February 3, 2014 | By Parker Higgins and Yan Zhu and Yan Zhu

Making the Mobile Web Safer with HTTPS Everywhere

EFF is bringing the security and privacy of HTTPS Everywhere to an important new frontier: your Android phone. As of today, you can install HTTPS Everywhere on Firefox for Android (until now, it could only protect desktop browsers). With HTTPS Everywhere installed, Firefox for Android encrypts thousands of connections from your browser that would otherwise be insecure. This gives Firefox a huge security advantage over every other mobile browser available today.

This is exciting news, because HTTPS encryption allows smartphone users to safely download apps, browse the web, exchange emails and instant messages, sync data between devices, and countless other everyday tasks. As we carry around our phones and tablets, we often connect to unfamilar WiFi networks, putting our personal data at risk of being monitored, collected, and tampered with by anyone else on the same network, as well as Internet Service Providers, network operators, and government agencies. In fact, we discovered last week that NSA and GCHQ have been invisibly tracking and profiling users based on data leakage from smartphone apps.

HTTPS Everywhere guards agains these attacks in your browser by switching insecure HTTP connections to secure HTTPS connections whenever possible using thousands of URL rewrite rules. Whereas data sent to a server over HTTP can easily be read and modified by third parties, HTTPS uses strong encryption to guarantee data confidentiality and integrity.

To install HTTPS Everywhere for Firefox Android:

  1. Install the latest release of Firefox on your Android phone.
  2. Open the HTTPS Everywhere download link in Firefox for Android.

Once HTTPS Everywhere is installed, you'll see its icon on the right hand side of the address bar. You can click the icon to turn rewrite rules on/off for the current page or click-and-hold the icon to restore default settings.

By our estimates, HTTPS Everywhere encrypts hundreds of billions of page views and over a trillion individual requests per year. However, there's an important limitation: it can only encrypt requests where the website you're connecting to supports HTTPS in the first place. It's essential that more sites across the web take up the responsibility of enabling HTTPS encryption. Recent revelations have made it abundantly clear that all apps should be committed to sending no user data unencrypted. The browser is a great place to start that commitment.

PS — a quick note to iPhone users: we're sorry we can't help you to secure your mobile browsing experience. Apple's policy of locking out Mozilla means you can't have a more secure browser in your pocket.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

¿En el #LACIGF2016? El martes compartiremos el informe: Vigilancia y privacidad en 13 países de America Latina

Jul 23 @ 6:52am

25 Members of Congress have launched a new bipartisan caucus to defend Fourth Amendment rights: https://www.eff.org/deeplinks...

Jul 22 @ 5:49pm

EFF & @APC_news are in Costa Rica for the #LACIGF2016. Join us for our join human rights event on July 26 at 9:00AM

Jul 22 @ 12:57pm
JavaScript license information