# Fixes

- Create tunnel wizard
    <zzz> hmm would be nice if they could be shared-client or have an option
    <zzz> was setting up email tunnels
- Browser
    <zzzccc> Bug report: i2p browser treats 302 as an error
    <zzzccc> Bug 2: rotate screen in i2p browser seems to go back one page
- Console text change
    <zzz> "download" and "upload" at the bottom of the status is a little misleading..
    <zzz> maybe 'downstream bandwidth' or 'inbound usage' ?
- Fix visibility of advanced tunnel parameter changes
    <zzz> when I change an advanced tunnel param e.g. length or variance, the change isn't displayed, I have to go back and forward again to see the change

# New UI fixes

- Addressbook action items are in tunnel overflow menu after moving from console to tunnels
- Material design:
  - Style for addressbook headers
  - Change console FAM icon when possible
    <zzz> on the bottom right, the + and x icons might be better as a double-up arrow and double-down arrow?
  - Use Material design for LongPressButton
  - Highlight selected tunnel in two-pane mode

# Short-term

- Remove peers page (HTML version)
- Add firewall help page showing current port settings
- GMP 6
- Fetch all JARs from Maven Central (ie. upload everything that I2P Android uses)
- Disable uPnP when on cell networks
    <zzz> spewing UPnP out into cell networks is a waste of time at best and a security risk at worst, but you really want it for wifi
- Rewrite settings config handling
- Rewrite InitActivities
- I2PTunnel
  - Improve tunnel list status indicators
  - Icon overlay to indicate which tunnels are shared
    - Or reorder / group tunnels?
  - Show all messages somewhere
    - Bottom toolbar?
  - Icons/header images for tunnel types on details page
  - Setting to close when not on WiFi
- Progress feedback for addressbook subscriptions reload
- Display release notes directly on new router version
- Fill out help pages
- Fix navigation to specific settings pages
- Rewrite release notes to be release-specific
- Fix release notes UI, either make back button use clear or add buttons
- Notify user when autostart fails?
- NetDB tablet view fixes
  - Refresh detail fragment when changing tab
  - Move list to correct item when changing tab
  - Create nav history when viewing RI from LS
- Handle NetDB null cases (failed lookup of requested hash in detail page)
- Include GeoIP db for country info
- Maybe change router-off mechanic for various pages? Enable as they become available?

# Medium-term

- SQLite naming service backend to store addresses more effectively
  - Leverage for name completion in e.g. browsers
- Create/edit tunnels while router is not running
- Separate out shared tunnel config
  - Convey to users that one config controls all shared tunnels
- Network profiles
  - User selects profile in settings
  - Change network participation etc. based on profile
  - Also look at connection type: Connectivity.isConnectionFast()
- Expose log level overrides
- Bug report feature
- Replace peers page (native version)
- Improve graphs
  - Show fixed x range, not only available data
  - Think about pan/zoom
  - How to persist data across restarts?
- Enable apps to specify when they don't need the router anymore

# Silent Store approval checks to confirm/implement

- Known Vulnerabilities
  - Apps will be tested to ensure that they are not susceptible to known
    publicly disclosed vulnerabilities. For example:
    - Heartbleed
    - Poodle
    - MasterKey
    - Common Path Traversal attacks
    - Common SQL Injection attacks
- Network Security Protocols
  - All Apps that require transmission of data from the App to a system that
    does not exist on the device must use, at a minimum, TLS1.1 standards.
    However, Blackphone would prefer the usage of TLS1.2.
  - Apps must not use algorithms for cryptographic purposes that are considered
    obsolete or outdated i.e. MD5, SHA1, RC4, DES, or any encryption algorithm
    that is weaker than AES128.
- Transport Layer Protection
  - All network communication should be encrypted
  - Not vulnerable to SSl Strip
- Data Leakage
  - No storage of sensitive data outside of application sandbox
  - Files should not be created with MODE_WORLD_READABLE or MODE_WORLD_WRITABLE
  - Copy & Paste will be evaluated on a case by case basis
  - App logs should not contain sensitive information
- Authentication and Authorization
  - Validate that authentication credentials are not stored on the device
  - Must use an approved password-based key derivation function ie. PBKDF2, scrypt
- Data-at-rest Encryption
  - Must use at a minimum AES128 with modes CCM or GCM
  - Should not store the encryption key on the file system
- Permission Checks
  - The App must function with all permissions disabled
  - Apps must not hard crash if a permission is disabled
  - Apps should ask users to enable permissions that are disabled if needed to
    function properly and explain why the permission is necessary
- Privacy Policy
  - Apps must have a privacy policy that details how customer data is used,
    stored, shared, etc...
  - Apps must be configured with the customer opted out by default
  - App logs should not contain PII
- Error Handling
  - Apps should follow best-practices for error handling and logging

# Long-term

- Reproducible builds
- Extract RouterService into a library
- Remote router support
  - Implement a "router wrapper" that can represent a local or remote router
  - Implement/use client APIs to talk to remote router
    - I2CP
    - I2PControl