Move native binary extraction to the Installer
Manually extracting the tor binary to the writable data directory could be dangerous. We should investigate the option to bundle the binary in a way that it gets extracted by the installer to a read-only directory as described here: https://twitter.com/CopperheadOS/status/917924329857474560
This might be done by disguising the binary as library file and moving it to jniLibs//tor.so
This would also allow us to use
targetSandboxVersion="2"for improved security.