Stagefright (More Technical Details)

Thanks for your interest in how we attempt to protect users in Textra SMS from exposure to the stage fright exploit.

I won't go over the background of the stagefright exploit (as there are plenty of articles on it), I will just focus on what's applicable in terms of SMS / MMS type apps in that the most likely attack vector will be that of an incoming MMS message. More specifically MMS messages containing video content. No other MMS content is at risk by the stagefright exploit.

The actual download of the MMS video content itself does not use the stagefright code and therefore does not expose the exploit. However every SMS / MMS replacement app that I am aware of, will upon download of a video MMS message automatically renders a thumbnail (first video frame), either in the notification or in the conversation bubble. In doing so, the Android media 'code' (called stagefright) that handles things like thumbnails, play etc will be used and in doing so exposes the stagefright exploit. That's the issue right there!

Users are being (wrongly IMO) advised to turn off MMS auto-retrieve in their SMS / MMS apps. This of course impacts ALL MMS content (not very convenient), such as pictures and group text messages as well as video. Users are then presented with a [Download] type function to download the MMS, which at that point the type of content is unknown. Thus if a user presses [Download] and it happens to be a video, then a thumbnail will be rendered (all apps do this apart from our latest release) and the stagefright code will be called and the exploit exposed. As an example, if the MMS is from a friend until the user presses download they CANNOT distinguish between safe MMS content like group text messages and video. After pressing download it's too late, if it happens to be a video the risk just went up significantly.

Our understanding and the above considerations, lead us to the solution for Textra. We still wanted to provide the current convenience for all MMS content as per normal except for video, whereby although it is automatically downloaded (not in itself a risk) no thumbnails are rendered and the user is unable to Forward, Send as New, Save to Gallery, Open in Gallery or Share without overriding the warning and actually making an active decision to play the video. So in effect things work as normal except for video content which is cordoned off, thus protecting the user from stagefright.

So on the surface perhaps it just looks like we put a bit of text here and there saying 'Stagefright Protected' but we actually went to a great deal of trouble to provide ultimate convenience of all MMS content while actively stopping MMS videos from automatically running the exploit (like all other SMS / MMS apps) and additionally providing a number of warnings and barriers before the user ultimately makes their own decision in trusting or not trusting a video.

It's certainly hard to get across this concept! Our goal is to find the very best practical solution we could for our users.

Hope this helps explain.

Feedback and Knowledge Base