Skip to content
Android app to provide sandboxed (private) browsing of webapps
Branch: master
Clone or download
Latest commit f298637 Mar 19, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
app new release v2.20 Mar 19, 2019
fastlane/metadata/android/en-GB
gradle/wrapper Set up gradle-android-eclipse in place of Eclipse Andmore Mar 15, 2019
images
test added test html to allow testing the sandbox manually Aug 22, 2014
.classpath update readme, remove classpath entries from root project Mar 15, 2019
.gitignore
.project Set up gradle-android-eclipse in place of Eclipse Andmore Mar 15, 2019
LICENSE.txt Initial fork from GoogleNews repo Aug 22, 2013
README.md update readme, remove classpath entries from root project Mar 15, 2019
WebApps.iml restructured folders as per current standard and added tests Feb 25, 2018
build.gradle restructured folders as per current standard and added tests Feb 25, 2018
build.sh use gradle wrapper Nov 29, 2016
debug.sh
gradle.properties cli helper script Mar 15, 2019
gradlew
gradlew.bat updated build and added gradle wrapper Nov 29, 2016
ic_launcher-web.png Initial fork from GoogleNews repo Aug 22, 2013
local.properties.sample renamed Sep 21, 2015
method_count.sh
proguard-project.txt
proguard.cfg
settings.gradle

README.md

WebApps Sandboxed browser Android app

screenshot 1 screenshot 2 screenshot 3

This Android app is a fork of the GoogleApps Sandboxed browser. The idea behind it is to provide a secure way to browse popular webapps by eliminating referrers, 3rd party requests, insecure HTTP requests, etc.

It accomplishes this by providing a sandbox for multiple webapps (like Google's apps, Facebook, Twitter, etc.). Each webapp will run in it's own sandbox, with 3rd party requests (images, scripts, iframes, etc.) blocked, and all external links opening in an external default web browser (which should have cookies, plug-ins, flash, etc. disabled). Homescreen (launcher) shortcuts can be created to any of the saved webapps.

By default, all HTTP requests are blocked (only HTTPS allowed). This improves security, especially on untrusted networks. In addition, WebApps will warn you if the SSL certificate of the site you're viewing has changed.

For a less security-focussed, but more media-friendly option, try Web Media Share, which is a fork of WebApps with specific focus on extracting and sharing/casting media.

For using Google's suite of apps, try the GApps Sandboxed Browser app, which works the same as this app but contains specific handling for Google's web apps.

Features

  • Works like Mozilla Prism on the desktop. This is a mostly chrome-less browser that gets out of your way.
  • Completely full-screen browsing (auto-hiding actionbar)
  • Securely browse mobile sites (uses HTTPS only)
  • Blocks 3rd party requests (images/scripts/iframes) like the NoScript and NotScripts plugins on the desktop
  • Allows self-signed SSL certificates to be saved
  • Warns if server SSL certificate changes (e.g. during man-in-the-middle-attack)
  • User agent and text size setting (per site) allows more rich mobile experience (depending on site)
  • External links (outside the domain of the site visited) open in your default browser
  • Long-press links to choose how to open them
  • Create shortcuts to your webapps on the homescreen
  • Uses much less bandwidth than native apps (like Google+ app). No background sync'ing.
  • Features local data storage and caching for reduced bandwidth usage and better speed.
  • Fully open source software.

Cookies

Cookies are stored by Android's CookieManager, of which there is one instance per app. To avoid cookies from passing between sandboxes, the following has been implemented:

  • All cookies in the CookieManager are deleted when opening a URL or web app.
  • For saved web apps, the saved cookies are restored, and the app opened.
  • Cookies are only saved for the root domain of the saved web app, and made available to all sub-domains.
  • No 3rd party cookies are saved or sent. This may prevent some sites from working correctly.

In short, there is a strict cookie policy in place that ensures that cookies are correctly sandboxed, and that no 3rd party cookies are saved or sent.

Referer

Referer information is not send on any request (as per default behaviour of Webview), which may lead to problems on some sites, but improves privacy.

Storage

Plugins, and local file access are disabled, however DOM/local storage and app caching is allowed. There is only one cache for all sandboxes to share.

Location

The WebView's location access has been disabled, to prevent sites requesting your location.

Libraries

This project makes use of the following libraries/tools:

Development

To build this project:

  • Clone the git repository to your local machine (git clone ...)
  • Run ./build.sh to build an unsigned release APK

In order to develop in Eclipse:

  • Install the Xtend plugin for Eclipse
  • Clone the git repository to your local machine (git clone ...)
  • Inside the checked-out folder, run: ./gradlew eclipse. This will download all the required 3rd party libraries and create the Eclipse classpath and project files
  • Open Eclipse and import the project in the app folder
  • The project should now compile in Eclipse

To develop using Android Studio:

  • Install the Xtend plugin for IntelliJ
  • Clone the git repository to your local machine (git clone ...)
  • Import the project into Android Studio
  • The project should now compile (very first build may fail, a rebuild should fix this).
You can’t perform that action at this time.