Android security is hitting the headlines following a report from cybersecurity firm Zimperium that suggests Android phones can be infected with a picture message, allowing hackers to take complete control of a phone. Before you panic, here's how to avoid the Stagefright Android MMS virus. Also see: How to remove a virus from Android.
We should note that although there is a patch for the flaw, known as Stagefright and to which some 950 million devices are said to be vulnerable, the various flavours of Android in use and the need for both mobile operators and phone manufacturers to be involved in any software updates makes it impossible for Google to automatically roll out a patch to all Android users. Those using older handsets will likely never get the patch.
Traditionally, Android malware comes through the installation of dodgy apps outside of the protected walls of Google Play. However, it's also possible to attach malware to a multimedia message, which will download to your phone once you view the message. Also see: Best Android antivirus apps.
A simple solution, you might think, would be to keep your wits about you and not to open and immediately delete any suspicious-looking messages. But that's not always so easy; Hangouts, which will be the default messaging app for many Android users, by default automatically processes incoming media messages without your input. Other messaging apps may also be set to auto-retrieve multimedia messages by default, and you should check this is not the case with whichever app you happen to be using.
If you're using Hangouts as the default messaging app, you can either use a different messaging app or you can stop it automatically retrieving multimedia messages. We'll look at how to do so below. Also see: Best Android phones 2015.
Update 10 August: An easy way to check whether your device is vulnerable to Stagefright is to download the free Stagefright Detector app from Lookout. The app, when launched, will automatically scan your phone and let you know whether you're at risk. If you are, follow the steps below to protect your phone from the Stagefright MMS virus.
Update 5 August: Security firm 360 Security advises also taking steps to protect your phone from Stagefright while locked. It says to open the Settings app, then choose Notfications under My Device. Depending on your device, Choose 'When Locked' or 'Notifications on Lock Screen', then choose 'Hide Sensitive Content'. This will stop the bug from being executed when your phone is locked.
How to protect Android from Stagefright MMS virus - Change the default messaging app in Android
Step 1. There are two ways to access the option to change your default messaging app in Android. The first is to open the Settings app on your phone, then select More under Wireless & networks, and finally tap on Default SMS app.
(This looks a little different on our Samsung Galaxy S6, on which we open the Settings menu, choose More connection settings under Connections, then select Default messaging app.)
The second way to access this option is through Hangouts itself. Open the app and tap the three vertical lines icon at the top left of the screen to access the options, then choose Settings, SMS, SMS enabled.
Step 2. If Hangouts is selected as the default messaging app, instead choose Messaging or Messages or any other option you see here. If you don't see an option other than Hangouts, go to step 3.
Step 3. If you don't have an alternative messaging app on your phone you can either download one from Google Play, or you can turn off Hangouts' ability to automatically retrieve multimedia messages.
If you go with the first option, note that you may need to set it as the phone's default messaging app within the app's own settings menu before you see an option to select it within Settings, More, Default SMS app.
If you go with the second option, open Hangouts, tap the three vertical lines at the top left of the screen, then choose Settings, SMS. Scroll down the page to the Advanced section and deselect the box to Auto retrieve MMS.
Step 4. It's not just Hangouts that will auto-retrieve multimedia messages by default. The Messages app on our Samsung Galaxy S6 also auto-retrieves MMS messages by default. To turn this off open Messages and select More, Settings, More Settings, Multimedia messages, and disable the option to Auto retrieve.
As suggested in the comments below, in vanilla versions of Android where Hangouts is not the default messaging app you should open the Messaging app and select the three dots icon to access Settings, Multimedia MMS Messages, then ensure the option to auto retrieve is disabled.
Where next? Visit Android Advisor.
Follow Marie Brewis on Twitter.