Disable FTP on Android
Categories
(Core Graveyard :: Networking: FTP, task)
Tracking
(Not tracked)
People
(Reporter: jan, Unassigned)
References
(Blocks 1 open bug)
Details
(5 keywords)
Attachments
(1 obsolete file)
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eopgOoY1QLs/discussion
FTP is a non-securable, legacy protocol. We've WONTFIXed FTP support on iOS, but its usage in Blink-based Chrome is high-enough that it seems difficult to remove all at once. This seems like a reasonable way of reducing its viability as an attack surface as a stepping stone to more complete removal.
Usage information from UseCounter
Looking atNavigation.MainFrameSchemeDifferentPage
for the past 7 days, I see 0.06% of stable users navigating to anftp:
page (0.003% of total navigations). Looking atDownload.TargetConnectionSecurity
for the same time period, I see 0.04% of users downloading a resource fromftp:
(0.03% of downloads). If I limit the platform to Android, I see less usage:Navigation.MainFrameSchemeDifferentPage
is 0.01% of users and 0.0003% of total navigations,Download.TargetConnectionSecurity
is 0.01% of users and 0.003% of total downloads.
Support for rendering FTP resources was removed by https://crbug.com/744499. It's planned in bug 1560699.
Issue 500548: Remove FTP for Android
FTP is hardly used on Chrome-for-Android. We should see how much binary size reduction we would get for removing it.
There's a more general bug to remove FTP support across platforms. However, there is significantly more usage on desktop than mobile so we'd want to have a better replacement story in place. On Android we won't have an app fallback, but it is also used less frequently.
Reporter | ||
Updated•6 years ago
|
Reporter | ||
Comment 1•6 years ago
|
||
Comment 2•6 years ago
|
||
Mike, what do you think about this proposed change?
Updated•6 years ago
|
Reporter | ||
Comment 3•6 years ago
|
||
In comparison, bug 1227521 will inevitably cause some complains against all browser vendors next year, but this is a safe change as it's completely unusual to use ftp:// on Android. Incremental deprecation and removal of FTP is desired: bug 85464 comment 34 and other comments.
Sadly it's not even protected by HSTS and Android users are regularly using public WiFi networks, therefore far more often exposed to MitM attacks.
It would still be possible to manually re-enable it for some time.
Comment 4•6 years ago
|
||
:dveditz, is this a security hole we are concerned with? I would love your opinion.
I'm concerned about breaking a user flow that we are unaware of, perhaps mobile users clicking on an FTP link embedded in a site that downloads a menu, PDF file, other doc. Let me see if I can't also get current usage stats for Firefox Android.
Reporter | ||
Updated•5 years ago
|
Comment 5•5 years ago
|
||
I don't have a strong opinion about FTP. it's an old crufty protocol and, like http:, not private or secure. Like http: we wish it would go away, but we're a User Agent and as long as users need to get to those resources we need to keep supporting those protocols. Do users still need it on android? I don't know -- that's a data science and Product decision.
Desktop will be rolling out new "insecure" icons for http: rather than the default nothing. Is Android doing the same? If so ftp: urls should get the same treatment if we don't remove FTP functionality entirely.
Is it a "security hole"?
- I'm not worried about the "attack surface" of our ftp implementation. Less is always better, but this is old, stable, fuzzed code.
- the privacy/tampering risks to users are the same as with http: links. If we remove FTP and there are equivalent HTTPS links then we've forced users into safer behavior. If there aren't then what do those frustrated users do? If they give up, yay for us? If they switch to a different browser to download it anyway then it's no win for them or Firefox.
But FTP support does need to go away at some point. If usage is small enough maybe that's now.
Comment hidden (obsolete) |
Reporter | ||
Comment 7•5 years ago
|
||
I missed that Fennec Nightly and Stable have both been migrated to 68esr. So this change should only affect GeckoView & Fenix for now.
Comment 8•5 years ago
|
||
Data science does not currently have usage numbers for FTP. I don't see a reason to rush this change and have asked DS to gather additional data to help support this decision (bug 1570155).
Updated•5 years ago
|
Reporter | ||
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Updated•1 year ago
|
Description
•