February 3, 2014 | By Parker Higgins and Yan Zhu and Yan Zhu

Making the Mobile Web Safer with HTTPS Everywhere

EFF is bringing the security and privacy of HTTPS Everywhere to an important new frontier: your Android phone. As of today, you can install HTTPS Everywhere on Firefox for Android (until now, it could only protect desktop browsers). With HTTPS Everywhere installed, Firefox for Android encrypts thousands of connections from your browser that would otherwise be insecure. This gives Firefox a huge security advantage over every other mobile browser available today.

This is exciting news, because HTTPS encryption allows smartphone users to safely download apps, browse the web, exchange emails and instant messages, sync data between devices, and countless other everyday tasks. As we carry around our phones and tablets, we often connect to unfamilar WiFi networks, putting our personal data at risk of being monitored, collected, and tampered with by anyone else on the same network, as well as Internet Service Providers, network operators, and government agencies. In fact, we discovered last week that NSA and GCHQ have been invisibly tracking and profiling users based on data leakage from smartphone apps.

HTTPS Everywhere guards agains these attacks in your browser by switching insecure HTTP connections to secure HTTPS connections whenever possible using thousands of URL rewrite rules. Whereas data sent to a server over HTTP can easily be read and modified by third parties, HTTPS uses strong encryption to guarantee data confidentiality and integrity.

To install HTTPS Everywhere for Firefox Android:

  1. Install the latest release of Firefox on your Android phone.
  2. Open the HTTPS Everywhere download link in Firefox for Android.

Once HTTPS Everywhere is installed, you'll see its icon on the right hand side of the address bar. You can click the icon to turn rewrite rules on/off for the current page or click-and-hold the icon to restore default settings.

By our estimates, HTTPS Everywhere encrypts hundreds of billions of page views and over a trillion individual requests per year. However, there's an important limitation: it can only encrypt requests where the website you're connecting to supports HTTPS in the first place. It's essential that more sites across the web take up the responsibility of enabling HTTPS encryption. Recent revelations have made it abundantly clear that all apps should be committed to sending no user data unencrypted. The browser is a great place to start that commitment.

PS — a quick note to iPhone users: we're sorry we can't help you to secure your mobile browsing experience. Apple's policy of locking out Mozilla means you can't have a more secure browser in your pocket.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Tech companies should not validate secret trade agreements like TISA as a way to decide new rules for the Internet: https://eff.org/r.hxui

Aug 27 @ 5:58pm

Malaysian PM cracks down on peaceful anti-corruption protest by censoring organizer's website and news reports: https://eff.org/r.y6pv

Aug 27 @ 5:20pm

¿Estoy siendo rastreado?, una plataforma sobre seguimiento en redes celulares: https://eff.org/r.w9wk

Aug 27 @ 4:44pm
JavaScript license information