The makers of a popular mobile browser called Dolphin HD confirmed that their software leaks the addresses of all Web sites a user visits, a potential privacy and security breach.
MoboTap, a Pasadena, Calif.-based mobile developer, told CNET today that Dolphin HD for Android transmitted the Web addresses back to the company's servers but that they were not stored.
The privacy and security implications arise when a user connects to a secure Web site (usually shown by "https://" and a closed lock icon). The second, surreptitious connection to MoboTap is unencrypted, allowing an eavesdropper on a Wi-Fi network to learn what's happening.
"In some cases, if you knew the URL you can take over the user's session," says Seth Schoen, staff technologist at the Electronic Frontier Foundation, which has advocated the adoption of encrypted Web browsing to thwart eavesdroppers.
Update 2:10 p.m. PT: Just got e-mail from MoboTap representative Alan Cooper: "It came to our attention that yesterday's hot fix did not fix the URL concern, and we've just published version 7.0.2, which fixes all URL issues. It's just been pushed to the Market, and all users should be seeing it rolled out as an update shortly."
