Dolphin Browser HD 7.0.0 sends browsing info home via plain text

Dolphin HD Browser, a popular tabbed alternative to the HTC EVO 3D and 4G stock browers, has evidently been spying on you for a few days.

Every page you visit has been sent back to en.mywebzines.com in plain text. Dolphin claims this is an issue with the Webzines addition to the browser, checking to see if the current webpage can be viewed in Webzine format and is not malicious intent.

What does this mean to you other than that some company has potentially been collecting your information? Well, if you were in a coffee shop, or any place with public WiFi, and someone was sniffing packets, they could see exactly where you were browsing. It would not matter if you were on a secure HTTPS site or not; any URL visited within would be exposed via plain text over the network.

Any program with access to change the hosts file on your device could easily redirect en.mywebzines.com to blackmail.gonnahackyou.com, or anyone with control of the network you're on could easily redirect all that info to their own personal "this is what that sick bastard looks at on a regular basis."

This does not transmit page data, passwords, or the like. However, keep in mind that sometimes useful data is appended in the URL such as "http://www.google.com/search?q=some+sick+stuff," which you might not want to broadcast to everyone around you or let work know that you're looking at a job site on their WiFi on your phone.

It's probably not something to freak out over, but it's an exploitable security risk and it's a major violation of trust. A new release has been issued and is available from the Market that updates your browser to 7.0.1 and stops the plain text transmissions, so if you've not updated to the latest and greatest, you probably ought to get on it.

According to Dolphin, on a scale of 1-10 this is a 0, but considering it's sending data without your consent out there for viewing by others, I'd put it more around a 4 myself.

Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!