[PRIVACY] WARNING: Dolphin’s collection of your browsing history<\/p>\n
If it weren’t for things like this, I’d still be a fan of Dolphin Browser.<\/p>\n
Ever since the ‘webzine’ ‘feature’ came out (in version 6), this app forwards the URL of:<\/p>\n
To: http:\/\/en.mywebzines.com\/v3\/columns?u=(URLencodedURL)&t=(TIMESTAMP<\/p>\n
This includes:<\/p>\n
In addition, when I mentioned this on http:\/\/blog.dolphin-browser.com, the comment awaited moderation for two days before being deleted. I’ve yet to receive an email.<\/p>\n
Proof as following:<\/p>\n
Code: T 10.23.1.220:60126 -> 107.20.41.53:80 [AP] GET \/v3\/columns?u=http%3A%2F%2F10.23.1.254%2F&t=1319574537635 HTTP\/1.1!!Authorization: cd7f573ec9e6e865a28aaab7a1793796!!Accept-Encoding: gzip!!Host: en.mywebzines.com!!Connection: Keep-Alive!!!!<\/p>\n (less spammy proof) Stick this in your \/system\/etc\/hosts to make the Orwellian nightmare stop. This will break webzine ‘functionality’, and is only possible on rooted phones: 127.0.0.1 en.mywebzines.com mywebzines.com<\/p>\n Alternatively, here is how to remove this via APKTool: ##### .line 576 goto :goto_0 I would attach an .apk of dolphin cleansed of it’s spyware AIDS, however I’m not sure if the mods would like that.<\/p>\n update: update: Fiasco appears on http:\/\/www.androidpolice.com\/2011\/10\/27\/privacy-advisory-dolphin-hd-sends-url-of-every-page-you-visit-to-a-remote-server-in-plain-text\/<\/p>\n update: Dolphin writes blog post claiming data is not retained, and that ‘feature’ is disabled. Latest market version. (7.0.1\/id105) appears, still forwards urls<\/p>\n update: Version 7.0.2 (id 106) no longer forwards urls.<\/p>\n Last edited by Fnorder; 29th October 2011 at 02:03 AM.
\n[root@phone]~# ngrep -P '!' -lq -R -W single -M '(^GET|^POST|^Host:|^[^ ]ookie:)' \"tcp port 80\"
\ninterface: eth0 (10.23.1.0\/255.255.255.0)
\nfilter: (ip or ip6) and ( tcp port 80 )
\nmatch: (^GET|^POST|^Host:|^[^ ]ookie:)<\/code><\/p>\n
\n[G] www.google.com:80\/search?q=wut
\n[G] en.mywebzines.com:80\/v3\/columns?u=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dwut&t=1319574984926
\n[G] en.mywebzines.com:80\/v3\/columns?u=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dwhat%2Bis%2Bthis%2Bi%2Bdont%2Beven&t=1319575011872
\n[G] en.mywebzines.com:80\/v3\/columns?u=file%3A%2F%2Fsdcard%2Fdata%2Fhome.html&t=1319575109160<\/p>\n
\nCode:<\/p>\n
\nCode:
\n* apktool d mobi.mgeek.TunnyBrowser-1.apk
\n* apply the this patch to smali\/mobi\/mgeek\/TunnyBrowser\/WebViewCallbackHandler.smali<\/code><\/p>\n
\n— orig-7.0\/smali\/mobi\/mgeek\/TunnyBrowser\/WebViewCallbackHandler.smali 2011-10-22 11:41:43.000000000 +0000
\n+++ mobi.mgeek.TunnyBrowser-7\/smali\/mobi\/mgeek\/TunnyBrowser\/WebViewCallbackHandler.smali 2011-10-22 11:40:18.000000000 +0000
\n@@ -2189,7 +2189,7 @@<\/p>\n
\n:cond_2
\n– invoke-direct {p0, p1, v0}, Lmobi\/mgeek\/TunnyBrowser\/WebViewCallbackHandler;->a(Lcom\/dolphin\/browser\/core\/IWebView;Ljava\/lang\/String;)V
\n+# invoke-direct {p0, p1, v0}, Lmobi\/mgeek\/TunnyBrowser\/WebViewCallbackHandler;->a(Lcom\/dolphin\/browser\/core\/IWebView;Ljava\/lang\/String;)V<\/p>\n
\n.end method
\n#####<\/p>\n
\nModified APKs posted http:\/\/forum.xda-developers.com\/showpost.php?p=18799432&postcount=61<\/p>\n
\nFrom: http:\/\/forum.xda-developers.com\/showthread.php?t=1319529<\/p>\n","protected":false},"excerpt":{"rendered":"