Enable Https by Default in Android Nightly

[arthuredelstein]

See #559

[kjozwiak]

Merging into main so QA can run through the changes on staging before merging #561 into production.

[kjozwiak]

Android verifications on Nightly

Went through the STR/Cases mentioned via brave/brave-core#10408 (comment) and ensured that Brave was using https://variations.bravesoftware.com/seed which is the staging URL.

Also used brave/brave-core#17581 (comment) as a reference re: all the cases that I ran through.

Pixel 6 running Android 13 Test Cases

BraveHttpsByDefaultRolloutStudy:Enabled

Verification PASSED on Pixel 6 running Android 13 using the following build(s):

Brave | 1.52.4 Chromium: 112.0.5615.39 (Official Build) canary (32-bit)
--- | ---
Revision | a0e7b9718a92bcd1cf33b7c95316caff3fc20714-refs/branch-heads/5615@{#753}
OS | Android 13; Build/TQ2A.230305.008.E1

• launched 1.52.4 Chromium: 112.0.5615.39 and ensured that BraveHttpsByDefaultRolloutStudy isn't visible/being used via brave://version
• restarted the browser and ensured that BraveHttpsByDefaultRolloutStudy:Enabled via brave://version
• ensured that the new HTTPS drop down context menu via the shields panel was added with the following choices
  • Require all connections to use HTTPS (strict), Upgrade to HTTPS whenever possible (default) and Don't upgrade connections to HTTPS (disabled)
• ensured that the new HTTPS settings are being added via Settings -> Brave Shields & privacy with the following choices:
  • Require all connections to use HTTPS (strict), Upgrade to HTTPS whenever possible (default) and Don't upgrade connections to HTTPS (disabled)

Example	Example	Example	Example	Example	Example

BraveHttpsByDefaultRolloutStudy:Enabled - Shields Panel (Upgrade to HTTPS whenever possible (default))

• using the STR/Cases mentioned via BraveHttpsByDefaultRolloutStudy:Enabled, ensure that you're part of BraveHttpsByDefaultRolloutStudy:Enabled via brave://version
• ensured that Upgrade to HTTPS whenever possible (default) is selected as the default (if the user hasn't changed anything)
  • ensured that http://insecure.arthuredelstein.net loads without any issues (shouldn't be upgrading)
  • ensured that http://http.badssl.com loads without any issues (shouldn't be upgrading)
  • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net (should be upgraded)

Example	Example	Example	Example

BraveHttpsByDefaultRolloutStudy:Enabled - Shields Panel (Require all connections to use HTTPS (strict))

• using the STR/Cases mentioned via BraveHttpsByDefaultRolloutStudy:Enabled, ensure that you're part of BraveHttpsByDefaultRolloutStudy:Enabled via brave://version
• visit http://insecure.arthuredelstein.net, http://http.badssl.com and http://upgradable.arthuredelstein.net and ensure that Require all connections to use HTTPS (strict) is selected via the shields panel
  • ensure that http://insecure.arthuredelstein.net displays The connection to insecure.arthuredelstein.net is not secure
    • ensure that Continue to site loads http://insecure.arthuredelstein.net without any issues
    • ensured that http://insecure.arthuredelstein.net loads without any issues after several restarts once Continue is selected
    • ensured that you Turn on warnings works as expected via the Not Secure drop down
  • ensure that http://http.badssl.com displays The connection to http.badssl.com is not secure
    • ensure that Continue to site loads http://http.badssl.com without any issues
    • ensured that http://http.badssl.com loads without any issues after several restarts once Continue is selected
    • ensured that you Turn on warnings works as expected via the Not Secure drop down
  • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net (should be upgraded)

Example	Example	Example	Example	Example

Example	Example	Example	Example	Example

BraveHttpsByDefaultRolloutStudy:Enabled - Shields Panel (Don't upgrade connections to HTTPS (disabled))

• using the STR/Cases mentioned via BraveHttpsByDefaultRolloutStudy:Enabled, ensure that you're part of BraveHttpsByDefaultRolloutStudy:Enabled via brave://version
• visit http://insecure.arthuredelstein.net, http://http.badssl.com and http://upgradable.arthuredelstein.net and ensure that Don't upgrade connections to HTTPS (disabled) is selected via the shields panel
  • ensure that http://insecure.arthuredelstein.net loads without any issues
  • ensure that http://http.badssl.com loads without any issues
  • ensured that http://upgradable.arthuredelstein.net doesn't upgrade to HTTPS (make sure website loads without issues)
    • basically ensuring that https://upgradable.arthuredelstein.net doesn't load

Example	Example	Example	Example

BraveHttpsByDefaultRolloutStudy:Enabled - Upgrade to HTTPS whenever possible (default) selected via Settings

• using the STR/Cases mentioned via BraveHttpsByDefaultRolloutStudy:Enabled, ensure that you're part of BraveHttpsByDefaultRolloutStudy:Enabled via brave://version
• went into Settings -> Brave Shields & privacyand ensured thatUpgrade to HTTPS whenever possible (default)` was selected
  • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net (should be upgraded)

Example	Example

BraveHttpsByDefaultRolloutStudy:Enabled - Require all connections to use HTTPS (strict) selected via Settings

• using the STR/Cases mentioned via BraveHttpsByDefaultRolloutStudy:Enabled, ensure that you're part of BraveHttpsByDefaultRolloutStudy:Enabled via brave://version
• went into Settings -> Brave Shields & privacyand selectedRequire all connections to use HTTPS (strict)`
• visit http://insecure.arthuredelstein.net, http://http.badssl.com and http://upgradable.arthuredelstein.net and ensure that Require all connections to use HTTPS (strict) is selected via the shields panel
  • ensure that http://insecure.arthuredelstein.net displays The connection to insecure.arthuredelstein.net is not secure
    • ensure that Continue to site loads http://insecure.arthuredelstein.net without any issues
    • ensured that http://insecure.arthuredelstein.net loads without any issues after several restarts once Continue is selected
    • ensured that you Turn on warnings works as expected via the Not Secure drop down
  • ensure that http://http.badssl.com displays The connection to http.badssl.com is not secure
    • ensure that Continue to site loads http://http.badssl.com without any issues
    • ensured that http://http.badssl.com loads without any issues after several restarts once Continue is selected
    • ensured that you Turn on warnings works as expected via the Not Secure drop down
  • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net (should be upgraded)

Example	Example	Example	Example	Example	Example

Example	Example	Example	Example	Example	Example

Example	Example

BraveHttpsByDefaultRolloutStudy:Enabled - Don't upgrade connections to HTTPS (disabled) selected via Settings

• using the STR/Cases mentioned via BraveHttpsByDefaultRolloutStudy:Enabled, ensure that you're part of BraveHttpsByDefaultRolloutStudy:Enabled via brave://version
• went into Settings -> Brave Shields & privacyand selectedDon't upgrade connections to HTTPS (disabled)`
• visit http://insecure.arthuredelstein.net, http://http.badssl.com and http://upgradable.arthuredelstein.net and ensure that Don't upgrade connections to HTTPS (disabled) is selected via the shields panel
  • ensure that http://insecure.arthuredelstein.net loads without any issues
  • ensure that http://http.badssl.com loads without any issues
  • ensured that http://upgradable.arthuredelstein.net doesn't upgrade to HTTPS (make sure website loads without issues)
    • basically ensuring that https://upgradable.arthuredelstein.net doesn't load

Example	Example	Example	Example	Example

BraveHttpsByDefaultRolloutStudy:Enabled - Disable Upgrade connections to HTTPS before join Griffin study

• visit http://insecure.arthuredelstein.net, http://http.badssl.com and http://upgradable.arthuredelstein.net and ensure that Upgrade connections to HTTPS has been disabled
• using the STR/Cases mentioned via BraveHttpsByDefaultRolloutStudy:Enabled, ensure that you're part of BraveHttpsByDefaultRolloutStudy:Enabled via brave://version
• visit http://insecure.arthuredelstein.net, http://http.badssl.com and http://upgradable.arthuredelstein.net and ensure that Upgrade to HTTPS whenever possible (default) has been selected for the above websites

Example	Example	Example	Example	Example	Example

Prevent permissive HTTPS Upgrade settings from leaking from Normal to Private windows

Basically used the STR/Cases outlined via brave/brave-core#17421 (comment) and went through the following:

Test Case #1 - Upgrade to HTTPS whenever possible (default)

• launched/restarted 1.52.2 Chromium: 112.0.5615.39 so BraveHttpsByDefaultRolloutStudy:Enabled
• visited http://upgradable.arthuredelstein.net in a Normal window and ensured that Upgrade to HTTPS whenever possible (default)
  • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net
• opened a Private window and visited http://upgradable.arthuredelstein.net and ensured Upgrade to HTTPS whenever possible (default)
  • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net

Test Case #2 - Require all connections to use HTTPS (strict)

• launched/restarted 1.52.2 Chromium: 112.0.5615.39 so BraveHttpsByDefaultRolloutStudy:Enabled
• visited http://upgradable.arthuredelstein.net and switched HTTPS upgrades to Require all connections to use HTTPS (strict)
  • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net
• opened a Private window and visited http://upgradable.arthuredelstein.net and ensured Require all connections to use HTTPS (strict)
  • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net

Test Case #3 - Don't upgrade connections to HTTPS (disabled)

• launched/restarted 1.52.2 Chromium: 112.0.5615.39 so BraveHttpsByDefaultRolloutStudy:Enabled
• visited http://upgradable.arthuredelstein.net switched HTTPS upgrades to Don't upgrade connections to HTTPS (disabled)
• reloaded http://upgradable.arthuredelstein.net and ensured that the website was not being upgraded to HTTPS
• opened a Private window and visited http://upgradable.arthuredelstein.net and ensured Upgrade to HTTPS whenever possible (default)
  • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net

Ensure that Don't upgrade connections to HTTPS (disabled) is NOT being used

Test Case #4 - Don't upgrade HTTPS connections (Private Window Only)

• launched/restarted 1.52.2 Chromium: 112.0.5615.39 so BraveHttpsByDefaultRolloutStudy:Enabled
• opened a Private window and visited http://upgradable.arthuredelstein.net and ensured Upgrade to HTTPS whenever possible (default)
  • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net
• change the HTTPS upgrade setting to Don't upgrade connections to HTTPS (disabled) and load http://upgradable.arthuredelstein.net

Ensure that http://upgradable.arthuredelstein.net is not upgrade. With this case, we're basically ensuring that you can still use Don't upgrade HTTPS connections if changed within the Private window.

BraveHttpsByDefaultRolloutStudy NOT being used (BETA)

Verification PASSED on Pixel 6 running Android 13 using the following build(s):

Brave | 1.51.71 Chromium: 112.0.5615.39 (Official Build) beta (32-bit)
--- | ---
Revision | a0e7b9718a92bcd1cf33b7c95316caff3fc20714-refs/branch-heads/5615@{#753}
OS | Android 13; Build/TQ2A.230305.008.E1

• launched 1.50.62 Chromium: 111.0.5563.33 and ensure that BraveHttpsByDefaultRolloutStudy is not visible
• restarted the browser and ensured that BraveHttpsByDefaultRolloutStudy is not visible via brave://version
• ensured that Upgrade connections to HTTPS is still being used via the shields panel
• ensured that the new HTTPS settings are not being displayed via Settings -> Brave Shields & privacy

Example	Example	Example

BraveHttpsByDefaultRolloutStudy NOT being used (Release)

Verification PASSED on Pixel 6 running Android 13 using the following build(s):

Brave | 1.49.132 Chromium: 111.0.5563.147 (Official Build) (32-bit)
--- | ---
Revision | 029fd65a4dd711d1078468ed2206999cec86066b-refs/branch-heads/5563@{#1239}
OS | Android 13; Build/TQ2A.230305.008.E1

• launched 1.49.132 Chromium: 111.0.5563.147 and ensure that BraveHttpsByDefaultRolloutStudy is not visible
• restarted the browser and ensured that BraveHttpsByDefaultRolloutStudy is not visible via brave://version
• ensured that Upgrade connections to HTTPS is still being used via the shields panel
• ensured that the new HTTPS settings are not being displayed via Settings -> Brave Shields & privacy

Example	Example	Example