Security Risks for continuing use of Pale Moon for Android?

Old discussions related to the Android/mobile version of Pale Moon.
User avatar
Baloo
Fanatic
Fanatic
Posts: 167
Joined: 2017-08-24, 15:02

Security Risks for continuing use of Pale Moon for Android?

Unread post by Baloo » 2017-08-24, 22:42

Hi,

I love PM on my Desktop and how lightweight it is. First found the browser by checking to see if anyone had updated the old FOXSCAPE theme, and someone had forked it to Pale Moon. I shifted over, and seeing how lightweight the browser is while still using the best privacy and security add-ons, I won't be moving back.

That being said, I really like Pale Moon and would like to use it for Android due to the Sync feature. However, I know that the browser has been discontinued and is vulnerable to security issues with its continued use.

If I choose to continue using Pale Moon for Android, what are the theoretical risks I'm taking? Are any of them mitigated by using specific add-ons like uMatrix and uBlock to block scripts and the like? I read on here that uMatrix is compatible with Pale Moon, but I can't find the add-on file to add it to PM for Android.

Any help would be appreciated, thank you.

Falna
Astronaut
Astronaut
Posts: 511
Joined: 2015-08-23, 17:56
Location: UK / France

Re: Security Risks for continuing use of Pale Moon for Android?

Unread post by Falna » 2017-08-25, 00:39

Baloo wrote:I read on here that uMatrix is compatible with Pale Moon, but I can't find the add-on file to add it to PM for Android.
I'm running uBlock Origin 1.11.4 on Pale Moon Android (wouldn't install the latest version).
If you open a tab on the Pale Moon for Android start page and scroll to the bottom, there's a link to "Browse all Pale Moon add-ons" - which actually takes you to the Firefox for Android add-on site. I had to request the desktop version of this to select and install extensions (to get around an error warning on the mobile page).

I'll leave someone more knowledgeable to comment on the general security risks.

Forked extensions :
● Add-ons Inspector ● Auto Text Link ● Copy As Plain Text ● Copy Hyperlink Text ● FireFTP button replacement ● gSearch Bar ● Navigation Bar Enhancer ● New Tab Links ● Number Tabs ● Print Preview Button and Keyboard Shortcut 2 ● Scrollbar Search Marker ● Simple Marker ● Tabs To Portfolio ● Update Alert ● Web Developer's Toolbox ● Zap Anything

Hint: If you expect a reply to your PM, allow replies...

AstonAgar

Re: Security Risks for continuing use of Pale Moon for Android?

Unread post by AstonAgar » 2017-09-04, 03:01

I am using 360 security for my Android device. It's working superb. Though this isn't an add-ons. This is a software to removed virus/maleware.

dark_moon

Re: Security Risks for continuing use of Pale Moon for Android?

Unread post by dark_moon » 2017-09-07, 19:16

You dont need any AV on Android. Also AV on android make your system even more vulnerable

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Security Risks for continuing use of Pale Moon for Android?

Unread post by Moonchild » 2017-09-07, 21:23

dark_moon wrote:You dont need any AV on Android. Also AV on android make your system even more vulnerable
Please don't state this. Malware on Android is a major issue.

A quick search will give you a few interestign articles to educate yourself on the matter: https://duckduckgo.com/?t=palemoonsp&q= ... ses&ia=web
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4942
Joined: 2015-12-09, 15:45
Contact:

Re: Security Risks for continuing use of Pale Moon for Android?

Unread post by moonbat » 2017-09-08, 07:23

Moonchild wrote:
dark_moon wrote:You dont need any AV on Android. Also AV on android make your system even more vulnerable
Please don't state this. Malware on Android is a major issue.

A quick search will give you a few interestign articles to educate yourself on the matter: https://duckduckgo.com/?t=palemoonsp&q= ... ses&ia=web
The day Android malware can install itself without user intervention is the day you need a regular anti virus scanning in the background.
Any app on Android requires user interaction to be installed in the first place, or to request permissions. Shady third party app stores, and ones that offer pirated versions of paid software are the more likely vectors. Even on Play Store, it pays to look at user reviews and names of developers of apps before installing them, or to stick to popular ones.

tl;dr - The malware problem on Android is entirely due to clueless users. This is not like the days of invisible drive-by downloads that compromised IE6 on Windows XP, where you wouldn't even know you had been pwned.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

dark_moon

Re: Security Risks for continuing use of Pale Moon for Android?

Unread post by dark_moon » 2017-09-08, 07:54

moonbat wrote:
Moonchild wrote:
dark_moon wrote:You dont need any AV on Android. Also AV on android make your system even more vulnerable
Please don't state this. Malware on Android is a major issue.

A quick search will give you a few interestign articles to educate yourself on the matter: https://duckduckgo.com/?t=palemoonsp&q= ... ses&ia=web
The day Android malware can install itself without user intervention is the day you need a regular anti virus scanning in the background.
Any app on Android requires user interaction to be installed in the first place, or to request permissions. Shady third party app stores, and ones that offer pirated versions of paid software are the more likely vectors. Even on Play Store, it pays to look at user reviews and names of developers of apps before installing them, or to stick to popular ones.

tl;dr - The malware problem on Android is entirely due to clueless users. This is not like the days of invisible drive-by downloads that compromised IE6 on Windows XP, where you wouldn't even know you had been pwned.
This! :thumbup:

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Security Risks for continuing use of Pale Moon for Android?

