UsageNotes » History » Version 8
Wolfgang Wiedmeyer, 04/06/2017 12:39 PM
browser and webview section part 1
| 1 | 1 | Paul Kocialkowski | h1. Usage Notes |
|---|---|---|---|
| 2 | |||
| 3 | General-purpose usage notes and tips |
||
| 4 | |||
| 5 | 2 | Wolfgang Wiedmeyer | h2. Enabling root access |
| 6 | |||
| 7 | To allow root access, open the *Developer options* in the settings. There, press *Root access*. In the pop-up menu, select either *Apps only*, *ADB only* or *Apps and ADB*, depending on how you want to restrict root access. See [[ADB]] for more information about root access with ADB. |
||
| 8 | |||
| 9 | h2. Device Encryption |
||
| 10 | 1 | Paul Kocialkowski | |
| 11 | 6 | Wolfgang Wiedmeyer | Tips for encrypting the device |
| 12 | |||
| 13 | h3. Setting a device encryption password separate from the lockscreen password |
||
| 14 | |||
| 15 | By default on Android, the encryption password is the same as the lockscreen password. As users tend to use a simple PIN, password or pattern for the lockscreen, the encryption can be easily circumvented with a "brute-force attack":https://en.wikipedia.org/wiki/Brute-force_attack. |
||
| 16 | |||
| 17 | Replicant allows to set an encryption password that is not tied to the lockscreen: |
||
| 18 | # Encrypt your device (In the settings: *Security* -> *Encrypt phone*) |
||
| 19 | # After the phone has rebooted and the encryption is set up, select *Change encryption password* in the *Security* menu of the settings |
||
| 20 | # Choose a strong passphrase. You will only have to enter this passphrase once when the device boots |
||
| 21 | # Reboot the device and verify that the encryption works properly by entering the previously chosen passphrase |
||
| 22 | |||
| 23 | If a separate encryption password is in place and a PIN or password is set for the lockscreen, another security measure is active: After five unsuccessful attempts to unlock the screen, the device is rebooted and the attacker is faced with the much stronger encryption passphrase. This makes brute-force attacks on the lockscreen much harder. |
||
| 24 | |||
| 25 | h3. Other tips |
||
| 26 | |||
| 27 | 1 | Paul Kocialkowski | * Do not set the default keyboard (LatinIME) as a non-system app if you use encryption: it will prevent you from entering the password to open the encrypted storage. |
| 28 | 3 | Wolfgang Wiedmeyer | |
| 29 | 8 | Wolfgang Wiedmeyer | h2. Browser and webview freedom and security issues |
| 30 | |||
| 31 | The default Browser has JavaScript enabled and runs the JavaScript that is loaded when you visit a website. Replicant has no mechanism to check if the complex JavaScript programs that are included in some websites are free software. See the "JavaScript Trap":https://www.gnu.org/philosophy/javascript-trap.en.html article for more general freedom-related information about JavaScript. |
||
| 32 | |||
| 33 | Not only browser apps might run non-free JavaScript. Some apps include an embedded view that loads websites which is called webview. Although app developers can disable JavaScript for the webview, JavaScript is usually enabled in the webview. So you might run non-free software inside a webview. |
||
| 34 | |||
| 35 | For these reasons, it is recommended to disable JavaScript by default in the browser settings. As most browser exploits require JavaScript to work, you can also prevent that malicious websites can make use of security issues with your browser. Unfortunately, the currently used webview in Replicant has many security issues. See #1780 for more information. So disabling JavaScript helps a lot in securing your device. |
||
| 36 | |||
| 37 | h3. Prevent usage of the embedded webview in apps |
||
| 38 | |||
| 39 | Some apps have a setting that allows to use an external browser to view websites. This ensures that the embedded webview is not used and websites are loaded with a browser you can configure and that allows to disable JavaScript. |
||
| 40 | |||
| 41 | h3. Use AdAway |
||
| 42 | |||
| 43 | |||
| 44 | |||
| 45 | If you need to enable |
||
| 46 | AdAway |
||
| 47 | |||
| 48 | 5 | Wolfgang Wiedmeyer | h2. Camera app |
| 49 | |||
| 50 | * If the front camera on your device [[ReplicantStatus|requires a non-free firmware]], selecting the front camera will crash the app and you will not be able to use the app unless you delete the data of the app: |
||
| 51 | |||
| 52 | # In the settings under *Personal*, select *Apps* |
||
| 53 | # There will be two apps named *Camera*. Select the second one that has a camera as icon. |
||
| 54 | # Press *Storage* |
||
| 55 | # Select *Clear Data* and confirm the dialog |
||
| 56 | |||
| 57 | You should now be able to use the camera again. |
||
| 58 | |||
| 59 | * If the camera app freezes when you take a picture, press the shutter button a second time. This should restart the camera in the background and take the picture. |
||
| 60 | |||
| 61 | 7 | Wolfgang Wiedmeyer | * If your device [[ReplicantStatus|needs a non-free firmware]] for hardware media encoding/decoding, video recording will not work. |
| 62 | |||
| 63 | 3 | Wolfgang Wiedmeyer | h2. Barcode scanning |
| 64 | |||
| 65 | The mostly used barcode scanner app "ZXing":https://f-droid.org/repository/browse/?fdfilter=zxing&fdid=com.google.zxing.client.android has a slow preview. The "privacy-friendly QR Scanner":https://f-droid.org/repository/browse/?fdfilter=qr+code&fdid=com.secuso.privacyFriendlyCodeScanner has a faster preview. |
||
| 66 | 4 | Wolfgang Wiedmeyer | |
| 67 | h2. Video playback |
||
| 68 | |||
| 69 | Viewing videos in the gallery or in the browser is not possible. See #1539 for background information. |
||
| 70 | |||
| 71 | Only the VLC app is known to be able to play videos on Replicant. Make sure to disable hardware acceleration in the settings to prevent crashes. |
||
| 72 | |||
| 73 | VLC is currently disabled in the F-Droid repository because only outdated versions are available. You need to enable the archive repository in the repository settings to be able to install VLC from F-Droid. |