Optionally exclude chromium

[ddxor]

It may be desirable to empower users to omit chromium because of the ambiguous connections that chromium makes to Google services without user interaction. [1] Admittedly using this option will forfeit some of chromium's more advanced security protections, but as a trade-off users benefit from greater privacy. Putting security first with an opinionated default; the default remains to include chromium where no other desire is indicated.

[1] https://www.reddit.com/r/privacy/comments/34tc2f/how_safe_is_chromium_privacy_wise/

[ddxor]

Maybe worth mentioning that I have executed successful builds with the include-chromium set to true and false, and also with it missing. All cases build and perform as expected.

[ddxor]

I've also fixed a bug with build list as described in commit 550ccf0.

[dan-v]

Hi @ddxor! Thanks for the PR, but I will need to think about whether I want to include this; if I did include this it would have to have many warning flags that this is insecure and only meant for testing. The reason being is that AOSP webview (and the browser) is not meant to be used beyond testing; it's not up to date, doesn't get security updates, etc. It's important to maintain an up to date webview at the very least which requires building Chromium unfortunately. I would have a hard time recommending using an unmaintained core system level component for the sake of privacy as I don't think you can really have privacy without proper security.

From there docs here:
"The prebuilt is provided in order to ensure that AOSP has a functional WebView for development and testing purposes. It is not currently updated on a regular schedule, and may have known security issues. It is strongly recommended that AOSP system images which are being shipped to end user devices include a recent stable version of WebView built following this guide, instead of the potentially outdated prebuilt version."

[ddxor]

Would you instead consider a PR to include bromite and bromite webview in place of chromium as an optional flag?

[dan-v]

Some thoughts:

1. I don't want to support building Bromite from source as I did this early on in the project and it constantly had patches not working and builds failing. I also used Bromite as a webview for a while and it broke a small number of apps in subtle ways that I didn't realize until swapping back over to standard Chromium webview.
2. Bromite at the moment doesn't have a V80 release which is required for a working webview in AOSP 10.0. You can read more about that issue here.
3. I would potentially be open to having an optional flag to use Bromite and the webview from pre-compiled releases with verification of the signature on the APK files.
4. I would be more open to having an option that would exclude chromium/webview and instead required you to provide a browser/webview yourself using the customization options. Including Bromite today could be possible in the form of a script that just copied the two APKs over the top of the existing webview and chromium and then update the webviewproviders. But I think it could be done more cleanly in combination with an explicit option like what you provided in initial PR that bypasses the Chromium build altogether.

My preference in general would be to not add new things like this into the core of the project and instead make it a customization that I don't need to personally maintain. I'd be happy to move a customization like this into the RattlesnakeOS organization where others could more easily find it and help contribute. I'd also still consider having it be an optional flag in the core code, as I think it would be a lot more streamlined and others would probably be interested in something like this, but it would need to be lightweight in terms of changes, have a working V80 webview, have a low likelihood of causing build failures, and validate all signatures for prebuilt APKs.

[dan-v]

Going to close this for now as I don't want to support providing an insecure webview; happy to re-open if you want to make a config flag to provide a custom webview (like bromite) without require building chromium.