Dolphin Browser was and maybe IS logging the your browsing data, ever since the ‘webzine‘ feature came out (in version 6), this app forwards the URL of:
Every link you click.
Every search you enter.
Every page you load.
Dolphin HD, one of the hot browsers on the Android platform has been caught in the act of sending almost every web page url you visit, including those that start with https, to a remote serverÂ [highlight color=”blue”] en.mywebzines.com [/highlight], which belongs to the company. WebZines featureÂ was introduced recently back in around June with version 6.0, so it’s safe to say this tracking started around the same time.
Folks over atÂ Xda-developersÂ (Fnorder) and AndroidPoliceÂ caught its act on a packet sniffer and intercepted every packet sent and most certainly they wereÂ instantly sent to en.mywebzines.com, in plain-text!!!
Here is the proof
[root@phone]~# ngrep -P '!' -lq -R -W single -M '(^GET|^POST|^Host:|^[^ ]ookie:)' "tcp port 80" interface: eth0 (10.23.1.0/255.255.255.0) filter: (ip or ip6) and ( tcp port 80 ) match: (^GET|^POST|^Host:|^[^ ]ookie:) T 10.23.1.220:60126 -> 22.214.171.124:80 [AP] GET /v3/columns?u=http%3A%2F%2F 10.23.1.254%2F&t=1319574537635 HTTP/1.1!!Authorization: cd7f573ec9e6e865a28aaab7a1793796!! Accept-Encoding: gzip!! Host: en.mywebzines.com!!Connection: Keep-Alive!!!! (less spammy proof) [G] www.google.com:80/search?q=wut [G] en.mywebzines.com:80/v3/columns?u=http%3A%2F%2Fwww.google.com %2Fsearch%3Fq%3Dwut&t=1319574984926 [G] en.mywebzines.com:80/v3/columns?u=https%3A%2F%2F www.google.com%2Fsearch%3Fq%3Dwhat %2Bis%2Bthis%2Bi%2Bdont%2Beven&t=1319575011872 [G] en.mywebzines.com:80/v3/columns?u=file %3A%2F%2Fsdcard%2Fdata%2Fhome.html&t=1319575109160
The above was on a private network, but it does the same on the public network (Internet) too. Every single time.
This is what Android Police have to say
- Dolphin’s servers collect information on websites visited by anyone using the Dolphin HD browser (tested on latest v7.0), including your searches and query parameters.
- These requests are sent over in plain-text, which exposes these urls to clients on the same network. While this is not a huge problem with http urls, as those are already sent out in plain-text, it does include https urls, which would otherwise be concealed by SSL (seeÂ thisÂ for more info on how SSL encrypts server and path information).
- It’s worth noting that Dolphin Browser has Chinese roots (just how deep they are is unclear, but the url mgeek.mobi which was used to communicate with us when Dolphin was launched is registered in China), though both dolphin-browser.com and mywebzines.com are now hosted onÂ AmazonÂ AWS in the U.S. on the same IP range. I have nothing against China or the company itself, but do we really have to have our private information broadcast to a foreign company (unless you’re from China, of course – then you’ll feel right at home)?
However, yesterday Dolphin Team posted and update about this issue on their blogÂ and said as I quote, “It is not critical and we have temporary removed this functionality in our latest update yesterday.”
Dolphin Team on their blog also say that, for now it has been deactivated but will be an Opt-In feature in the future, if that was they case, why weren’t the user not made aware of the “feature“? a nifty cover up then.
[notification type=”alert”] NOTE: Dolphin Browser 7.0.1 also doesn’t fix the Issue, Dolphin Browser 7.0.2 does. [/notification]
Just incase you want to block webzine.com anyway or to be sure that Dolphin browser is not invading your privacy, here is a fix
If you are rooted, you can block en.mywebzines.com permanently on your device by adding the following entry into /etc/hosts:
To simplify this process, you can useÂ Hosts EditorÂ from the Android Market.
After this you may need to reboot to flush the DNS cache. You can test whether the fix worked or not by going toÂ http://en.mywebzines.comÂ in any browser and seeing if it loads an empty page with title Webzine (fix didn’t work) or doesn’t connect (fix worked).
Fixed or not this is a serious concern and may harm Dolphin BrowsersÂ reputationÂ as it is, one of the most used Android Browser and ranks in the Top 3 Android Browser along with Firefox
The DNetWorks Team