Android 5.1 Possibly Coming February 2015

Google released Android 5.0 just over a month ago, and since then Lollipop has been trying to … more

Double Tap to Wake on the Nexus 6 Without Root

A few weeks ago, we featured an app which allowed the Nexus 6 to regain the double tap to wake … more

Make Your Own Heat Sink for the LG Optimus 4X HD

Its not a rare occurrence that performing a resource heavy task on your Android device (e.g. … more

Learn How to Create an Old School Dialer

XDA is not only a great source for custom ROMs, kernels, and various modifications for numerous … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

ChompSMS flagged as malware by several AV's

OP Omnius001

31st January 2012, 03:46 AM   |  #1  
OP Member
Thanks Meter: 10
 
32 posts
Join Date:Joined: Jan 2012
Hi ppl in the xda hood

I just write to let you know that ChompSMS has now been flagged as malware, both on 2 phone here locally with Avast as scanner, and subsequently by upload to Virustotal, and flagged by some of the major names too.
This concerns both the 5.30 and the update from tonight to v5.31

As Im new, I cannot post urls, but you can dump the apk from both versions, upload for a scan, and have a look at the report yourself from virustotal dot com


XDA must decide if its worth it alarming the community, but better safe than sorry, right?
I guess it could be a false positive, and I do know things should not be rushed about accusations of malware developing, but seeing that several of the major scanners is flagging it both before and after the update, certainly raises my concerns.

I hope those of you who knows your way around decompiling and analyzing code will look into this, so that we can get more eyes on it than "just" the AV companies reports.

Sincerely, Omnius


After a bit of micro-investigating I have so far found these domains in the code, so if you do HAVE to use ChompSMS, (I do) you can ad them to your HOST file, just for the sake of it.
I dont know when or why they will be used but as they are in the code, there is a potential connection lurking in it. Decide for yourself, untill further ppl have a close look than mine.
Im not a dev of any sort, but I do know how to poke around to learn. Therfore please do not just take my words for granted until more competent ppl here have their say.
I do know that a few of these is for "normal" android app ads, and analytics and so on, but these are my finding so far, so filter our what you like it to connect to yourself. If you dont mind ads connections in-app, serve your wish, so to speak.


millennialmedia.com
gateway.textfreek.com
report.bitesms.com
nexage.com
inapp.chompsms.com
adserver.com
greystripe.com
smsgateway.chompsms.com
m.advc.us
cvt.mydas.mobi
rest.starttalking.com
mobileads.google.com
Last edited by Omnius001; 31st January 2012 at 04:04 AM. Reason: additional info
The Following User Says Thank You to Omnius001 For This Useful Post: [ View ]
31st January 2012, 05:11 AM   |  #2  
kyokeun1234's Avatar
Senior Member
Flag Niagara Falls ON Canada
Thanks Meter: 633
 
2,807 posts
Join Date:Joined: Sep 2011
More
I used to love chompsms... now i guess I'm using GoSMS...

Sent from my Nexus S using XDA App
31st January 2012, 10:25 AM   |  #3  
Senior Member
Flag Arizona
Thanks Meter: 113
 
894 posts
Join Date:Joined: May 2010
More
All of them appear to be valid to the program. Half are ad for ads, the other half are for functionality in ChompSMS.
31st January 2012, 10:39 AM   |  #4  
zelendel's Avatar
Moderator Committee - The Dark Knight
Flag Watching from the Shadows
Thanks Meter: 11,809
 
15,299 posts
Join Date:Joined: Aug 2008
Donate to Me
More
I would be careful on using go SMS as well.

Antivirus apps will pick up any app that by passes any normal OS use. This always has been and always will be the case.

Anything with ads will always be flagged as it connects to an unknown server.
Last edited by zelendel; 31st January 2012 at 10:42 AM.
31st January 2012, 07:42 PM   |  #5  
Senior Member
Thanks Meter: 49
 
488 posts
Join Date:Joined: May 2010
Donate to Me
Quote:
Originally Posted by zelendel

I would be careful on using go SMS as well.

Antivirus apps will pick up any app that by passes any normal OS use. This always has been and always will be the case.

Anything with ads will always be flagged as it connects to an unknown server.

chomp was never flagged before the 5.30 update a few days ago...

really bothers me, i love chomp. i donated to remove the ads. i'm hoping they fixed it with 5.31 and the virus scanners are just still reporting it as a false positive. until it's sorted out though, i uninstalled...
1st February 2012, 12:57 AM   |  #6  
Senior Member
Thanks Meter: 49
 
488 posts
Join Date:Joined: May 2010
Donate to Me
Update : avg doesn't detect anything wrong with the newest version, 5.31.
1st February 2012, 04:06 PM   |  #7  
BigMatza's Avatar
Member
Thanks Meter: 20
 
96 posts
Join Date:Joined: Mar 2008
Lemme tell you...
I noticed the new permissions requested in 5.30 (special access to browser history/bookmarks), and kinda shrugged it off. Dumb move on my part. Immediately upon launching 5.30, I get a notification from ADWLauncher that it cannot fit a new shortcut on my desktop (because the main page was full). So I'm naturally all like WTF... so I flip through my desktop pages to notice that ChompSMS had made itself a shortcut to searchmobileonline.com.

I also heard that it replaces your default browser home page and search method with the same. I use xScope exclusively, so I haven't been able to check that yet.

Delicious, Inc. has really crossed the line with this latest stunt. What were they thinking!? ChompSMS was the best Android messaging app IMHO. Why jeopardize such a great reputation? If it's money they were after, I'd imagine they could've raked in a nice bundle of cash for selling the product to another company.
4th March 2012, 08:41 AM   |  #8  
xHausx's Avatar
Forum Moderator / Recognized Developer
Flag Central Florida
Thanks Meter: 4,538
 
6,781 posts
Join Date:Joined: Jul 2010
Donate to Me
More
Does anyone have a copy of this apk that I could take a look at?
4th March 2012, 08:51 AM   |  #9  
Senior Member
Flag Johns Creek
Thanks Meter: 296
 
1,750 posts
Join Date:Joined: Dec 2011
More
Quote:
Originally Posted by kyokeun1234

I used to love chompsms... now i guess I'm using GoSMS...

Sent from my Nexus S using XDA App

GoSMS is a security risk

Sent from Narnia
5th March 2014, 08:57 PM   |  #10  
Member
Thanks Meter: 1
 
58 posts
Join Date:Joined: Jan 2014
Quote:
Originally Posted by xHausx

Does anyone have a copy of this apk that I could take a look at?

I know this is a old thread but better than starting a new one.

I would like to ask if there is any news on this. I love chomp SMS, imo the best messanger for my taste. I have bought the pro version, to stay away from ads and unnecessary internet data. I have chomp on a brand new phone, no sim card, no messages, just activated chomp and my firewall instantly found chomp active on internet. I watched this for some time and really chomp was trying to do something even I did nothing with it.

important note: there is no data mining in any of their terms. Or at least I did not find anything.

So I contacted chomp about the behavior and they said that "they never seen this before" and suggested reinstall. I did, didn't help.

On the second try, they told me that it is connecting because of ads, but I had the pro version (and they knew it). So no luck.

After the third attempt, they said that chomp is sending once a day info that it is installed so they know how many installs they have.

This sucks a lot. Security concerns appears instantly.

I think it would be worthy to literally sniff a bit around this, since so many people is using chomp.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes