FORUMS

OnePlus Addresses Reservation List Cheating

Jake Cooper figured out how to bump his place up on OnePlus’ reservation list and … more

OnePlus 2 Benchmark Scores Show Its Muscle

This video by FoneArena contains all the popular benchmarks being tested on the OnePlus 2, … more

Sony’s Emergence in The Middle: Is The Price Right?

Sony’s Electronics Division is not in its best days, and its smartphone … more

HTC Delivering Ads Straight to Sense Home

HTC’s 2015 has been a year marked by a desperate search for revenue.The HTC One M9 … more

[PRIVACY] WARNING: Dolphin's collection of your browsing history

153 posts
Thanks Meter: 318
 
By Fnorder, Senior Member on 25th October 2011, 10:00 PM
Post Reply Subscribe to Thread Email Thread
If it weren't for things like this, I'd still be a fan of Dolphin Browser.

Ever since the 'webzine' 'feature' came out (in version 6), this app forwards the URL of:
Every link you click.
Every search you enter.
Every page you load.

To: http://en.mywebzines.com/v3/columns?...)&t=(TIMESTAMP)

This includes:
SSL URLs.
QUERY_STRINGS.
IP addresses on private networks and file:// urls.

In addition, when I mentioned this on http://blog.dolphin-browser.com, the comment awaited moderation for two days before being deleted. I've yet to receive an email.

Proof:
Code:
[root@phone]~# ngrep -P '!' -lq -R -W single -M '(^GET|^POST|^Host:|^[^ ]ookie:)' "tcp port 80"
interface: eth0 (10.23.1.0/255.255.255.0)
filter: (ip or ip6) and ( tcp port 80 )
match: (^GET|^POST|^Host:|^[^ ]ookie:)


T 10.23.1.220:60126 -> 107.20.41.53:80 [AP] GET /v3/columns?u=http%3A%2F%2F10.23.1.254%2F&t=1319574537635 HTTP/1.1!!Authorization: cd7f573ec9e6e865a28aaab7a1793796!!Accept-Encoding: gzip!!Host: en.mywebzines.com!!Connection: Keep-Alive!!!!

(less spammy proof)
 [G] www.google.com:80/search?q=wut
 [G] en.mywebzines.com:80/v3/columns?u=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dwut&t=1319574984926
 [G] en.mywebzines.com:80/v3/columns?u=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dwhat%2Bis%2Bthis%2Bi%2Bdont%2Beven&t=1319575011872
 [G] en.mywebzines.com:80/v3/columns?u=file%3A%2F%2Fsdcard%2Fdata%2Fhome.html&t=1319575109160
Stick this in your /system/etc/hosts to make the Orwellian nightmare stop. This will break webzine 'functionality', and is only possible on rooted phones:
Code:
127.0.0.1 en.mywebzines.com mywebzines.com
Alternatively, here is how to remove this via APKTool:
Code:
* apktool d mobi.mgeek.TunnyBrowser-1.apk
* apply the this patch to smali/mobi/mgeek/TunnyBrowser/WebViewCallbackHandler.smali

#####
--- orig-7.0/smali/mobi/mgeek/TunnyBrowser/WebViewCallbackHandler.smali 2011-10-22 11:41:43.000000000 +0000
+++ mobi.mgeek.TunnyBrowser-7/smali/mobi/mgeek/TunnyBrowser/WebViewCallbackHandler.smali        2011-10-22 11:40:18.000000000 +0000
@@ -2189,7 +2189,7 @@
 
     .line 576
     :cond_2
-    invoke-direct {p0, p1, v0}, Lmobi/mgeek/TunnyBrowser/WebViewCallbackHandler;->a(Lcom/dolphin/browser/core/IWebView;Ljava/lang/String;)V
+#    invoke-direct {p0, p1, v0}, Lmobi/mgeek/TunnyBrowser/WebViewCallbackHandler;->a(Lcom/dolphin/browser/core/IWebView;Ljava/lang/String;)V
 
     goto :goto_0
 .end method
#####
I would attach an .apk of dolphin cleansed of it's spyware AIDS, however I'm not sure if the mods would like that.

update:
Modified APKs posted http://forum.xda-developers.com/show...2&postcount=61
update: Fiasco appears on http://www.androidpolice.com/2011/10...in-plain-text/
update: Dolphin writes blog post claiming data is not retained, and that 'feature' is disabled. Latest market version. (7.0.1/id105) appears, still forwards urls
update: Version 7.0.2 (id 106) no longer forwards urls.
Last edited by Fnorder; 29th October 2011 at 01:03 AM.
The Following 190 Users Say Thank You to Fnorder For This Useful Post: [ View ]
 
 
25th October 2011, 10:02 PM |#2  
OP Senior Member
Flag Lake Vostok
Thanks Meter: 318
 
More
While I have no proof dolphin == mywebzines, they conveniently share the same hosting and dns providers (both domains are registered via proxy)
Code:
[root@vm]~# for i in $(host -t a dolphin-browser.com|awk '{print $NF}');do host $i;done
89.249.19.50.in-addr.arpa domain name pointer ec2-50-19-249-89.compute-1.amazonaws.com.
[root@vm]~# for i in $(host -t a en.mywebzines.com|awk '{print $NF}');do host $i;done
77.123.17.50.in-addr.arpa domain name pointer ec2-50-17-123-77.compute-1.amazonaws.com.
185.179.17.50.in-addr.arpa domain name pointer ec2-50-17-179-185.compute-1.amazonaws.com.
58.30.19.50.in-addr.arpa domain name pointer ec2-50-19-30-58.compute-1.amazonaws.com.
167.175.19.50.in-addr.arpa domain name pointer ec2-50-19-175-167.compute-1.amazonaws.com.
93.246.101.75.in-addr.arpa domain name pointer ec2-75-101-246-93.compute-1.amazonaws.com.
53.41.20.107.in-addr.arpa domain name pointer ec2-107-20-41-53.compute-1.amazonaws.com.
205.64.72.184.in-addr.arpa domain name pointer ec2-184-72-64-205.compute-1.amazonaws.com.
119.178.72.184.in-addr.arpa domain name pointer ec2-184-72-178-119.compute-1.amazonaws.com.
156.2.73.184.in-addr.arpa domain name pointer ec2-184-73-2-156.compute-1.amazonaws.com.
33.95.17.50.in-addr.arpa domain name pointer ec2-50-17-95-33.compute-1.amazonaws.com.
[root@vm]~# host -t ns mywebzines.com;host -t ns dolphin-browser.com
mywebzines.com name server ns2.dnsv5.com.
mywebzines.com name server ns1.dnsv5.com.
dolphin-browser.com name server ns1.dnsv4.com.
dolphin-browser.com name server ns2.dnsv4.com.
[root@vm]~#
The Following 19 Users Say Thank You to Fnorder For This Useful Post: [ View ]
25th October 2011, 10:12 PM |#3  
Senior Member
Thanks Meter: 182
 
More
Subscribed.

As a Dolphin user, I'm interested to see where this goes.

Maybe you can get the adfree android developer to add en.mywebzines.com to the next hosts file update and problem solved (for adfree users, at least).
25th October 2011, 10:18 PM |#4  
OP Senior Member
Flag Lake Vostok
Thanks Meter: 318
 
More
Quote:
Originally Posted by lexluthor

Subscribed.

As a Dolphin user, I'm interested to see where this goes.

Maybe you can get the adfree android developer to add en.mywebzines.com to the next hosts file update and problem solved (for adfree users, at least).

Does't adfree allow custom entries?

I still use dolphin 4 as it has the best UI on android...especially after the modifications I've made. Unfortunately since it's free of admob and mobosquare code I'd probably get in trouble for posting it
25th October 2011, 10:51 PM |#5  
Member
Thanks Meter: 8
 
More
Nice work. I'll keep watching this thread.
The Following User Says Thank You to mills2533 For This Useful Post: [ View ]
25th October 2011, 11:25 PM |#6  
Rico ANDROID's Avatar
Senior Member
Flag In my DELL Streak
Thanks Meter: 15
 
More
Uninstallimg today
Quote:
Originally Posted by mills2533

Nice work. I'll keep watching this thread.

Makes you wonder why Google is still allowing Dolphin to stay in their catalog.... Uninstalling today!

Hmmmmph!

25th October 2011, 11:41 PM |#7  
_Raziel666's Avatar
Senior Member
Thanks Meter: 163
 
More
If we add this address to the hosts file, won't the problem be solved?

Thanks for bringing this up anyways! :)
26th October 2011, 12:51 AM |#8  
Member
Thanks Meter: 7
 
More
Good find, uninstalling now. Do you know if this applies to ant other browsers ?
26th October 2011, 01:01 AM |#9  
Omnichron's Avatar
Senior Member
Flag East Highland, CA
Thanks Meter: 119
 
More
I use Boat Browser, very clean.. none of the concerns and bloatware mentioned.
26th October 2011, 02:05 AM |#10  
surveysays's Avatar
Senior Member
houston
Thanks Meter: 86
 
More
is there any word on miren browser?
26th October 2011, 02:22 AM |#11  
Thee GOC's Avatar
Member
Flag Chicago
Thanks Meter: 7
 
More
Uninstalling now, and too bad, I like their setup. Guess I will be shopping around for another browser.

Plus interested in seeing where this will go.

Read More
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes