Which of these 3 browsers are the best for Android? I remember when Bromite was a nice companion next to Vanadium because Bromite had some anti-tracking.
Bromite project ended and Cromite took it’s place, how does it perform, really? I can’t test it because the cromite.org site and their Repo are offline and they have been for a week, or longer.
What about Fennec? Nobody seems to recommend this but it seems a very pleasant browser for those loving their Firefox Extensions.
Is Fennic still the best Firefox alternative besides Brave? I am out of the loop and there have been many forks on both Chromium and Firefox based browsers in recent years. Anyone can fill me in please?
Consistently fast update cycle (usually within a day)
Cromite:
Slower update cycle
Enables JPEG-XL
No CFI?
Uses Adblock Plus
Maintained by one person
Fennec:
Firefox-based, which means…
No site isolation or internal sandboxing
So basically Vanadium > Cromite > Fennec
Security-wise, use Vanadium on GrapheneOS and Chrome on Stock Android although Chrome is proprietary and terrible for privacy so I wouldn’t use it at all.
Most of this browser is either matching vanilla chromium, a degredation, or modifies a default. For example, they enable MV2 support when that format is actively being deprecated in chromium. MV2 is awful for security, since it allows unrestricted access to all websites and all features to extensions. MV3, while not perfect, fixes many of these issues. In general extensions are bad for security but enabling MV2 is a step backwards.
They also verified their Flathub app. See the Flatpak section as to why that is a problem. The issue is not that Brave is packaged as a Flatpak, many chromium browsers are, but they officially endorse it, which is a flagrant disregard for security.
Also lots of attack surface related to crypto stuff and heavy privacy marketing (despite being rather intrusive by default), and rather ineffective fingerprinting resistance (has gaps making the mitigations bypassable). The company itself is also questionable in its practices, but that is for you to decide.
In the realm of attack surface, the content blocker can be a problem. It is written in Rust and all, but Rust only prevents exploits targeting the adblock engine itself, not the browser or sites. See the content blocking section for more details.
To give some credit where it is due, Brave does have some decent changes. For example they proxy a large number of requests, for which they have a better pivacy policy on their services than Google. This does have some issues but it is still nice, none-the-less. They do also offer some partitioning improvements, though the amount of which isn’t too big since upstream has added a lot of said improvements themselves.
Overall though, on desktop Brave is rather useless. It is filled with bloat and any security or privacy advantages, even the adblocker, can be achieved with Chrome. On Android though, if you do not have access to Vanadium then Brave is probably the next best choice. Chrome on Android isn’t bad but Brave actually offers more there and the bloat is way less noticeable and easier to turn off.
On Android, using password manager extensions in browsers is kind of redundant. If you set a password manager as the default system-wide, it should still be able to provide some sort of autofill (e.g. through your keyboard’s suggestions). Same with passkeys, the browser should ask the default password manager for them.
It’s also safer this way (less browser attack surface).
That’s what I thought. Don’t get me wrong, I do have Bitwarden as a client on the Android phone, but for whatever reason, it doesn’t auto-fill or have a pop-up asking me to use Bitwarden in Brave. No problem with Firefox though. What’s going on?
Firefox on Android and on desktop have per-site data isolation (dynamic first party isolation).
Firefox on desktop has per-site process isolation (Fission).
Firefox on Android does not have per-site process isolation.
Firefox on Android furthermore does not use the special isolatedProcess flag.
IronFox on Android does enable per-site process isolation.
Brave uses its built-in password manager for autofill by default. You have to go to settings, and in the “Autofill services” section you should be able to change that.