[iOS, Android] Dolphin browser found to have major privacy flaw, demonstrates why you should stick to stock browser

Dolphin – available as Dolphin Browser HD and Dolphin Browser Mini on Android and Dolphin Browser on iOS – is an extremely popular third party browser much loved by many users. The developer of Dolphin, however, decided to abuse that love by introducing a major breach of privacy with their Webzine feature.

Webzine is an attempt by MoboTap – the developer of Dolphin browsers – to make web browsing on mobile devices more pleasant. What happens is MoboTap teams up with websites to configure them to be Webzine compatible. (Actually I am not sure if MotoTap teams up with websites or if websites do it themselves; the point is websites are made to be Webzine compatible, one way or another.) Then when a user visits a Webzine compatible website in Dolphin, the mobile-friendly Webzine version is shown. That doesn’t sound too bad does it? The privacy issue is not with Webzine itself but rather how Dolphin identifies Webzine compatible websites.

Reports – thanks to the ever-vigilant people at XDA-Developers – have emerged that on Dolphin Browser HD [Android] and Dolphin Browser [iOS] every website users visit is being sent – in plain text – to Webzine’s server to check to see if the website is Webzine compatible. (If the website is, the Webzine version is shown; if it isn’t, the normal version is shown.) In other words, any URL you visit – may that be HTTP or HTTPS – is being sent to MoboTap’s server to be checked for Webzine compatibility. (These reports are mainly around Dolphin Browser HD [Android] but there has been some confirmation that Dolphin Browser [iOS] also behaves like this; Dolphin Browser Mini [Android] seems to be unaffected,)

Now, in their defense, MoboTap has come out and clarified Webzine does not store any user data; URLs are transmitted to Webzine server only to make a check for Webzine compatible websites, nothing more nothing less. However, even if what MoboTap says is true, stealthily introducing such functionality is a major breach of user trust and a huge privacy issue. Many people have mentioned there are better ways to check for Webzine compatible websites (such as storing hashes locally of compatible URL and doing local checks instead of sending URLs to Webzine’s server); but even if MoboTap wants to continue this method of checking of Webzine compatibility, they need to be crystal clear on what is happening and they need to give users a way to opt out. Call me paranoid, but incidents like these are the exact reason why I stick to the stock browser on my mobile device, with Opera as my backup (because I trust Opera).

For what it is worth, MoboTap has quickly updated Dolphin Browser HD on Android to temporarily disable Webzine until they add an opt-out feature. (v7.0.2 is the version with Webzine disabled — update if you use Dolphin Browser HD but don’t have v7.0.2.) Since there wasn’t as much noise about Dolphin Browser on iOS behaving like this, it appears Dolphin Browser on iOS has not yet been updated to disable this behavior. (Someone correct me if I am wrong.) However, if I were a Dolphin user – which I am not and now never will be – my confidence in MoboTap would now be eroded thanks to this incident. What’s to keep them from doing something similar – or worse – in the future?

[via ArsTechnica]

Related Posts


Leave a Reply

Your email address will not be published. Required fields are marked *


  1. lol768

    @Ashraf Thanks for the info on the approval process. I’m looking into the Amazon app store but I’m unsure as to whether it is available in the UK (I know a number of services such as the video on demand is not available in the UK). Do you know if its US only or global?

  2. Jyo

    @Ashraf: To tell you the truth, Dolphin HD has been getting a little too bloated lately (ever since they introduced webzine and changed their new icons – oh how I wish I had their old versions backed up), so I’ve already been contemplating switching to another default. Dolphin HD is gone, but their mini version will be my temporary default for now. I am really disappointed, because Dolphin HD has the prettiest most intuitive interface of all mobile browsers I have tried.

  3. Ashraf
    Author/Mr. Boss

    @hardy: That is a limitation in the script I am using. I will look to see if I can modify it but I am not much of a coder.

    As an alternative, you can unsubscribe to the one-email-per-article subscription you can have subscribe to Feedburner’s dotTech subscription — that sends only one email per day which lists all articles posted in those past 24-hours. See http://dottech.org/e-mail-notifications to learn more.

  4. hardy


    i agree wth you,

    I don’t even have IOS and ANDROID checked in preferences as stuff I want to be informed about, and if this is classified under Security then surely dotTech can crossreference it as IOS?Security or Android?Security that I don’t need or want to be informed about.

