Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,770,879 Members 43,397 Now Online
XDA Developers Android and Mobile Development Forum

[PRIVACY] WARNING: Dolphin's collection of your browsing history

Tip us?
 
Fnorder
Old
(Last edited by Fnorder; 29th October 2011 at 01:03 AM.)
#1  
Senior Member - OP
Thanks Meter 318
Posts: 153
Join Date: Nov 2008
Location: Lake Vostok
Thumbs down [PRIVACY] WARNING: Dolphin's collection of your browsing history

If it weren't for things like this, I'd still be a fan of Dolphin Browser.

Ever since the 'webzine' 'feature' came out (in version 6), this app forwards the URL of:
Every link you click.
Every search you enter.
Every page you load.

To: http://en.mywebzines.com/v3/columns?...)&t=(TIMESTAMP)

This includes:
SSL URLs.
QUERY_STRINGS.
IP addresses on private networks and file:// urls.

In addition, when I mentioned this on http://blog.dolphin-browser.com, the comment awaited moderation for two days before being deleted. I've yet to receive an email.

Proof:
Code:
[root@phone]~# ngrep -P '!' -lq -R -W single -M '(^GET|^POST|^Host:|^[^ ]ookie:)' "tcp port 80"
interface: eth0 (10.23.1.0/255.255.255.0)
filter: (ip or ip6) and ( tcp port 80 )
match: (^GET|^POST|^Host:|^[^ ]ookie:)


T 10.23.1.220:60126 -> 107.20.41.53:80 [AP] GET /v3/columns?u=http%3A%2F%2F10.23.1.254%2F&t=1319574537635 HTTP/1.1!!Authorization: cd7f573ec9e6e865a28aaab7a1793796!!Accept-Encoding: gzip!!Host: en.mywebzines.com!!Connection: Keep-Alive!!!!

(less spammy proof)
 [G] www.google.com:80/search?q=wut
 [G] en.mywebzines.com:80/v3/columns?u=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dwut&t=1319574984926
 [G] en.mywebzines.com:80/v3/columns?u=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dwhat%2Bis%2Bthis%2Bi%2Bdont%2Beven&t=1319575011872
 [G] en.mywebzines.com:80/v3/columns?u=file%3A%2F%2Fsdcard%2Fdata%2Fhome.html&t=1319575109160
Stick this in your /system/etc/hosts to make the Orwellian nightmare stop. This will break webzine 'functionality', and is only possible on rooted phones:
Code:
127.0.0.1 en.mywebzines.com mywebzines.com
Alternatively, here is how to remove this via APKTool:
Code:
* apktool d mobi.mgeek.TunnyBrowser-1.apk
* apply the this patch to smali/mobi/mgeek/TunnyBrowser/WebViewCallbackHandler.smali

#####
--- orig-7.0/smali/mobi/mgeek/TunnyBrowser/WebViewCallbackHandler.smali 2011-10-22 11:41:43.000000000 +0000
+++ mobi.mgeek.TunnyBrowser-7/smali/mobi/mgeek/TunnyBrowser/WebViewCallbackHandler.smali        2011-10-22 11:40:18.000000000 +0000
@@ -2189,7 +2189,7 @@
 
     .line 576
     :cond_2
-    invoke-direct {p0, p1, v0}, Lmobi/mgeek/TunnyBrowser/WebViewCallbackHandler;->a(Lcom/dolphin/browser/core/IWebView;Ljava/lang/String;)V
+#    invoke-direct {p0, p1, v0}, Lmobi/mgeek/TunnyBrowser/WebViewCallbackHandler;->a(Lcom/dolphin/browser/core/IWebView;Ljava/lang/String;)V
 
     goto :goto_0
 .end method
#####
I would attach an .apk of dolphin cleansed of it's spyware AIDS, however I'm not sure if the mods would like that.

update:
Modified APKs posted http://forum.xda-developers.com/show...2&postcount=61
update: Fiasco appears on http://www.androidpolice.com/2011/10...in-plain-text/
update: Dolphin writes blog post claiming data is not retained, and that 'feature' is disabled. Latest market version. (7.0.1/id105) appears, still forwards urls
update: Version 7.0.2 (id 106) no longer forwards urls.
The Following 187 Users Say Thank You to Fnorder For This Useful Post: [ Click to Expand ]
 
Fnorder
Old
#2  
Senior Member - OP
Thanks Meter 318
Posts: 153
Join Date: Nov 2008
Location: Lake Vostok
While I have no proof dolphin == mywebzines, they conveniently share the same hosting and dns providers (both domains are registered via proxy)
Code:
[root@vm]~# for i in $(host -t a dolphin-browser.com|awk '{print $NF}');do host $i;done
89.249.19.50.in-addr.arpa domain name pointer ec2-50-19-249-89.compute-1.amazonaws.com.
[root@vm]~# for i in $(host -t a en.mywebzines.com|awk '{print $NF}');do host $i;done
77.123.17.50.in-addr.arpa domain name pointer ec2-50-17-123-77.compute-1.amazonaws.com.
185.179.17.50.in-addr.arpa domain name pointer ec2-50-17-179-185.compute-1.amazonaws.com.
58.30.19.50.in-addr.arpa domain name pointer ec2-50-19-30-58.compute-1.amazonaws.com.
167.175.19.50.in-addr.arpa domain name pointer ec2-50-19-175-167.compute-1.amazonaws.com.
93.246.101.75.in-addr.arpa domain name pointer ec2-75-101-246-93.compute-1.amazonaws.com.
53.41.20.107.in-addr.arpa domain name pointer ec2-107-20-41-53.compute-1.amazonaws.com.
205.64.72.184.in-addr.arpa domain name pointer ec2-184-72-64-205.compute-1.amazonaws.com.
119.178.72.184.in-addr.arpa domain name pointer ec2-184-72-178-119.compute-1.amazonaws.com.
156.2.73.184.in-addr.arpa domain name pointer ec2-184-73-2-156.compute-1.amazonaws.com.
33.95.17.50.in-addr.arpa domain name pointer ec2-50-17-95-33.compute-1.amazonaws.com.
[root@vm]~# host -t ns mywebzines.com;host -t ns dolphin-browser.com
mywebzines.com name server ns2.dnsv5.com.
mywebzines.com name server ns1.dnsv5.com.
dolphin-browser.com name server ns1.dnsv4.com.
dolphin-browser.com name server ns2.dnsv4.com.
[root@vm]~#
The Following 18 Users Say Thank You to Fnorder For This Useful Post: [ Click to Expand ]
 
lexluthor
Old
#3  
Senior Member
Thanks Meter 146
Posts: 1,564
Join Date: Feb 2007
Subscribed.

As a Dolphin user, I'm interested to see where this goes.

Maybe you can get the adfree android developer to add en.mywebzines.com to the next hosts file update and problem solved (for adfree users, at least).
 
Fnorder
Old
#4  
Senior Member - OP
Thanks Meter 318
Posts: 153
Join Date: Nov 2008
Location: Lake Vostok
Quote:
Originally Posted by lexluthor View Post
Subscribed.

As a Dolphin user, I'm interested to see where this goes.

Maybe you can get the adfree android developer to add en.mywebzines.com to the next hosts file update and problem solved (for adfree users, at least).
Does't adfree allow custom entries?

I still use dolphin 4 as it has the best UI on android...especially after the modifications I've made. Unfortunately since it's free of admob and mobosquare code I'd probably get in trouble for posting it
 
mills2533
Old
#5  
Member
Thanks Meter 8
Posts: 47
Join Date: Aug 2011
Nice work. I'll keep watching this thread.
The Following User Says Thank You to mills2533 For This Useful Post: [ Click to Expand ]
 
Rico ANDROID
Old
#6  
Rico ANDROID's Avatar
Senior Member
Thanks Meter 15
Posts: 338
Join Date: Mar 2011
Location: In my DELL Streak
Default Uninstallimg today

Quote:
Originally Posted by mills2533 View Post
Nice work. I'll keep watching this thread.
Makes you wonder why Google is still allowing Dolphin to stay in their catalog.... Uninstalling today!

Hmmmmph!

"...awe, its ok to drop it, the glass won't break..."

' Dontchooo Touch My Dell Streak!'
 
_Raziel666
Old
#7  
_Raziel666's Avatar
Senior Member
Thanks Meter 159
Posts: 448
Join Date: Jun 2011
If we add this address to the hosts file, won't the problem be solved?

Thanks for bringing this up anyways! :)
 
spanner44
Old
#8  
Member
Thanks Meter 7
Posts: 70
Join Date: Oct 2010
Good find, uninstalling now. Do you know if this applies to ant other browsers ?
 
Omnichron
Old
#9  
Omnichron's Avatar
Senior Member
Thanks Meter 117
Posts: 924
Join Date: Dec 2010
Location: East Highland, CA
I use Boat Browser, very clean.. none of the concerns and bloatware mentioned.
Douchebag Level: Maximum
 
surveysays
Old
#10  
surveysays's Avatar
Senior Member
Thanks Meter 86
Posts: 529
Join Date: Sep 2010
Location: houston
is there any word on miren browser?
Samsung Nexus S 4G // PHONE
SlimBean Build 3 [4.2.2] // ROM
Matr1x v25.0 // KERNEL
^ the setup

celebrate the 20th min of every hour ... hOUR 20

theworldseen

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes