Update from Dolphin Browser
Hi everyone,
Michael from Dolphin Browser here. Wanted to provide an update on this situation. We found out the root cause of this issue & applied the fix. Since the fix is currently undergoing a staged rollout, it will take at least 24 hours to apply the fix to all Dolphin users. If you would like to test the fix immediately, the APK is here -> https://www.dropbox.com/s/z6k2rmishvnwvwh/DolphinOne_EN__88_Release_Signed.apk?dl=0
Here is a quick update about this fix/issue:
1. Dolphin Themes were previously downloaded through HTTP protocol, when it should have been HTTPs protocol.
2. Dolphin did not previously verify the Theme package, which left room for exploitation. We added additional security checks to make sure Theme packages are safe before users apply them to Dolphin Browser.
3. Dolphin previously did not perform security checks for our dynamic libraries (e.g. libdolphin.so:). The new security patch will verify and make sure these library files are not modified before they are being loaded.
We're committed to making sure our users are secure and are doing our best to address any issues as they come up. If you do have any additional questions or concerns, you can reach out to us via social media or at support@dolphin.com.
Best,
Michael
Dolphin Team
Biting the hand that feeds IT
