Security Flaw Found in Dolphin Browser for Android

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

MoboTap, which makes the Dolphin Browser for iOS and Android, has acknowledged that the newest version of the Android app transmits the address of every Web site a user visits back to the company's servers.

"The privacy and security implications arise when a user connects to a secure Web site (usually shown by 'https://' and a closed lock icon)," writes CNET News' Declan McCullagh. "The second, surreptitious connection to MoboTap is unencrypted, allowing an eavesdropper on a Wi-Fi network to learn what's happening."

"'In some cases, if you knew the URL you can take over the user's session,' says Seth Schoen, staff technologist at the Electronic Frontier Foundation, which has advocated the adoption of encrypted Web browsing to thwart eavesdroppers," McCullagh writes.

Go to "Dolphin HD browser snared in security breach" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.

JOIN THE DISCUSSION

Loading Comments...