February 3, 2014 | By Parker Higgins and Yan Zhu and Yan Zhu

Making the Mobile Web Safer with HTTPS Everywhere

EFF is bringing the security and privacy of HTTPS Everywhere to an important new frontier: your Android phone. As of today, you can install HTTPS Everywhere on Firefox for Android (until now, it could only protect desktop browsers). With HTTPS Everywhere installed, Firefox for Android encrypts thousands of connections from your browser that would otherwise be insecure. This gives Firefox a huge security advantage over every other mobile browser available today.

This is exciting news, because HTTPS encryption allows smartphone users to safely download apps, browse the web, exchange emails and instant messages, sync data between devices, and countless other everyday tasks. As we carry around our phones and tablets, we often connect to unfamilar WiFi networks, putting our personal data at risk of being monitored, collected, and tampered with by anyone else on the same network, as well as Internet Service Providers, network operators, and government agencies. In fact, we discovered last week that NSA and GCHQ have been invisibly tracking and profiling users based on data leakage from smartphone apps.

HTTPS Everywhere guards agains these attacks in your browser by switching insecure HTTP connections to secure HTTPS connections whenever possible using thousands of URL rewrite rules. Whereas data sent to a server over HTTP can easily be read and modified by third parties, HTTPS uses strong encryption to guarantee data confidentiality and integrity.

To install HTTPS Everywhere for Firefox Android:

  1. Install the latest release of Firefox on your Android phone.
  2. Open the HTTPS Everywhere download link in Firefox for Android.

Once HTTPS Everywhere is installed, you'll see its icon on the right hand side of the address bar. You can click the icon to turn rewrite rules on/off for the current page or click-and-hold the icon to restore default settings.

By our estimates, HTTPS Everywhere encrypts hundreds of billions of page views and over a trillion individual requests per year. However, there's an important limitation: it can only encrypt requests where the website you're connecting to supports HTTPS in the first place. It's essential that more sites across the web take up the responsibility of enabling HTTPS encryption. Recent revelations have made it abundantly clear that all apps should be committed to sending no user data unencrypted. The browser is a great place to start that commitment.

PS — a quick note to iPhone users: we're sorry we can't help you to secure your mobile browsing experience. Apple's policy of locking out Mozilla means you can't have a more secure browser in your pocket.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

El gobierno podrá acceder directamente sin orden judicial a tú geolocalización ¿y tu privacidad?: https://eff.org/r.t0qo via @ocram

Jul 29 @ 1:41pm

The NSA is trying to blame privacy advocates for its continued storage of telephone records. You read that right. https://eff.org/r.mfp0

Jul 29 @ 12:59pm

TPP negotiators are now meeting at a luxury hotel in Hawaii, trying to finalize the toxic anti-user deal: https://eff.org/r.zr7c

Jul 29 @ 11:26am
JavaScript license information