Major privacy flaw found in 3rd party Android browser

The Dolphin HD browser for Android has been a favorite 3rd Party browser with the Android community for its excellent features, but in recent updates its been found to have a major privacy flaw.

Discussions in the XDA forums and a report published on the Android Police blog yesterday revealed that every URL loaded in Dolphin HD is relayed as plain text to a remote server. The article includes screenshots from a packet sniffer that clearly demonstrate the issue.

In response the company behind the browser issued a statement. Recent versions of Dolphin introduced a feature called Webzine that offers a specialized presentation of websites. When a user visits a website, the URL is relayed to Dolphin’s servers which determine whether the Webzine view is supported for the specified destination. They issued an update that has disabled the feature.

They said they plan to re-enable the feature in the future and it will be opt-in only. This seems galling that they would not even use any kind of encryption on the data that’s sent back. The fast response and updates are somewhat reassuring, since this company could have handled this much worse than they did.



One thought on “Major privacy flaw found in 3rd party Android browser

  1. It comes as no surprise to me that the devs of Dolphin HD would be so blatant about this privacy issue. They have no incentive to play nice, they are a new competitor in the mobile browser market, and have no known desktop offering to carry their brand name on. They are probably willing to do whatever it takes to stay successful as a company, including selling any data they can harvest. They will see no punishment for this, in fact the app was still available on the android marked in its leaky state even after this behavior was discovered.

Comments are closed.