Closed Bug 1635011 Opened 5 years ago Closed 5 years ago

resistFingerprinting: Bump spoofed OS versions to macOS 10.15 and Android 9

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla78
Tracking Flags:
Tracking Status
firefox-esr68 --- wontfix
firefox75 --- wontfix
firefox76 --- wontfix
firefox77 --- wontfix
firefox78 --- fixed

People

(Reporter: cpeterson, Assigned: cpeterson)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(4 files)

Bug 1635011 - Bump resistFingerprinting's spoofed macOS version from 10.14 to 10.15. r?tjr
47 bytes, text/x-phabricator-request
Details | Review
Bug 1635011 - Bump resistFingerprinting's spoofed Android version from 8.1 to 9. r?tjr!,#geckoview-reviewers!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1635011 - Upgrade resistFingerprinting's spoofed Android CPU architecture from "armv7l" to "aarch64". r?tjr!,#geckoview-reviewers!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1635011 - Bump fallback Android version from 6.0.99 to 10.0.99. r?#geckoview-reviewers
47 bytes, text/x-phabricator-request
Details | Review

Fx78 will be the next ESR version and base for the Tor browser. The Fx78 Nightly cycle, starting next week, is our opportunity to bump the macOS and Android OS versions spoofed in privacy.resistFingerprinting mode.

The most common macOS version as of April 2020 is macOS 10.15 at 48.98%:

https://gs.statcounter.com/macos-version-market-share/desktop/worldwide/#monthly-201903-202004

Based on previous macOS release schedules, macOS 10.16 will likely be released in September 2020 and overtake 10.15's market share in December 2020:

https://gs.statcounter.com/macos-version-market-share/desktop/worldwide/#quarterly-201801-202002

The most common Android versions among Fennec users as of May 2020 are:

32.02% Android 9 Pie (API 28)
19.41% Android 10 (API 29)
9.28% Android 8.0 Oreo (API 26)
8.99% Android 7.0 Nougat (API 24)
8.24% Android 8.1 Oreo (API 27)

https://sql.telemetry.mozilla.org/queries/57140

The most common Android versions overall as of April 2020 are:

37.40% Android 9 Pie (API 28)
16.12% Android 10 (API 29)
11.29% Android 8.1 Oreo (API 27)
7.37% Android 8.0 Oreo (API 26)
6.24% Android 7.0 Nougat (API 24)
...

https://gs.statcounter.com/android-version-market-share/mobile-tablet/worldwide/#monthly-201903-202004

Android 10 is the latest version and is steadily converting Android 9 users, but I think we should spoof Android 9 because it's still the most common version and will likely remain so until the end of 2020.

Depends on D73591

The device's CPU architecture is not exposed in Gecko's (or Chrome's or Safari's) User-Agent string, but it can be read by JavaScript via the navigator.oscpu and navigator.platform APIs.

CPU architecture telemetry for Fenix users as of May 2020:

80.4% arm64-v8a (aarch64)
17.2% armeabi-v7a (armv7)
2.4% x86?

https://sql.telemetry.mozilla.org/queries/64381#164300

CPU architecture telemetry for Fennec users as of May 2020:

64.57% arm64-v8a (aarch64)
34.24% armeabi-v7a (armv7)
0.99% x86
0.20% x86_64

https://sql.telemetry.mozilla.org/queries/68742

Depends on D73592

Chromium's current fallback ("default") Android version is 10.0.99, which is the latest Android major version number with a bugfix patch version number higher than any expected actual release:

https://source.chromium.org/chromium/chromium/src/+/master:base/system/sys_info_android.cc;l=63-69;drc=6d9b68de0b0fb9a64a7bd2d2b6da49f1eaacec43

Depends on D73593

Status: NEW → ASSIGNED
Whiteboard: [domsecurity-active]
Pushed by cpeterson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b9b4effe91fd Bump resistFingerprinting's spoofed macOS version from 10.14 to 10.15. r=tjr https://hg.mozilla.org/integration/autoland/rev/ba0afee33fea Bump resistFingerprinting's spoofed Android version from 8.1 to 9. r=tjr,geckoview-reviewers,agi https://hg.mozilla.org/integration/autoland/rev/280e7c264b78 Upgrade resistFingerprinting's spoofed Android CPU architecture from "armv7l" to "aarch64". r=tjr,geckoview-reviewers,agi https://hg.mozilla.org/integration/autoland/rev/78d8aa6031e0 Bump fallback Android version from 6.0.99 to 10.0.99. r=geckoview-reviewers,agi
Summary: resistFingerprinting: Bump spoofed macOS and Android OS versions → resistFingerprinting: Bump spoofed OS versions to macOS 10.15 and Android 9
Blocks: 1711179
Blocks: 1861847
No longer blocks: 1861847
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: