←back to thread

Show HN: Helium Browser for Android with extensions support, based on Vanadium

(github.com)
64 points jqssun | 1 comments | 26 Oct 25 22:41 UTC | HN request time: 0.205s | source

Been working on an experimental Chromium-based browser that brings 2 major features to your phone/tablet:

1. desktop-style extensions: natively install any extensions (like uBO) from the chrome web store, just toggle "desktop site" in the menu first.

2. privacy/security hardening: applies the full patch sets from Vanadium (with Helium's currently wip).

Means you get both browsers' excellent privacy features, like Vanadium's webrtc IP policy option that protects your real IP by default, and security improvements such as JIT being disabled by default, all while being a reasonably efficient FOSS app that can be installed on any (modern) android.

It's still in beta, and as I note in the README, it's not a replacement for the full OS-level security model you'd get from running the GrapheneOS Vanadium combo. However, goal was to combine privacy of Vanadium with the power of desktop extensions and Helium features, and make it accessible to a wider audience. (Passkeys from Bitwarden Mobile should also work straight away once merged in the list of FIDO2 privileged browsers)

Build scripts are in the repo if you want to compile it yourself. You can find pre-built releases there too.

Would love any feedback/support!

Show context
imcritic ◴[27 Oct 25 00:59 UTC] No.45716369[source]
Do you have any plans to push it to F-Droid?

That would raise the value of that project quite a lot (at least for me, but I feel like there are others, thinking similarly).

Please, push it to F-Droid!

replies(2): >>45716584 #>>45722618 #
orba9 ◴[27 Oct 25 16:07 UTC] No.45722618[source]
f-droid is unsuitable for a browser. they regularly block security patches for many months and violate the android security model. anyone who cares about their privacy or security should not be using it
replies(1): >>45729434 #
1. anonym29 ◴[28 Oct 25 05:22 UTC] No.45729434[source]
Sorry to sound like an ad, but I'd hate myself if I didn't take the opportunity to mention Accrescent, which is a big leap forward from an end-user security perspective vs F-Droid: https://accrescent.app/

Of course, if Google succeeds in their mission to kill AOSP, kill unsigned APK installation (even for power users) and force all developers to submit photo ID, this is kind of moot.

The mobile FOSS community would benefit from accelerating transition away from Android to alternatives, even as incomplete and insecure as they are at the moment. The upstream maintainer of the OS itself is an entity that is hostile to the ownership rights end users have over their own devices, has been doing a ton of engineering work on "DRM" (to "manage" aka remove YOUR rights), has shown warning signs of abandoning the open source nature of AOSP itself, and has generally signaled extensive hostility towards their own end users, on an ongoing basis, across more or less all of their product lines. Alphabet/Google has been very clear about telegraphing how much they hate your freedom and how hard they're working to alleviate you from the burdensome weight of being able to decide what runs on your own hardware that you purchased.

I say this as a disappointed and worried GrapheneOS user. You can rip Google out of Android. Ripping AOSP out of Android is a much more complicated and much less realistic task, though. I'm not advocating for everyone moving their entire PROD workflow off of Android and onto a Linux smartphone today, but we shouldn't be burying our heads in the sand to the long-term risks that Alphabet itself poses to the availability, auditability, trustworthiness, and usefulness of AOSP.