Friday, 28 October 2011

Dolphin Browser washed, still dirty


Update: Dolphin clean after bath and shower

Androids most popular browser Dolphin HD got caught in the nets of those who fish in the deep waters of their phones. The update to version 7.0.0 added a Cloud To Device Messaging background service that kept swimming, even for those who have no use for it.

Todays update to version 7.0.1 fixes that. The C2DM service stays underwater if you don't sign up for Dolphins bookmark sync service.

But Dolphin has more dirt under its tail fin. It's fishing for your data! Dolphin HD 7.0.0 sends all visited URLs back home to Dolphin without asking for permission or even telling that it did so and why it did so. It's been doing so since version 6, when the webzine feature was added to the browser.

Dolphin responded on their site:
"Webzine simply performs an ancillary check if we can view current webpage in Webzine format . It is not critical and we have temporary removed this functionality in our latest update yesterday.

[...]

While it has been immediately disabled, we do think that the “Toggle Webzine” feature is a useful one for exploring the Web and will be adding an “opt-in” feature in forthcoming releases to enable this function. The code and URL-checking process will be made very clear to users, and will only be enabled if a user wishes.
Again, our update last night have temporary removed this functionality to avoid any confusion or concern you may have."
(source: Dolphin blog)

Sounds good, right? Wrong! When the folks at xda tested the update (version 7.0.1) it still shipped all your surfing habits to the mothership. Dolphin promised to play fair but lied about it! So if you told your Android hosts file to block all communication with en.mywebzine.com you better keep blocking it. If Dolphin doesn't swim back to clear waters it may be time to fish for another web browser.

Take home message: if you make a popular app anything your software does will be closely watched and made public. Apps that don't behave are fed to the sharks.

If you want to keep using Dolphin without sharing your browsing history, add these lines to your Android hosts file:

127.0.0.1 en.mywebzines.com
127.0.0.1 pnsen.dolphin-browser.com

The first line stops the URL phone home behaviour, the second line blocks the annoying "rate me on the market" popups.

You can add the entries to your hosts file (usually in /system/etc/hosts) with a text editor, but it's a lot easier to enter them in the blacklist of AdAway. No matter which method you use, you'll need root access for it.

The pros and cons of Dolphin
Dolphin caught in the nets of xda
AdAway

Update: Dolphin clean after bath and shower


tweet this reddit digg this StumbleUpon digg this digg this

No comments:

Post a Comment