Dolphin Browser

Several days ago we (and likely many others) were contacted about a potentially serious security issue with Dolphin Browser.  Apparently, quite a bit of information about your browsing session, including URL data for secure websites and search strings, was being forwarded to a remote server -- http://en.mywebzines.com.  We tore things apart and verified it, sure enough, it was happening and we were concerned.  Today the folks at Dolphin Browser have responded:

With roughly 300 Webzines supported at the moment, it was necessary for the client to check the current user URL against a database housing these 300 Webzine columns...None of these URLs have ever been stored by Dolphin, instead being used to cross-index if a Webzine for the current site exists. If it does, the current site is immediately converted to Webzine format; if not, it remains the standard mobile site. Again, none of this process is stored on the backend of our servers and we are deeply sorry that this was not made clear to our users from the beginning.

While the security nerd inside of us still cringes a bit at this, it's a perfectly reasonable explanation.  It's also the best way to handle the situation -- Webzine is pretty cool, and we don't want to have to maintain that database of 300 supported sites on our devices.  This should have been presented to the user before using the Webzine feature, but Dolphin Browser isn't evil.  We're glad they took the time to explain the whole mess, and now we can go back to using it.  Read the concerns, and Dolphin's entire response at the source links.

More: XDA-DevelopersDolphin Browser blog

Thanks, CB!

 
There are 12 comments

Asbjörn says:

While this is news, it really isn't. We should all know by now that any device we use that has an operating system will mine our information.

crxssi says:

*WRONG* A truly free and open OS, like typical Linux distros, do nothing of the sort. Such spyware is usually reserved for closed OS's and/or closed applications.

TBolt says:

I'm glad AC has the same stance as I do - it's NOT an evil plot to steal your identity or whatnot. A certain other blog (Android Police) is making too big a deal about this, imho.

I think the Webzine feature is great, btw. Simple, quick reader right in the browser. Works great for me.

ScottColbert says:

I agree with you. There is a tendency for severe knee jerk reactions when it comes to security. In the end it all becomes a case of chicken little, much ado about nothing until the sky really does fall down.

Even though I don't use Doplhin, Opera works best and suits my needs the most, at no time did I ever think they would do anything malicious. I've seen numerous articles on other sites that accuse honest devs of something malicious, doing them great harm, and only afterwards when the dev contacts the site do they issue a response. A responsible writer with at least an ounce of integrity would at least attempt to contact a dev to get their response before going off half cocked. Still every page hit counts I suppose.

I love Dolphin web browser, it's the best hands down web browser on the market. It's fast, clean, intuitive, and has best support. I have tried many web browsers out there, including paid ones

kurioskurion says:

I also am a big Dolpin fan. This seems like a perfectly plausible explaination. Keep up the good work Dolphin!

hmmm says:

So what exactly is webzine? I use dolphin and see that webzine thing come up in the address bar but it still looks like I am viewing the webpage I meant to go to. I think it shows up most when I click a link to read the full story in the news and weather app.

Skunkeye says:

You actually have to click the "Webzine" button when it pops up, then it will reformat the page more like a news reader application.

wotan says:

It would make the broweser faster and be VERY low overhead to just store these 300 sites in a local database that auto-updates itself periodically.

Skunkeye says:

I agree. How big could a list of 300 URLs be? If you can't afford 50 KBytes of space to store it, you probably don't have the space to install Dolphin in the first place. It would also save a lot of data being transmitted back and forth.

Until it turns into 300,000 and updates itself hundreds of times daily.  Thinking too small is the wrong way to go here.  Allow users to opt-out and all is well.

Roly21 says:

I like Dolphin Browser and used to use it all the time on my Sony Ericsson X8 as it beats the Stock Donut Browser, the Stock Eclair Browser, the Stock Froyo Browser & the Stock Gingerbread Browser hands down, but since I got an HTC Wildfire S I use the stock HTC Browser as it suits my needs, but I still love the Google Chrome look that Dolphin has, but that's not enough to convert me from the Stock HTC Browser though.

Roland