Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn’t happening for their Android browser yet.
I use Firefox as my main browser on Android, and all apps that invoke a WebView do so using Firefox’s rendering engine, with uBlock Origin and Dark Reader working seamlessly. So, maybe this info about Firefox for Android lacking WebView support is outdated?
That’s not a webview, it’s a separate api with fewer abilities. Custom tabs I believe.
You can see for example that it always opens as a fullscreen overlay in your app and that it always has that bottom or in your case top bar.
Main reason I don’t is cuz:
https://grapheneos.org/usage
This only applies to android, not desktop use, and you couldn’t use uBlock on mobile chrome anyway so it is simply not relevant.
Other security implications are stilp valid.
They’re completely irrelevant to the average person.
If you want absolute perfection then sure, stick with Chrome but implying Firefox on GrapheneOS is insecure is misinformation.
I use Firefox as my main browser on Android, and all apps that invoke a WebView do so using Firefox’s rendering engine, with uBlock Origin and Dark Reader working seamlessly. So, maybe this info about Firefox for Android lacking WebView support is outdated?
Exemple after clicking a link on Twitter/X:
That’s not a webview, it’s a separate api with fewer abilities. Custom tabs I believe.
You can see for example that it always opens as a fullscreen overlay in your app and that it always has that bottom or in your case top bar.