Manually extracting the tor binary to the writable data directory could be dangerous. We should investigate the option to bundle the binary in a way that it gets extracted by the installer to a read-only directory as described here: https://twitter.com/CopperheadOS/status/917924329857474560

This might be done by disguising the binary as library file and moving it to jniLibs//tor.so

This would also allow us to use targetSandboxVersion="2"for improved security.