Unread post by Moonchild » 2017-09-08, 09:30

moonbat wrote:tl;dr - The malware problem on Android is entirely due to clueless users. This is not like the days of invisible drive-by downloads that compromised IE6 on Windows XP, where you wouldn't even know you had been pwned.
Excuse me but this is the case for EVERY operating system; android is no different than Linux or Windows or Mac OS in that case.
The days of drive-by download-and-install are long gone, regardless of OS (unless you're clueless in the respect that you still run on an not-updated Windows XP or something similar obsolete and insecure).

Most malware comes either piggy-backed with other applications or is explicitly installed by the user with their full knowledge that they are installing something, just not realizing that they are installing something dangerous. Or suffering from "confirmation fatigue" and clicking through the installation dialogues without checking what it says.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4942
Joined: 2015-12-09, 15:45
Contact:

Re: Security Risks for continuing use of Pale Moon for Android?

Unread post by moonbat » 2017-09-19, 14:06

Moonchild wrote:
moonbat wrote:tl;dr - The malware problem on Android is entirely due to clueless users. This is not like the days of invisible drive-by downloads that compromised IE6 on Windows XP, where you wouldn't even know you had been pwned.
Excuse me but this is the case for EVERY operating system; android is no different than Linux or Windows or Mac OS in that case.
The days of drive-by download-and-install are long gone, regardless of OS (unless you're clueless in the respect that you still run on an not-updated Windows XP or something similar obsolete and insecure).

Most malware comes either piggy-backed with other applications or is explicitly installed by the user with their full knowledge that they are installing something, just not realizing that they are installing something dangerous. Or suffering from "confirmation fatigue" and clicking through the installation dialogues without checking what it says.
I'm not singling out Android - I'm saying this class of malware is non existent for power users who follow safe best practices - don't download software from dodgy sites, and keep your eyes open when installing or clicking on anything.
On the Play Store, stick to popular apps, make sure the developer name is consistent with what you would expect (to avoid adware masquerading as legit apps with identical icons) and read user reviews before installing.
Being prudent will keep you safe regardless of what platform you use or how vulnerable it is - once it's established that drive-by/silent malware installation security holes are non existent.

Difficult? So is driving a car. Computers and the internet have been around for a quarter century now, there is no excuse for remaining clueless about these things when even the mainstream press covers security holes and steps to stay safe.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

User avatar
Baloo
Fanatic
Fanatic
Posts: 167
Joined: 2017-08-24, 15:02

Re: Security Risks for continuing use of Pale Moon for Android?

Unread post by Baloo » 2017-10-02, 13:19

Falna wrote:
Baloo wrote:I read on here that uMatrix is compatible with Pale Moon, but I can't find the add-on file to add it to PM for Android.
I'm running uBlock Origin 1.11.4 on Pale Moon Android (wouldn't install the latest version).
If you open a tab on the Pale Moon for Android start page and scroll to the bottom, there's a link to "Browse all Pale Moon add-ons" - which actually takes you to the Firefox for Android add-on site. I had to request the desktop version of this to select and install extensions (to get around an error warning on the mobile page).

I'll leave someone more knowledgeable to comment on the general security risks.
Just tried this and didn't have any success downloading any add-ons aside from uBlock Origin. Have you gotten other add-ons to work? Specifically HTTPS Everywhere, decentraleyes or a tracking blocker like Privacy Badger?
Image
Image

Falna
Astronaut
Astronaut
Posts: 511
Joined: 2015-08-23, 17:56
Location: UK / France

Re: Security Risks for continuing use of Pale Moon for Android?

Unread post by Falna » 2017-10-09, 09:25

Baloo wrote:Have you gotten other add-ons to work? Specifically HTTPS Everywhere, decentraleyes or a tracking blocker like Privacy Badger?
I currently run:
Decentraleyes 1.1.3
Self-destructing Cookies 0.4.9
Session Manager 0.8.1.7
uBlock 0.9.5.0.1-let-fixed

Forked extensions :
● Add-ons Inspector ● Auto Text Link ● Copy As Plain Text ● Copy Hyperlink Text ● FireFTP button replacement ● gSearch Bar ● Navigation Bar Enhancer ● New Tab Links ● Number Tabs ● Print Preview Button and Keyboard Shortcut 2 ● Scrollbar Search Marker ● Simple Marker ● Tabs To Portfolio ● Update Alert ● Web Developer's Toolbox ● Zap Anything

Hint: If you expect a reply to your PM, allow replies...

Falna
Astronaut
Astronaut
Posts: 511
Joined: 2015-08-23, 17:56
Location: UK / France

Re: Security Risks for continuing use of Pale Moon for Android?

Unread post by Falna » 2017-10-20, 16:22

Hmm - from Moonchild's post today:
The (ancient) Android version of Pale Moon will be removed (unpublished) from the Play Store. The only way to still get this unsupported version of the browser will be by side-loading the APK from the archives, if you need it. Please note that continuing to use this very old version of the browser bears a considerable security risk.
viewtopic.php?f=1&t=17097

Unfortunate that nobody's come along with the time and skills to revive this. Still my favorite Android browser.

Forked extensions :
● Add-ons Inspector ● Auto Text Link ● Copy As Plain Text ● Copy Hyperlink Text ● FireFTP button replacement ● gSearch Bar ● Navigation Bar Enhancer ● New Tab Links ● Number Tabs ● Print Preview Button and Keyboard Shortcut 2 ● Scrollbar Search Marker ● Simple Marker ● Tabs To Portfolio ● Update Alert ● Web Developer's Toolbox ● Zap Anything

Hint: If you expect a reply to your PM, allow replies...

Locked