Similar connectivity checks are also performed by the hardened Chromium browser (Vanadium).
+ +GrapheneOS includes a Vanadium subproject providing privacy and security enhanced + releases of Chromium. Vanadium is both the user-facing browser included in the OS and + the provider of the WebView used by other apps to render web content. The WebView is + the browser engine used by the vast majority of web browsers and nearly all other apps + embedding web content or using web technologies for other uses.
+ +Using Vanadium is highly recommended and Bromite is a good alternative if you want + a few more features like ad-blocking and more aggressive anti-fingerprinting. Vanadium + is working towards including these features and is actively collaborating with + Bromite. Other Chromium-based browsers like Brave can also be decent choices. + Standalone browsers based on Chromium have by far the best sandbox implementation. + Site isolation can also be enabled, which makes the sandbox enforce a security + boundary containing each site rather than isolating content as a whole. Vanadium + enables site isolation by default, and Bromite enables it on high memory devices, + including all officially supported GrapheneOS devices. Site isolation prevents an + attacker from obtaining cookies (like login sessions) and other data tied to other + sites if they successfully exploit the browser's rendering engine. It also provides + the strongest available mitigation for Spectre-based side channel attacks.
+ +WebView-based browsers use the hardened Vanadium rendering engine, but they can't + offer as much privacy and control due to being limited to the capabilities supported + by the WebView widget. For example, they can't provide a setting for toggling sensors + access because the feature is fairly new and the WebView WebSettings API doesn't yet + include support for it as it does for JavaScript, location, cookies, DOM storage and + other older features. The WebView sandbox also currently runs every instance within + the same process and doesn't support site isolation.
+ +Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable
+ to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have
+ a WebView implementation, so it has to be used alongside the Chromium-based WebView
+ rather than instead of Chromium, which means having the remote attack surface of two
+ separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a
+ fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox
+ runs as a single process on mobile and has no sandbox beyond the OS sandbox. This is
+ despite the fact that Chromium semantic sandbox layer on Android is implemented via
+ the OS isolatedProcess feature, which is a very easy to use boolean
+ property for app service processes to provide strong isolation with only the ability
+ to communicate with the app running them via the standard service API. Even in the
+ desktop version, Firefox's sandbox is still substantially weaker (especially on Linux,
+ where it can hardly be considered a sandbox at all) and lacks support for isolating
+ sites from each other rather than only containing content as a whole.