Textra SMS, one of the most popular third party SMS apps, just received protection from the Stagefright vulnerability in its latest update. An attacker can make use of this vulnerabity by sending an MMS that targets the Android device’s media playback engine, Stagefright.
The vulnerability allows attackers to steal data and gain access to your camera and microphone, so it’s nice to see Textra promptly updating their app. While Google, Cyanogenmod, Firefox, and a few others have already patched the vulnerability, given the fragmentation in Android it will take a while for more devices to become secure as OEMs and carriers will inevitably delay the updates.
It should, however, be noted that this vulnerability is in the Stagefright engine and not in the MMS delivery. So while using Textra will help protect you, you aren’t completely safe just yet. It is advisable to turn off auto delivery of MMS in your messaging app and Hangouts in case you aren’t using Textra.
As mentioned above, Google has already patched the vulnerability and Nexus 5 and 6 users should start seeing updates soon. Cyanogenmod builds for the past couple of weeks have already got the patch, so if you’re using CM, you should be safe, at least from Stagefright.
If you aren’t into custom ROMs and you don’t have a Nexus device, Textra is perhaps one of the safer bets for you right now, at least as far as protection from those rogue MMSs goes. You can find more on the Stagefright vulnerability here.
hat tip to Chris Bridges for the heads up and the screenshot