Android

Random Dolphin Browser for Android hijacking

Jack Wallen addresses a URL forwarding issue in the Dolphin Browser for Android. Could this be the start of something less than favorable in mobile browsing?

Dolphin

Dolphin has been a popular alternative browser for the Android platform for quite some time. Recently, however, it has come to my attention that Dolphin is beginning to show signs of less than aboveboard. What I'm talking about is URL forwarding. This doesn't happen all the time, but if you switch your tablet or phone to Airplane mode and then type, say bestbuy into the address bar, you'll see an error informing you that the following address cannot be found:

http://navigation.nsgnav.com/query.php?p=DLP&a=nav...

It's hard to catch, but if you keep refreshing, you'll see the address in the URL bar (Figure A).

Figure A

Figure A

Dolphin showing the errors on a Verizon-branded LG G3.

What is going on here? If you go to the URL navigation.nsgnav.com, you'll immediately see:

Brand Directory™ Engine

atnav04

Shortly after, you'll be redirected to http://www.namespacestrategy.com/, which is all about click-through for brands. According to their website, this is what Namespace Strategy does:

"When a consumer types non-DNS queries such as 'amazon shoes' (brand term), 'amazzon' (misspelling), or 'www.amazon.cpm' (DNS syntax error) into the address bar, our ISP partner directly navigates the consumer to the Brand's website via NameSpace direct navigation."

That's a quality idea... on the surface (at least for brands). However, for those whose concerns lean heavily toward privacy, the idea of an intermediary service handling such forwarding is far less than ideal. Those extra hops to get to a correctly formatted website or search string could easily be seen as a potential security issue.

At the moment, this isn't a dominant issue, but I'm seeing such questionable behavior more and more on free mobile apps — and it's something that must be considered. Companies cannot continue to pump out free apps and expect to keep the lights on. To that end, other businesses could easily take advantage of these precarious situations and offer solutions that might, on the surface, be harmless. However, what is now a URL (or search string) forwarder could later on become a hijacker that would demand you view ads or sign up for service(s) before you can be redirected to the correct site.

Remember the Opera browser — the one that claimed to load websites faster than any other browser? Opera Turbo works by compressing every site you visit through their own servers. That need for speed could easily turn into something altogether different, like websites being redirected through third-party servers or services.

This could be the future of mobile browsing and usage that we are witnessing.

Don't get me wrong, this isn't a cry for users to drop the Dolphin Browser and look for another solution. What this is, however, is a call for:

  • End users to be cautious and on the lookout for suspicious behavior
  • App developers to work with a level of transparency they may not be accustomed to

Will we ever get such transparency and end-user caution? Probably not. That doesn't mean these practices will always go unseen.

Dolphin needs to come clean on this forwarding behavior before I'll ever use (or promote) the browser again. And should it come to light that other developers are slipping forwarding, redirection, or hijacking behavior under the noses of users, I'll report on it.

What do you think? Are we looking at the future of mobile browsing? If so, what's the solution for both developers and end users? Share your thoughts in the discussion thread below.

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks

Free Newsletters, In your Inbox