Connect with us

Textra and ChompSMS claim to have “solved” Stagefright with latest updates, but did they really?

Android News

Textra and ChompSMS claim to have “solved” Stagefright with latest updates, but did they really?

Psyched that SMS apps Textra and Chomp have “solved” Stagefright in the latest updates? Not so fast: we don’t think they’ve solved anything.

textra stagefright protection

Those who use Textra and ChompSMS for his or her messaging wishes will quickly be handled to new updates nowadays. We’re taking a look at model 3.1  for the previous, and model 7.1 for the latter. These updates will raise with them a function that’ll make people who’ve heard of the Stagefright vulnerability (learn up in the event you haven’t, it’s necessary) take realize: their claim is that “Stagefright Protection” is now integrated, calling it a “rock forged answer.”

So what precisely does this imply? Reading the company’s online knowledgebase turns up the next rationalization:

The stagefright make the most can happen while any SMS / MMS app creates the MMS video thumbnail that it presentations within the dialog bubble or notification or if a consumer presses the play button at the video or saves to Gallery. We have supplied an answer for ‘StageFright’ in Release 3.1 of Textra out now.

Very Important: In different SMS / MMS apps, turning off car-retrieve is **NOT** sufficient as when you faucet ‘obtain’ the make the most turns into lively. Additionally you wouldn't get any MMS % or staff messages. Not a just right answer.

Sounds just right, proper? Not precisely.

We take factor with a few issues with regard to that observation and unencumber. For starters, the entire “Stagefright make the most” factor is slightly deceptive. Stagefright by itself isn't an make the most. Stagefright is a multimedia library built into the Android framework. That specific library has a vulnerability, which a malicious software (which isn't but recognized to exist) can use to make the most it. It’s essential to make that difference if for not anything greater than to be transparent approximately what, precisely, we’re dealing with right here.

Getting that out of the best way, the following factor to word is that it’s not likely a easy app update can “clear up” the Stagefright factor. They can take steps to lend a hand higher offer protection to customers, although, and to Textra and ChompSMS’s credit score that’s what we consider is occurring right here.

From what we will be able to inform, this “Stagefright Protection” function is a straightforward “disable automated MMS downloads” serve as that exists in just about each and every in a position messaging app in the market, together with Hangouts, Android’s inbuilt messenger and different 3rd-birthday party choices. The distinction with Textra’s function is a neat new identify, and a couple of warnings approximately Stagefright sooner than permitting the consumer to obtain the video.

Here’s what occurs while you obtain an MMS in TextraSMS with Stagefright Protection enabled:

stagefright 1

As you'll be able to see, the message used to be now not downloaded and the thumbnail hasn’t been resolved, so if this video has an make the most concentrated on Stagefright then it is going to now not but be in a position to execute its code. The message has a pleasant “Stagefright Protection” label underneath it.

stagefright 2

This is what turns up while you hit the Play button at the MMS message: a good larger field, with a fair larger play button, and a fair larger “Stagefright” label.

stagefright 3

Finally, clicking the Play button one final time will raise a pleasant caution message reminding you that downloaded movies would possibly include an make the most referred to as Stagefright (keep in mind that, there is not any recognized make the most, and if there have been its identify wouldn’t be Stagefright as Stagefright is just the identify of the multimedia library that may be prone to being exploited).

Pressing the OKAY button will then increase whichever video you have been going to view, and that’s it. If stated video if truth be told did include an make the most that goals Stagefright then it will, in reality, execute at this second.

And that’s that. This is as so much “coverage” as seeing a yield signal at the street. It’s now not if truth be told preventing you from going in advance and enjoying the video, but you will have to understand that there’s an opportunity (albeit, on this case, an overly very small probability) that the video may just include code which might hurt your tool.

Granted, that is greater than different apps are doing towards so-referred to as Stagefright exploits at this aspect. It’s just right that they’re being communicative and letting the consumer understand that there’s a probably bad flaw that can placed their software in danger. We simply desire they didn’t have to do it in some way that appears like little greater than a tacky marketing ploy to win a few more downloads.

We’ve reached out to Delicious Inc., who owns both Textra and ChompSMS, for remark and explanation in this function, and we’ll ensure to record again with a apply-up tale when we’ve heard from them.

[Thanks to the folks at AndroidForums.com for bringing it to our consideration!]

Comments

More in Android News

Popular

Featured

Advertisement
To Top