Opinion about HideDroid?

Has anyone used Hidedroid? Does this Android app provide any privacy benefits?

It looks like it intercepts network requests to trackers and sends the same request with personally identifying information hidden or changed. Personally, I would try to block the connection completely and only resort to something like this if blocking trackers made the app nonfunctional. Also, installing a root certificate in order to break open the HTTPS connections to change tracking data also means the app can intercept and change any data on any website (passwords, searches, etc.) as you’re essentially setting up a man-in-the-middle attack on yourself and trusting the app not to abuse it, which even considering the open source nature is a huge amount of privilege.

1 Like

You also have to trust that it implements its own PKI handling correctly.

Many of these types of programs have had issues where they’d wrongly accept invalid/expired certificates and continue the connection.

CISA covered this specific issue more here: HTTPS Interception Weakens TLS Security | CISA

2 Likes