

      Delete