- Donate to to this Project
- What is The Freedom Wrapper Project (TFWP)?
- I'm new to Android App Development. How can I get up and running with TFWP?
- Explore further customization of your TFWP application
- Proof of Concept
- Contact Me
- Official Website
-
First, the barrier for application development on Android should be small. Android applications are an easy way to get custom-made platforms tailored to your individual needs. Android Studio is an extremely robust tool-set and it is well-suited to make anyone a developer with little effort. No one should rely on others for those needs when possible. Sometimes coding for your first time can be overwhelming when there isn’t enough positive feedback to keep you going. Every roadblock seems like a mountain and one line of red code can wreck havoc on your psyche. While web guides are an excellent source, there are thousands of them. People have to sift through them, find which ones actually work for their needs, and the guides still leave a lot to be desired when it comes to creating an original or purposeful application. This leaves individuals without “coding skills” at the behest of individuals, corporations, and governments to provide them with mobile applications that are generally a one-size-fits-all approach.
-
This leads us to the second reason for this project: security. Android applications on the market are inundated with in-app purchases for extra content, ads with cross-site tracking capability, and permissions that seem mostly unnecessary for the average user. While Google has done a good job attempting to solve these permission problems recently, there is still concern. Sometimes it feels like Android applications are just a more robust way to collect your data for monetary or insidious gain. The Freedom Wrapper Project was created on the idea that security and privacy should be simple, cheap, and effective. Most mobile websites are already works of art. A mobile application seems like a complex, expensive, and ineffective solution for some users that just want to get on an application, use it safely, and get off of it soon-thereafter. Mobile browsers aren’t much better. Browsers are excellent tools to keep you browsing websites within the same application ecosystem. However, this can cause some fundamental security concerns. What happens when a website you visit is malicious? The entire browser, while sand-boxed, is compromised nonetheless. This means everything you search afterwards is potentially compromised. This is not to say all mobile browsers are bad. Many mobile browsers sandbox each individual browsing tab, protecting you in each tab sub-process. The original tab, however, will likely be a problem until you close it – and you won’t know if it is actually compromised until much, much later. While this situation may be unrealistic, it does happen and it has been documented recently (Exhibit A, Exhibit B, and with obvious social engineering relevancy Exhibit C). In fact, sometimes all the bells and whistles you associate with mobile browsers can be a security death knell. For instance, it came out this year (2020) that Firefox Mobile had a security vulnerability that has since been patched. While Android’s
WebView
may not be any better than Firefox Mobile at zero-day exploits, at least you know only one website and its data is compromised instead of an entire browsing session of compromised data. Furthermore, mobile browsers are (intentionally or not) data collection machines. Many mobile browsers, even with sandboxes and security measures, cannot and do not prevent cross-site tracking. Every time you open a new tab in the same mobile browser at the same time you are creating a unique browser fingerprint that can be used to associate, triangulate, and eventually track your online presence through that session. Mobile browsers are also entirely inconvenient if you have to close them multiple times a day just to gain a modicum of privacy. The Freedom Wrapper Project acts like an isolated, web-page specific browser. It is sand-boxed, like all Android applications. But, it can easily be deleted and reinstalled because you can make and remake the code at anytime on your own. Furthermore, The Freedom Wrapper Project isolates you from the Android ecosystem generally and prevents cross-site tracking through an isolated session approach. You are only going to one website at a time and so the problematic inheritance of multiple tabs cannot be used to track each individual browsing session accordingly. Hopefully, you are using The Freedom Wrapper Project with a trusted website. This will make it almost impossible for you to load malicious code onto it. Furthermore, the decentralized process of making the application yourself ensures you cannot be duped into installing an application that is really a malicious piece of software. It’s a security win-win-win. -
Thirdly, The Freedom Wrapper Project is open source and completely free. Being open source allows one to scrutinize the code. However, scrutiny is important but not entirely valuable in and of itself. The Freedom Wrapper Project falls under an MIT License. This means you can use this code for personal or commercial use, making you only a few steps away from developing your own application. The fact that it is open source means you can mention that your app uses source code associated with The Freedom Wrapper Project in application store submissions and customers can vet it, follow it, and potentially use it to make their own applications. This sets a standard for application security practices that people can rely on when choosing to install your application and eventually others. While the MIT License gives you the ability to create commercial applications (that is, for profit applications), it is not the design and purpose of this project or this license to allow you to use advertisements on any application you make with The Freedom Wrapper Project source code. I do not condone the use of ads or allow the use of advertisements on any of The Freedom Wrapper Project based applications. If code is open but not free, it is useless to enhancing the experience of fellow technologists – whether in a security, privacy, or creative context. This is why almost all app developers feel the need to load their applications with advertisements instead of content or useful code that makes our lives better. Don’t be the kind of developer that loads their application with advertisements.
