Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,736,660 Members 54,624 Now Online
XDA Developers Android and Mobile Development Forum

ChompSMS flagged as malware by several AV's

Tip us?
 
Omnius001
Old
(Last edited by Omnius001; 31st January 2012 at 03:04 AM.) Reason: additional info
#1  
Member - OP
Thanks Meter 10
Posts: 31
Join Date: Jan 2012
Default ChompSMS flagged as malware by several AV's

Hi ppl in the xda hood

I just write to let you know that ChompSMS has now been flagged as malware, both on 2 phone here locally with Avast as scanner, and subsequently by upload to Virustotal, and flagged by some of the major names too.
This concerns both the 5.30 and the update from tonight to v5.31

As Im new, I cannot post urls, but you can dump the apk from both versions, upload for a scan, and have a look at the report yourself from virustotal dot com


XDA must decide if its worth it alarming the community, but better safe than sorry, right?
I guess it could be a false positive, and I do know things should not be rushed about accusations of malware developing, but seeing that several of the major scanners is flagging it both before and after the update, certainly raises my concerns.

I hope those of you who knows your way around decompiling and analyzing code will look into this, so that we can get more eyes on it than "just" the AV companies reports.

Sincerely, Omnius


After a bit of micro-investigating I have so far found these domains in the code, so if you do HAVE to use ChompSMS, (I do) you can ad them to your HOST file, just for the sake of it.
I dont know when or why they will be used but as they are in the code, there is a potential connection lurking in it. Decide for yourself, untill further ppl have a close look than mine.
Im not a dev of any sort, but I do know how to poke around to learn. Therfore please do not just take my words for granted until more competent ppl here have their say.
I do know that a few of these is for "normal" android app ads, and analytics and so on, but these are my finding so far, so filter our what you like it to connect to yourself. If you dont mind ads connections in-app, serve your wish, so to speak.


millennialmedia.com
gateway.textfreek.com
report.bitesms.com
nexage.com
inapp.chompsms.com
adserver.com
greystripe.com
smsgateway.chompsms.com
m.advc.us
cvt.mydas.mobi
rest.starttalking.com
mobileads.google.com
The Following User Says Thank You to Omnius001 For This Useful Post: [ Click to Expand ]
 
kyokeun1234
Old
#2  
kyokeun1234's Avatar
Senior Member
Thanks Meter 629
Posts: 2,801
Join Date: Sep 2011
Location: Niagara Falls ON Canada
I used to love chompsms... now i guess I'm using GoSMS...

Sent from my Nexus S using XDA App
Phone
Nexus 4 16GB LTE Enabled
Android L Preview

Click Thanks if I helped you!!

 
nosit1
Old
#3  
Senior Member
Thanks Meter 109
Posts: 881
Join Date: May 2010
Location: Arizona
All of them appear to be valid to the program. Half are ad for ads, the other half are for functionality in ChompSMS.
 
zelendel
Old
(Last edited by zelendel; 31st January 2012 at 09:42 AM.)
#4  
zelendel's Avatar
Moderator Committee - The Dark Knight
Thanks Meter 10822
Posts: 14,192
Join Date: Aug 2008
Location: Watching from the Shadows

 
DONATE TO ME
I would be careful on using go SMS as well.

Antivirus apps will pick up any app that by passes any normal OS use. This always has been and always will be the case.

Anything with ads will always be flagged as it connects to an unknown server.





If hard work pays off then easy work is worthless
SearchFu
Never Ask someone to do something your not willing to at least try to do yourself.
"Gotham is the work of a madman"- NunHugger Current Nexus 5-12 Nightly


 
crackers8199
Old
#5  
Senior Member
Thanks Meter 46
Posts: 487
Join Date: May 2010

 
DONATE TO ME
Quote:
Originally Posted by zelendel View Post
I would be careful on using go SMS as well.

Antivirus apps will pick up any app that by passes any normal OS use. This always has been and always will be the case.

Anything with ads will always be flagged as it connects to an unknown server.
chomp was never flagged before the 5.30 update a few days ago...

really bothers me, i love chomp. i donated to remove the ads. i'm hoping they fixed it with 5.31 and the virus scanners are just still reporting it as a false positive. until it's sorted out though, i uninstalled...
 
crackers8199
Old
#6  
Senior Member
Thanks Meter 46
Posts: 487
Join Date: May 2010

 
DONATE TO ME
Update : avg doesn't detect anything wrong with the newest version, 5.31.
 
BigMatza
Old
#7  
BigMatza's Avatar
Member
Thanks Meter 18
Posts: 93
Join Date: Mar 2008
Default Lemme tell you...

I noticed the new permissions requested in 5.30 (special access to browser history/bookmarks), and kinda shrugged it off. Dumb move on my part. Immediately upon launching 5.30, I get a notification from ADWLauncher that it cannot fit a new shortcut on my desktop (because the main page was full). So I'm naturally all like WTF... so I flip through my desktop pages to notice that ChompSMS had made itself a shortcut to searchmobileonline.com.

I also heard that it replaces your default browser home page and search method with the same. I use xScope exclusively, so I haven't been able to check that yet.

Delicious, Inc. has really crossed the line with this latest stunt. What were they thinking!? ChompSMS was the best Android messaging app IMHO. Why jeopardize such a great reputation? If it's money they were after, I'd imagine they could've raked in a nice bundle of cash for selling the product to another company.
 
xHausx
Old
#8  
xHausx's Avatar
Forum Moderator / Recognized Developer
Thanks Meter 4509
Posts: 6,766
Join Date: Jul 2010
Location: Central Florida

 
DONATE TO ME
Does anyone have a copy of this apk that I could take a look at?
 
IRASadPanda
Old
#9  
Senior Member
Thanks Meter 296
Posts: 1,750
Join Date: Dec 2011
Location: Johns Creek
Quote:
Originally Posted by kyokeun1234 View Post
I used to love chompsms... now i guess I'm using GoSMS...

Sent from my Nexus S using XDA App
GoSMS is a security risk

Sent from Narnia
The sun is slowly fallin', we all should surely die eventually.
So what's your calling? Oh, you left your phone behind?
 
ArdW
Old
#10  
Member
Thanks Meter 1
Posts: 60
Join Date: Jan 2014
Quote:
Originally Posted by xHausx View Post
Does anyone have a copy of this apk that I could take a look at?
I know this is a old thread but better than starting a new one.

I would like to ask if there is any news on this. I love chomp SMS, imo the best messanger for my taste. I have bought the pro version, to stay away from ads and unnecessary internet data. I have chomp on a brand new phone, no sim card, no messages, just activated chomp and my firewall instantly found chomp active on internet. I watched this for some time and really chomp was trying to do something even I did nothing with it.

important note: there is no data mining in any of their terms. Or at least I did not find anything.

So I contacted chomp about the behavior and they said that "they never seen this before" and suggested reinstall. I did, didn't help.

On the second try, they told me that it is connecting because of ads, but I had the pro version (and they knew it). So no luck.

After the third attempt, they said that chomp is sending once a day info that it is installed so they know how many installs they have.

This sucks a lot. Security concerns appears instantly.

I think it would be worthy to literally sniff a bit around this, since so many people is using chomp.

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Get Your Cargo to its Destination in 4×4 Military Operations Reborn

Racing games have evolved quite a bit since the days of Pole … more

Automate Your Device with Sfen

Changing the profile of yourdevice manually is now long forgotten. Since the advent of Android automation … more

Galaxy Photo Screen Lock Displays a Photo Slideshow on Your Lock Screen

Being the most often looked at part of our devices UI, the lock … more