Saturday 29 October 2011

Dolphin Browser clean after a bath and a shower


Dolphin HD is the most feature rich(tabs, gesture commands, bookmarks sidebar, and much more) web browser in the seas of Android , but the marine mammal was smelling like rotten fish lately.

Flipper was still unclean after a bath, but a post-tub shower washed away the dirt.

What gives? Three days ago Fnorder found out that Dolphin HD was sending all your surfing history, including searches and URLs with private information, back home to en.mywebzines.com, a server owned by Dolphin. He shared the info with the world through the xda forum, and then the waves got rough.

The reason? Since version 6 Dolphin ships with a "webzine" feature that lets you display sites in a kind of Google Reader style. To ease toggling between normal and webzine view Dolphin compares the page loaded on your phone with a list of webzine-enabled sites. It does so by sending the URL to its own server to look for a match.

Doesn't sound like a big deal, except that 1) Dolphin never told us about it until we found out ourselves, 2) some URLs can contain sensitive data, especially if they point to a private network or if they're of the http://site.com/?private.stuff type, and 3) the data is sent unencrypted, even for https sites (which opens the doors to hijacking and mutiny).

And then Dolphin released version 7.0.1 of their app and told us that the URL snooping was gone.

But...

Hi Android Underground. It has come to our attention that the hot fix update we pushed out last night on Android Market (7.0.1) did not fix the issue, thank you for noting this!

It has now been resolved and is live on the Android Market as Dolphin Browser HD v7.0.2. Again, user privacy is a huge priority for us and we thank you for your patience while this has been resolved.
Alex Molloy on the Dolphin blog

First things first. The first one to notice (and share) that the first update still fished for your URLs is xda member Keiji, and Fnorder was the first to confirm that v7.0.1 remained fishy. So Alex Molloys words of thanks belong to them.

The good news is that the latest update to version 7.0.2 really fixes the issue. Dolphin screwed up in their first attempt, but v7.0.2 is clean and shiny and doesn't send your browsing data home.

So if you haven't already done so, head for for the fish market and update your copy of Dolphin HD to keep your surfing safe.

Dolphin, take note: Wireshark is watching you, no matter how deep you dive.

Dolphin Browser HD
Dolphin caught in the nets of xda


tweet this reddit digg this StumbleUpon digg this digg this

Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)