Bromite – Take back your browser
Bromite is a Chromium fork with support for ad blocking and enhanced privacy.
Bromite is only available for Android Marshmallow (v6.0, API level 23) and above.
Features
- customizable adblock filters via user-provided URL (see https://www.bromite.org/custom-filters)
- automatically updated adblock filters
- remove click-tracking and AMP from search results
- DNS-over-HTTPS support with any valid IETF DoH endpoint
- always-incognito mode
- disable all field trials permanently
- disable smart search by default, allow web search from incognito mode
- always-visible cookies, javascript and ads site settings from address bar popup
- remove Play integration binary blobs
- use CFI on all architectures except x86
- enable trivial auto var init
- disable media router and remoting by default
- disable dynamic module loading
- show warnings for TLSv1.0/TLSv1.1 pages
- enable site-per-process isolation for all devices with memory > 1GB
- completely remove safe browsing and other privacy-unfriendly features
- proxy configuration page with PAC and custom proxy lists support
- settings to disable custom intents and clear session on exit
- flags to toggle anti-fingerprinting mitigations for canvas, audio, client rects, webGL and sensor APIs (see full list below for all the new flags)
- use frozen User-Agent to conceal real model and browser version
- privacy enhancement patches from Iridium, Inox patchset, Brave and ungoogled-chromium projects
- security enhancement patches from GrapheneOS project
- disable scroll-to-text-fragment
- reduced referer granularity
- block gateway attacks via websockets (partial fix, see this upstream issue)
- use 64-bit ABI for webview processes
- make all favicon requests on-demand (supercookie mitigation)
- enable all network isolation features (
PartitionConnectionsByNetworkIsolationKey,PartitionHttpServerPropertiesByNetworkIsolationKey,SplitHostCacheByNetworkIsolationKey,AppendFrameOriginToNetworkIsolationKey,SplitCacheByNetworkIsolationKey,UseRegistrableDomainInNetworkIsolationKey,PartitionSSLSessionsByNetworkIsolationKey,PartitionExpectCTStateByNetworkIsolationKey,PartitionDomainReliabilityByNetworkIsolationKey) - ignore enterprise policies that disallow secure DNS
- ask permission to play protected media
- disable the DIAL repeating discovery
- disable RTCGetCurrentBrowsingContextMedia by default
- disable FLoC and privacy sandbox by default
- disable feeds
- disable reporting of certificate errors
- use pre-defined phone model for client hints and Javascript
- allow forcing external links to open in incognito
- disable AGSA by default
- flag to enable Certificate Transparency
- allow adding search engines from incognito mode
- disable predictors
- disable supervised users
- disable safety check
- disable capability to block
view-source:URLs - disable
SegmentationPlatformFeature,OptimizationHints, client hint headers - disable
AsyncDNSby default - customize history expiration threshold
- disable idle detection
- HTTPS-only mode enabled by default
- disable TLS resumption by default
- partition DoH requests by top-frame NIK
- strict site isolation and strict origin isolation
Features not related to privacy
- browser automatic updates, enabled by default
- native Android autofill support
- import/export bookmarks
- bookmark all tabs from tabs regroup menu
- allow playing videos in background tabs and disable pause on switching tabs
- all codecs included (proprietary, open H.264 etc.)
- AV1 codec support
- dav1d decoder enabled by default
- built with official speed optimizations
- increase number of autocomplete matches from 5 to 10
- allow changing default download storage location
- do not ignore save prompt for users without SD cards
- disable articles and increase number of icons on new tab page
- adding an URL as bookmark will clear its blocked status for the NTP tiles
- history support in incognito mode
- view source of pages
- sticky desktop mode setting
- mobile/desktop user agent customization
- accessibility preference to force tablet UI
- use Alt+D to focus address bar
- allow sharing to Bromite
- UI for crash information collection
- allow OpenSearch search engine detection in incognito
- allow OpenSearch search engine detection with paths
- keyboard dictionary hints in address bar
- always allow
view-source:URLs - allow moving navigation bar to bottom
- add option to use home page as NTP
Flags
Flags which have been retired from upstream Chromium but are still available in Bromite.
#pull-to-refresh#enable-search-ready-omnibox#darken-websites-checkbox-in-themes-setting#simplified-ntp, enabled by default#enable-text-fragment-anchor, disabled by default#num-raster-threads#enable-image-reader, enabled by default#enable-tab-groupsand#enable-tab-groups-ui-improvements#offline-indicator-v2
New flags:
#fingerprinting-canvas-image-data-noise,#fingerprinting-client-rects-noiseand#fingerprinting-canvas-measuretext-noise, enabled by default#incognito-screenshot, disabled by default#max-connections-per-host#resume-background-video#ipv6-probing#enable-device-motionand#enable-device-orientation#show-legacy-tls-warnings#save-data-header, disabled by default#export-bookmarks-use-saf, disabled by default#allow-user-certificates, disabled by default#cleartext-permitted, enabled by default, can be used to disable all cleartext-HTTP traffic#omnibox-autocomplete-filtering, can be used to restrict omnibox autocomplete results#disable-external-intent-requests, can be used to disable opening any external app for any URL#enable-userscripts-log, see https://github.com/bromite/bromite/wiki/UserScripts#flags#certificate-transparency-enabled, enabled by default; see https://chromium.googlesource.com/chromium/src/+/master/net/docs/certificate-transparency.md#move-top-toolbar-to-bottom, disabled by default#site-engagement, enabled by default#offline-pages-auto-save, disabled by default, allows auto-saving of pages when device goes offline#adaptive-button-in-top-toolbar-customization, disabled by default, allows having a new tab or share button on the address bar
Site settings
- webGL, disabled by default
- images, enabled by default
- Javascript JIT, disabled by default
- timezone customization override
- autoplay, disabled by default
- webRTC, disabled by default
Privacy limitations
Bromite’s privacy features, including anti-fingerprinting mitigations (which are not comprehensive), are not to be considered useful for journalists and people living in countries with freedom limitations, please look at Tor Browser in such cases.