    I’m not a big phone fan and I use a Blackberry 8530 Curve. It works fine for this old pensioner and I have no intention of forking out another $400– to a $1000– for the new generation phones.

    I havn’t even got a full handle on the one I’ve got or even on the PC I signed up with dotTech to get to better grips with and more fully understand with Ashraf’s great easy to understand explanations!

    I’d just like more PC stuff from dotTech like in the years gone by, the good old days and dotTech’s Golden Enlightenment era for us crusty old ‘uns cos now Ifind i’m having to look elsewhere for stuff like Ashraf used to do.

    But that’s not great cos no-one else seems to put even the easiest stuff over in the easy read and understand way with a cracking sense of humour like the dotTeeh Guru!

    C’est la vie! but not as we used to know it Spock

  5. Ashraf
    Author/Mr. Boss

    @Jyo: Well since they technically disabled this behavior at this time, you can continue to use Dolphin Browser HD, if you wish. However, I am sure you are questioning your desire to continue using that browser… amirite?

    @lol768: You are welcome!

    Firstly, I believe this feature was added in an update to the app after the app was approved for Android Market. So this feature wasn’t there when the app was approved.

    Secondly, actually all apps are not checked before appearing on Android Market. Apple does that for Apple App Store but Google does not do that for Android Market. (Amazon does it for Amazon Appstore.) Google has a different, tell-all, community-sourced approach to security than Apple. While I personally do feel Apple’s approach is superior for app market security (see my rant on Google’s Android Market security), in this instance Google’s community-sourced approach wins: It is thanks to the Android devs that this behavior was revealed — Apple did not catch it in their App Store.

    @Philippe: I am not a Dolphin user, but I think Webzine is basically just watered down versions of webpages.

    Glad to hear you use Opera; I am an Opera fan myself. They make great mobile browsers. You should take note, however, if you use Opera Turbo all the websites you visit are rerouted to Opera’s servers so they can serve you cached versions for quicker page loads. However, the difference between Opera Turbo and Webzine is the fact that a) You can turn off Opera Turbo (you actually have to manually turn Opera Turbo on to use it, I believe) and b) Opera is very clear about how this feature works — nothing sneaky.

    @drWoo: No problem. Glad to be of help.

    @Seamus McSeamus: Dolphin actually originated on Android and was ported to iOS after it started gaining popularity. I believe the Android version has more features than the iOS version, which is why you may feel the iOS version is no better than other browsers.

    Thanks for the info on updates for the iOS version. Hopefully it has been patched but unless someone runs a packet sniffer and finds out for sure, we won’t know.

    @DrLongBear: I understand your concern. The thing is this is more of a personal blog than a blogging business; I like to blog about things that I find interesting, if you get what I mean. Currently I am more into the mobile scene than the Windows/PC scene, although I do post some PC articles every now and then.

    I understand not everyone wants to read all these mobile articles. From the sound of it it looks like you are an e-mail subscriber. You can unsubscribe to these mobile articles (and keep e-mail subscriptions for other types of articles) if you don’t to read these mobile articles. See http://dottech.org/announcements/22698/tired-of-getting-e-mails-about-android-apps-now-you-can-control-what-articles-you-are-e-mailed-about/ to learn more about this process. (The article I just linked is specifically for unsubscribing to Android articles but the same concept applies for other mobile articles.)

    Sorry to inconvenience you!

  6. DrLongBear

    It has been awhile since I saw anything related to a personal PC on here…almost all of the posts dropping into my inbox are concerning Android or other mobile media…I am sure there is a need for info on all things mobile…just wish more of the info coming out of here not be so categorically challenged.

  7. Seamus McSeamus

    Thanks for the heads up, Ashraf. Until a couple weeks ago the only browsers on my iPad were Safari and Opera, although I had tried iLunascape previously, but I saw some good reviews of Dolphin and decided to give it a try. The interface is nice, but functionally it’s no better than anything else. I was going to remove it after reading your column, but for curiosity’s sake decided to check for an update first. There is one, but the only info available is “bug fixes”. As far as I can determine, there is no opt-out functionality included. Anyway, goodbye Dolphin Browser, I hardly knew ye.

  8. Philippe

    Just a stupid question, if it is one…
    What is a webzine? And what the difference between webzine and normal page?
    Anyway I just installed Dolphin on my Android, and now I’m going to take it down and stick with opera.