The really bad news, Infosecurity notes, is that these details include https traffic as well.
According to the Android Police newswire, the web site data relaying has been taking place since v6.0 of Dolphin HD was released. “To be clear, the data reported includes only urls and not contents of web pages themselves”, notes the wire, going on to say that it has been unable to discover a privacy policy that covers this aspect of Dolphin.
“Frankly I don't think an official document that confirms these intentions exists. Did they really think somebody wouldn't notice,” the newswire says.
Forbes, meanwhile, says that the developers behind Dolphin HD are aware of the issue and that it “inadvertently exposed users’ Web traffic patterns.”
The security issue arises, says the newswire, because mobile internet sessions are connected to MoboTap, which determines how to format the pages. The connection to MoboTap's servers, however , is unsecured, meaning that hackers could access unsuspecting users’ browsing history without much difficulty.
“In some cases, if you knew the URL, you can take over the user’s session,” Seth Schoen, a staff technologist with the Electronic Frontier Foundation, told the newswire.
Alan Cooper, MoboTap’s spokesman, meanwhile, is quoted by Forbes as saying his company “never stored anyone’s user data.”
The newswire says that, whether or not anyone monitored or stored data, “Dolphin HD’s security snafu raises questions about Android developers’ preparedness against increasingly frequent privacy breaches.”