Back to the Table of Contents or Back to the Top
The following is a guide on how to get set up with The Freedom Wrapper Project so you can officially make your own application!
-
First things first. You’ll need to install Android Studio on your computer. Head over to this website to download and install it: Android Studio Download.
-
Now, you’ll need to download The Freedom Wrapper Project Repository to your computer. The easiest method will be to download the master archive located here: The Freedom Wrapper Project Download. Once downloaded, head to the folder where you downloaded it and unzip or extract the file. This is usually as easy as right clicking the file and going to the button that says: “Extract here” or “Unzip.” It will take a couple of seconds for it to extract. In the file that is extracted, you should see all of the available applications The Freedom Wrapper Project has pre-made, along with the original source code dubbed ”The Freedom Wrapper Project”.
- If the file structure for this repository is locked and the folder is empty after downloading it from that link, do not panic. This has been done purposefully. In this case, you will need to make a github account here and fork this repository using the documentation here. After you fork this repository, you will own your own version of the TFWP repository that you can play with according to your needs. Next, you can download the zip from your forked repository or you can setup ssh between your github account and your computer to securely download the forked repository (documentation here). If you have downloaded the zip, move on to the next step. Otherwise, see the below point.
- Why use ssh with GitHub? This may seem complicated but it is worth it. Through ssh'ing your own forked repository, you can securely download the repository to your computer, making sure nothing is corrupted or modified in transit when downloading it to your computer (more information on ssh is available here). After you are done setting up your GitHub account, a forked repository, and ssh, you are now ready to clone the repository to your computer (documentation here). Once you are done cloning your newly forked repository from your newly minted GitHub, you are ready to move to the next section of this guide.
-
Next, open up Android Studio (if you already haven’t). It will show you a prompt that says open or make a new project. Click the “Open” button. Use the file browser to navigate to the folder where you downloaded The Freedom Wrapper Project master archive and click on the folder with the green android/alien where it says “The Freedom Wrapper Project.” It’ll take a few seconds to a minute to load depending on your computer.
-
On the left-hand side there is a button that says “Project.” It is right next to the “ResourceManager” button. I promise it is there. There are a lot of buttons on Android Studio so give yourself some time to adjust and don’t feel overwhelmed. Once opened, you should see some folders with folder trees. Click on the sideways triangle (it honestly looks like a video play button) to open up a folder’s tree. It will expand or close each time you click it. The first file you will need to modify is in the folder labeled “java.” Go to com.matthewbenchimol.thefreedomwrapperproject and click the sideways triangle (play button) again. Now, double click on the file that says: “MainActivity.” Go down to the 48th line of code where it says
webView.loadUrl(“https://wikipedia.org”)
and replace the https://wikipedia.org with the website you are trying to “wrap”. Make sure you keep the“ ”
surrounding the website or the build will not compile! For example, let’s say you want to create a wrapper for Facebook. You would place https://facebook.com where the Wikipedia link is and the product would look like this:webView.loadUrl(“https://facebook.com”)
. I have provided comments on the various lines of code should you be interested in turning on or off certain aspects of the application that are preset. I highly suggest you leave them as is unless you know what you are doing. For future reference, all java code comments start with // and are grayed out. They are a method to explain what a line of code does without affecting the compiling of that code for use in your application when you build it.
That’s it! That is technically all you have to do to create your first application. There are additional network security settings I highly suggest. These are not specifically necessary. If you want the extra security (you do), continue below. Otherwise, skip the fifth and sixth steps.
- Open the “Project” button again if for some reason you or Android Studio toggled it close. This time go to the folder that says “res.” Click the sideways triangle to open up the folder tree. Then, click on the sideways triangle for two folders to expand the folder tree. One is called “xml” and one is called “raw.” Open the browser of your choice. For example, Chrome or Firefox. Go to the website you are trying to “wrap.” Sticking with the Facebook example above, go to https://facebook.com.
-
For Firefox: Once the page is loaded, click on the padlock next to the website in the navigation bar. Click on the arrow that says “Connection secure” and click “More Information.” This will open up a page security tab. Once that is opened, click on the button that says “View Certificate.” It will open a page where you can export certificates. Click on the certificate tab to the farthest right and scroll down to where it says download. Click the “PEM (cert)” option. Save the certificate to the folder we opened earlier in “res” labeled “raw.”
-
For Chrome: Once the page is loaded, click on the padlock next to the website in the navigation bar. Click on the tab that says “Certificate (Valid).” Click on the tab that says “Details.” Go to the certificate hierarchy and click on the certificate that has “Builtin Object Token:” next to it. Go to the button on the bottom right that says “Export.” Save the certificate to the folder we opened earlier in “res” labeled “raw.”
-
Now, go back to Android Studio and open the “xml” folder tree we discussed in Step 5 and double click on the file that says “network_security_config.” Follow the directions that are listed as code comments. They should start like this:
// this is a network security configuration
. -
Lastly, go to the top of Android Studio where the drop-downs are and click on the “Build” drop-down next to “Refactor” and “Run.” Then, click “Generate Signed Bundle / APK…” and follow the prompts. Make sure you click on the .apk button when creating your application. The app bundle (.aab) is strictly for the Google Play Store and will not be install-able on your Android phone. It is meant for Google Play Store Submissions. You will also be prompted to create a signing key. Please make sure you make one. This is important: a signing key let’s everyone know the application is legitimate and gives users the ability to verify it accordingly. You can fill anything you want for the signing key. I suggest you add the minimum: First and Last Name (Your Name – as this is your application), Organization (The Freedom Wrapper Project), and add a password that is yours and yours alone. After that, you can just press the “Next” button. Then, click the “V1” and “V2” check boxes and highlight the “Build Variant” that says “Release.” It will start the build process.
-
There should be a notification that pops up after you have successfully built the application. It will say “locate” on it. Click it and Android Studio will automatically open the folder containing your recently developed application. Copy the .apk file it created to a folder that will let you find it easily now and in the future, change the name of the file (while preserving the .apk file tag at the end of it), download it to your phone through a USB (preference) or by uploading it to the cloud. Install it and ignore the warning about “installing from unknown sources.” You made this app so you can guarantee it is not malicious. Open it when it is finished installing on your Android Device. Congratulations! You are now using The Freedom Wrapper Project.
Back to the Table of Contents or Back to the Top
The following guide will be updated occassionally, as customization is an evolving process and not an endstate. Keep that in mind and feel free to check back in occasionally for new methods and techniques.
-
Let's say you really want to make The Freedom Wrapper Project application your own. This is the section for you! First things first, go to your preferred search engine. Type in the name of the website you are "wrapping" and click search. Go to images and grab an icon of the website you chose for your recently created application. Save it anywhere you will remember it for use in the near future.
-
Open up Android Studio again. You will likely be doing this a lot, as I am hoping I have made this your new hobby or, at the very least, your new curiosity. Once you have the project opened in Android Studio, open up the "Project" tab on the left side and navigate to the file tree (you have been there before) labelled "res". Right click the "res" folder, go to "New", and then go to "Image Asset." Click on it. It will open up a new window with a bunch of awkwardly green icon templates. On the left-hand side, there is a section about 4 lines down that says "path." Click the greyed out folder on the end of it. Nagivate to the picture you just downloaded. There is an option to resize the image at the bottom of the window. Just move it left or right to resize your imported image. Click "next" and click "next/finish" after that to set your new image as the icon for your app.
-
There you go! You have just added a custom icon to your application. There is a lot more customization you can do and I highly suggest you examine all the files in The Freedom Wrapper Project Source code, checking the code comments at your leisure. There are a decent amount of comments that will give you a necessary walk-through. Enjoy and have some fun!
Back to the Table of Contents or Back to the Top
-
Thank you for visiting The Freedom Wrapper Project! This section serves as a proof of concept. A proof of concept enables users and customers to see the advantages of a platform, good, or service through action-able metrics or live testing. In this way, you can see for yourself exactly why a given platform works instead of just taking my word for it. I have selected a third-party organization that is not affiliated with The Freedom Wrapper Project in any way. Let's consider this an independent audit of the concepts behind the existence of The Freedom Wrapper Project. First, you will need to visit Exodus Privacy to get more comfortable with who they are and what they do. Their application is available on the Google Play Store and the f-droid repository. I chose Exodus Privacy for a number of reasons. The first: their code is open source and publicly available for scrutiny. This should make you a little more comfortable installing their application on your phone. Second: their application is available on the Google Play Store. This means there are two layers of protection and scrutiny (public and private) when it comes to their code. I understand some people may be reticient to use an application that was built and maintained in a foreign country (I am not). Yes, the Exodus Privacy platform is a French Non-Profit but the code is Open Source and remember: good technological practices are not a country-specific monopoly. Everyone and every country should want to implement good cyber-security practices, regardless of their belief systems on privacy, politics, and position. Why would France or the French people be any different?
-
The Android application ecosystem is a gigantic "anti-trust machine." Every application you download contains permissions and you have been told to examine and scrutinze those permissions accordingly. However, sometimes this focus is the wrong problem. Application tracking is pervasive and well-hidden. Applications laden with trackers are labeled in non-descript terms. For example, sometimes they say as little as: "Contains Ads." What does that mean exactly? It doesn't tell you the extent of its tracking capability in certain or even uncertain terms. It is an opaque process, hence the "anti-trust machine" terminology. It begs the quesiton: what exactly is a "safe" application and who gets to say so? Exodus Privacy can help simplify that process by showing you the number of trackers on each individual application on your phone. It doesn't tell you what to do. The decisions are yours to make from there. Honestly, it is an empowering methodology and I truly respect Exodus Privacy for their work. For more information on how they define permissions and trackers, please visit the Exodus Privacy FAQ. The Exodus Privacy application will tell you the who, what, when, and how based on the number and types of embedded trackers in each application on your phone. These trackers you can't turn off - even in settings. While their application analyses may not be perfect, like any application platform, you could simply mention any flaws you uncover to them and I am sure they would explain the methods or fix their process accordingly. Many applications will stop working if you attempt to block or inhibit trackers in anyway and many people want the convenience of an application browsing platform so badly that they stop blocking trackers at any level just to continue using an application platform! This is part of the problem. People should not be at the behest of companies that want to collect data - especially when they already purchase an overwhelmingly amount of their goods and services. To be fair, this tracking can enable companies to provide you with better services or market you more appropriate goods that suit your needs. This should be an honest trade-off, however. The platform you are using should be able track you as long as they have an opt-in or opt-out function present. However, those same companies embed a multitude of other tracking platforms into their app that are unneccessary - or mostly unnecessary - to their business design.
-
If you installed the Exodus Privacy application, you will see that sometimes your favorite applications can use as many as 15 application-embedded trackers! I will not mention them by name because companies are actually not to blame here (although, I'm sure I'll get grief for this from the privacy community). More often than not, the problem here is human error. It can be dangerously exploited by malicious actors but it was probably was not the original intent. For example, a team makes an Android application for Company A. They tell their boss, who is a business person, they need to add 15 trackers to their application for x, y, and z reasons and further explain it will increase revenue and customer loyalty by 30%. A business person is not going to turn down an opportunity to provide customers with information tailored to their needs by limiting the trackers in their application platform if it can make them money and serve their customers! We have been trapped in a feedback loop and the bubble is going to burst at some point. There is only so long a system, as haphazardly constructed as this one, can last before we start to see drastic friction points for individuals, companies, and governments. Don't take my word for it. Look at the number of trackers, determine which ones the application actually needs to function appropriately, and then ask the company in question to explain why they have so many application-embedded trackers in their platform. They will probably explain it away at first. Then, others will probably explain they are doing it maliciously. The truth is: incompetence is not always purposeful or unintentional. Sometimes its the nature of how business works. Money is money and as long as the application works or looks good, why question where and how that money came to be? Thank you for using The Freedom Wrapper Project!