The Dolphin HD browser for Android has been a favorite 3rd Party browser with the Android community for its excellent features, but in recent updates its been found to have a major privacy flaw.
Discussions in the XDA forums and a report published on the Android Police blog yesterday revealed that every URL loaded in Dolphin HD is relayed as plain text to a remote server. The article includes screenshots from a packet sniffer that clearly demonstrate the issue.
In response the company behind the browser issued a statement. Recent versions of Dolphin introduced a feature called Webzine that offers a specialized presentation of websites. When a user visits a website, the URL is relayed to Dolphin’s servers which determine whether the Webzine view is supported for the specified destination. They issued an update that has disabled the feature.
They said they plan to re-enable the feature in the future and it will be opt-in only. This seems galling that they would not even use any kind of encryption on the data that’s sent back. The fast response and updates are somewhat reassuring, since this company could have handled this much worse than they did.