Most of the Android Browsers Store Full Size Website Snapshot as Thumbnail Temporarily (Root directory) in Private Mode

Hi, I noticed that Mull browser temporarily stores high quality snapshots of websites in its thumbnail folder( Root directory ) when using private browsing mode, while other cache data is stored in memory. I’m a bit concerned about the privacy implications of this. Firefox focus doesn’t seem to have a similar folder in its directory (couldn’t find). Is there a way to adjust the configuration to prevent this from happening? Any guidance would be appreciated.

I did some testing and it’s ‘Not A Mull Issue’.

On Android, Firefox OG, nightly, Tor Browser (Image file extension is changed but still image can be open with file manager),Fennec etc. + most Chromium based browsers including BRAVE have this issue in their private browsing modes. Website snapshots are taken and stored on disk temporarily to be used as tab view thumbnails.
**Firefox Focus and its Nightly don’t have this issue since they are single tab browsers. Firefox Focus Nightly + about:config, disk cache disabled seems to run all cache files in memory.

I can’t offer any insight into this particular quirk of Mull (that’d be something for @SkewedZeppelin ) but I can offer some reasoning on why you might not necessarily need to care about this particular issue…

1. You can’t access that file path from other apps typically, unless you’ve rooted your device (i.e., you’d need a privesc exploit if you’re an attacker trying to get to these cache files on an AFU or unlocked device)
2. Assuming you’re trying to thwart forensics, your device’s storage encryption is what would be far more relevant, rather than what individual apps are putting on your storage (i.e., use a Pixel with GrapheneOS and auto-reboot on a short timer to be in BFU if/when someone tries their forensics)
3. If your threat model is such that you’re using private browsing and trying to hide what websites you’re visiting, you should be using Tails+Tor Browser or similar, rather than a browser people debate the ~*security*~ of

Hi, mull user here.

Would you mind sharing the full directory path so I can also take a look?

I checked android/data/us.spotco.fennec_dos and did not see the same thing

It is /storage/emulated/o/Android/data. You can not look beyond /o/ without root. Well, you can with Shizuku or ADB, but yet not /data/data/ which is ts posted allready.

Not a Mull issue. Go report that to Mozilla.

Got it.

I use the normal Firefox browser, and I don’t see a folder us.spotco.fennec_dos under /Android/data/

I checked in /Android/data/org.mozilla.firefox, and again, nothing. There is only a downloads folder there. No hidden files either.

You need to be rooted to access the directory mentionned by OP.