Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn’t happening for their Android browser yet.
Does this change their current assessment substantially?
Possibly, they’ll likely re-evaluate when this is actually done. However, they also state the desktop version is weaker than the chrome counterpart,
If that remains true for the android version as well, I suspect their stance will remain the same.
From GrapheneOS:
Does this change their current assessment substantially?
Possibly, they’ll likely re-evaluate when this is actually done. However, they also state the desktop version is weaker than the chrome counterpart, If that remains true for the android version as well, I suspect their stance will remain the same.