Several days ago we (and likely many others) were contacted about a potentially serious security issue with Dolphin Browser. Apparently, quite a bit of information about your browsing session, including URL data for secure websites and search strings, was being forwarded to a remote server -- http://en.mywebzines.com. We tore things apart and verified it, sure enough, it was happening and we were concerned. Today the folks at Dolphin Browser have responded:
With roughly 300 Webzines supported at the moment, it was necessary for the client to check the current user URL against a database housing these 300 Webzine columns...None of these URLs have ever been stored by Dolphin, instead being used to cross-index if a Webzine for the current site exists. If it does, the current site is immediately converted to Webzine format; if not, it remains the standard mobile site. Again, none of this process is stored on the backend of our servers and we are deeply sorry that this was not made clear to our users from the beginning.
While the security nerd inside of us still cringes a bit at this, it's a perfectly reasonable explanation. It's also the best way to handle the situation -- Webzine is pretty cool, and we don't want to have to maintain that database of 300 supported sites on our devices. This should have been presented to the user before using the Webzine feature, but Dolphin Browser isn't evil. We're glad they took the time to explain the whole mess, and now we can go back to using it. Read the concerns, and Dolphin's entire response at the source links.
- Filed under: