Firefox for Android uses best practices for security testing and adheres to Mozilla secure-development guidelines just like desktop Firefox. Security testing called fuzzing is used, to make sure Firefox for Android is robust enough to handle all kinds of crazy data without crashing. We do specific testing for the ARM processor, conduct thorough design reviews, code reviews and perform hostile testing in the same form as is done for desktop Firefox.
We also review the permissions to ensure we don't have any that we don't need and then document them, see How does Firefox for Android use the permissions it requests?.
An important part of staying safe online is updating your browser regularly for security improvements. With Firefox, you get updates every six weeks that inherit all of the security updates we develop for desktop Firefox. So, you get the benefit of the 450 million users who depend on Firefox for security on their desktops when you use Firefox for Android. If there is a security threat out there, chances are we know about it and we'll get a fix into Firefox for Android sooner than other mobile browsers will. Because you can get automatic updates through the market, without any dependence on your carrier, Mozilla can respond to any threat quickly.
Firefox for Android also has the same strong content security policy and strict transport policy as your desktop Firefox, requiring pages be served over SSL so they can't be intercepted and the connection is encrypted preventing scripting attacks. We also alert you to any known malicious sites before loading them in Firefox for Android.
Mozilla offers Sync services, so you don't need to type your password where someone might see it and you can use a strong password without having to type it on a mobile keyboard because it syncs with your desktop Firefox. And Mozilla encrypts your sync'd data so we don't have access to bookmarks, history, passwords or form field data like your address and card info (possibly) name, anything else you type into a field. We lock it and no one but you has the key. Passwords are stored internally to Firefox; stored in a place where only Firefox can access them and cannot be accessed by other programs. Even if a malware infected your device, it couldn't access your data.
Firefox for Android provides a suite of Privacy & Security settings so you can regularly clear your history and private data to stay safe. You can also configure a master password and enable Do Not Track to secure your browser if your device is stolen and prevent advertisers from tracking your browsing patterns.
Firefox for Android's phishing and malware protection works by regularly updating a local list of known bad sites, graciously provided by Google through their SafeBrowsing database. Whenever Firefox detects that you navigate to such a site, or that a page you visit is trying to pull data from it, Firefox will present you with a warning page and allow you to abort the operation.
The use of Firefox mobile is prohibited by Mozilla.
Rename it into "How does Firefox for Android provide a secure mobile browsing?".
I was localizing this article, and I have a question about this sentence ("Automatic Updates" section):
"Because you can get automatic updates through the market, without any dependence on your carrier, Mozilla can respond to any threat quickly."
I would like to understand what is the exact meaning of this sentence.
What does it means "without any dependence on your carrier"?
Who is the "carrier"? The telephone company, the device manufacturer? And when do you depend on your "carrier"?
Can someone explain to me the meaning of this specific point?
Thanks in advance
i think here carrier means the gprs connection or wifi that he using
Mod: please move this thread to l10n forum if possible
Hi Michele and Swarnava,
Thanks for asking about this, it is a poor use of words in English, so I appreciate the need to change it to be more clear in all languages. The point is about being able to update your mobile browser without waiting for the carrier (Sprint or AT&T, for example) to send the update to your phone.
Often, the carrier will wait to send updates to phones for a major thing, but with Firefox for Android, you can get updates whenever Mozilla publishes an update on Google Play.
If you use the default Android browser, you cannot update it yourself, you "depend" on the carrier to send you an update.
Certainly, there is a better way to say this since 'depend on' is colloquial. It is more clear to say that you need not wait for the carrier to send an update to your phone because you can install the updates from Google Play. Or "you can download updates as soon as they are available". Let me know what makes most sense for L10n and we'll make the change to the English.
Thank you! Michelle
Sorry, I even wanted to add that non only the carrier is responsible for updates. What made that sentence rather obscure for me - and hence the opening of this thread - is that I own an unbranded device, so I don't have to wait my carrier to update the OS/ROM/whatev, but I have to rely on the manufacturer itself.