

How to Protect Your Android Phone from the Stagefright Bug - gregorymichael
https://www.twilio.com/blog/2015/07/how-to-protect-your-android-device-from-stagefright-exploit.html

======
uph
Just posted this in the comments on another article about stagefright.

Even better, use TextSecure
([https://play.google.com/store/apps/details?id=org.thoughtcri...](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms))
by Open Whisper Systems
([https://whispersystems.org/](https://whispersystems.org/)).

 _Supposedly the vulnerability is in stagefright, which is the Android
framework responsible for audio /video encoding/decoding and playback.
TextSecure doesn't do any pre-processing of received audio/video messages, so
it seems unlikely that a vulnerability in stagefright could be triggered
simply by sending audio/video to a TextSecure user._

 _TextSecure plays audio /video by handing it to the system's default media
player. If there's a stagefright vulnerability, it's possible that the
system's default media player is vulnerable. From TextSecure, that interaction
should only happen by physically tapping on an audio/video attachment, then
tapping through a warning dialog about insecure playback. At that point, it's
out of our hands._

 _\- moxie_

[https://lists.riseup.net/www/arc/whispersystems/2015-07/msg0...](https://lists.riseup.net/www/arc/whispersystems/2015-07/msg00084.html)

~~~
acconrad
I'm a huge fan of Text Secure, been using it for a while. That and Red Phone
(also by Open Whisper) makes your life indeed more secure on Android.

~~~
uph
Unlike TextSecure, RedPhone is a bit rough as it hasn't been updated in a
while. If someone wants encrypted calls _today_ it does the job but it will
soon be merged into TextSecure (guessing the name will change to Signal like
on iOS).

The team at Open Whisper Systems has done a great job making privacy this
easy. For people that aren't interested in encryption I don't even go into
that when telling them to use TextSecure. I just tell them it's better and
kind of like iMessage for Android, as it sends regular sms to contacts without
it and (encrypted) data messages to those who do.

