February 3, 2014 | By Parker Higgins and Yan Zhu and Yan Zhu

Making the Mobile Web Safer with HTTPS Everywhere

EFF is bringing the security and privacy of HTTPS Everywhere to an important new frontier: your Android phone. As of today, you can install HTTPS Everywhere on Firefox for Android (until now, it could only protect desktop browsers). With HTTPS Everywhere installed, Firefox for Android encrypts thousands of connections from your browser that would otherwise be insecure. This gives Firefox a huge security advantage over every other mobile browser available today.

This is exciting news, because HTTPS encryption allows smartphone users to safely download apps, browse the web, exchange emails and instant messages, sync data between devices, and countless other everyday tasks. As we carry around our phones and tablets, we often connect to unfamilar WiFi networks, putting our personal data at risk of being monitored, collected, and tampered with by anyone else on the same network, as well as Internet Service Providers, network operators, and government agencies. In fact, we discovered last week that NSA and GCHQ have been invisibly tracking and profiling users based on data leakage from smartphone apps.

HTTPS Everywhere guards agains these attacks in your browser by switching insecure HTTP connections to secure HTTPS connections whenever possible using thousands of URL rewrite rules. Whereas data sent to a server over HTTP can easily be read and modified by third parties, HTTPS uses strong encryption to guarantee data confidentiality and integrity.

To install HTTPS Everywhere for Firefox Android:

  1. Install the latest release of Firefox on your Android phone.
  2. Open the HTTPS Everywhere download link in Firefox for Android.

Once HTTPS Everywhere is installed, you'll see its icon on the right hand side of the address bar. You can click the icon to turn rewrite rules on/off for the current page or click-and-hold the icon to restore default settings.

By our estimates, HTTPS Everywhere encrypts hundreds of billions of page views and over a trillion individual requests per year. However, there's an important limitation: it can only encrypt requests where the website you're connecting to supports HTTPS in the first place. It's essential that more sites across the web take up the responsibility of enabling HTTPS encryption. Recent revelations have made it abundantly clear that all apps should be committed to sending no user data unencrypted. The browser is a great place to start that commitment.

PS — a quick note to iPhone users: we're sorry we can't help you to secure your mobile browsing experience. Apple's policy of locking out Mozilla means you can't have a more secure browser in your pocket.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Op-ed from EFF's @ncardozo: if your business model depends on fooling customers, it deserves to fail https://eff.org/r.gjvi

Oct 6 @ 6:17pm

Facebook's name policy harms human rights activists, LGBTQ people, domestic violence survivors, and more.

Oct 6 @ 6:09pm

New Zealand confirms half the TPP countries will be forced to extend copyright term by 20 years. We have to stop it. https://eff.org/r.oygk

Oct 6 @ 3:37pm
JavaScript license information