Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,731,559 Members 52,002 Now Online
XDA Developers Android and Mobile Development Forum

HTCMode = SMiShing app

Tip us?
 
docnok63
Old
(Last edited by docnok63; 22nd February 2013 at 09:10 AM.)
#1  
docnok63's Avatar
Senior Member - OP
Thanks Meter 628
Posts: 1,065
Join Date: Nov 2012
Location: Memphis, TN
Exclamation HTCMode = SMiShing app

Hey all,

There's been quite a few reports of people getting duplicate SMSes in the ViperDNA ROM thread. I think I have, unfortunately, found the cause. The other day, I got a SMS from someone not on my contact list/nor anyone I recognized at all. It was like spam email, but from SMS with a link to some site to boot. I brushed it off and just deleted the message. I was reading Android Police's new article on Android anti-virus apps. I was surprised to see my $15 Kaspersky app doing so poorly, so I uninstalled it and installed the #1 rated TrustGo. I did a scan and it found a "High Risk" threat in HTCMode. I followed the link provided by the app and, sure enough, Google has acknowledged the vulnerablility.

This vulnerability is being kept very close to Google's chest, so you don't find much about it doing a search for it. It certainly isn't getting a whole lot of press, but it's gotten some.

I tried to delete the app via TrustGo, but it failed. So went into Titanium Backup and froze the app and then was able to uninstall it. I've rebooted a couple times since uninstall and there doesn't seem to be any repercussions from getting rid of it. I highly recommend you do the same.

Just a heads-up. Protect your shiny DNA and your personal info/data,
Doc
Attached Thumbnails
Click image for larger version

Name:	2013-02-22-01-12-00[2].jpg
Views:	649
Size:	38.3 KB
ID:	1750852   Click image for larger version

Name:	2013-02-22-01-12-48[1].jpg
Views:	565
Size:	11.2 KB
ID:	1750853   Click image for larger version

Name:	2013-02-22-01-16-49[1].jpg
Views:	563
Size:	23.0 KB
ID:	1750854   Click image for larger version

Name:	2013-02-22-01-18-09[1].jpg
Views:	587
Size:	40.3 KB
ID:	1750855  
My is rollin' wit...
The Following 8 Users Say Thank You to docnok63 For This Useful Post: [ Click to Expand ]
 
darkace
Old
#2  
Senior Member
Thanks Meter 16
Posts: 143
Join Date: Jun 2009
Location: San Antonio
Quote:
Originally Posted by docnok63 View Post
Hey all,

There's been quite a few reports of people getting duplicate SMSes in the ViperDNA ROM thread. I think I have, unfortunately, found the cause. The other day, I got a SMS from someone not on my contact list/nor anyone I recognized at all. It was like spam email, but from SMS with a link to some site to boot. I brushed it off and just deleted the message. I was reading Android Police's new article on Android anti-virus apps. I was surprised to see my $15 Kaspersky app doing so poorly, so I uninstalled it and installed the #1 rated TrustGo. I did a scan and it found a "High Risk" threat in HTCMode. I followed the link provided by the app and, sure enough, Google has acknowledged the vulnerablility.

This vulnerability is being kept very close to Google's chest, so you don't find much about it doing a search for it. It certainly isn't getting a whole lot of press, but it's gotten some.

I tried to delete the app via TrustGo, but it failed. So went into Titanium Backup and froze the app and then was able to uninstall it. I've rebooted a couple times since uninstall and there doesn't seem to be any repercussions from getting rid of it. I highly recommend you do the same.

Just a heads-up. Protect your shiny DNA and your personal info/data,
Doc
Thanks for the heads up! I wonder why HTC is packing this junk in with their software.
 
docnok63
Old
(Last edited by docnok63; 22nd February 2013 at 02:44 PM.)
#3  
docnok63's Avatar
Senior Member - OP
Thanks Meter 628
Posts: 1,065
Join Date: Nov 2012
Location: Memphis, TN
Quote:
Originally Posted by darkace View Post
Thanks for the heads up! I wonder why HTC is packing this junk in with their software.
Perhaps HTC has nothing to do with this software and (as if they care) the developers are trademark infringing when they use it in the app. They merely use the HTC name to legitimize their software and make you think it should be on your phone (some Sense software.) I'm sure on the S3 it's called SamsungMode or TouchMode and tries to make it look like it's part of TouchWiz.

If HTC did create this software, then the SMiShers have just found a way to exploit a vulnerability in the software as they did with other brands. As the video and write-up details, this is not HTC-specific; but Android-wide.

http://www.youtube.com/watch?v=gLujaf0Y4-A
My is rollin' wit...
 
johnwaug
Old
#4  
Senior Member
Thanks Meter 30
Posts: 151
Join Date: Nov 2012
Default Re: HTCMode = SMiShing app

I can not find the HTC Mode.apk on my DNA at all. Not with TB or root file explorer. I am s-off, Viper1.1.3, beat mode kernel and costum recovery.

Sent from my HTC6435LVW using xda app-developers app
 
hurtfuljeep
Old
#5  
hurtfuljeep's Avatar
Member
Thanks Meter 31
Posts: 97
Join Date: Dec 2011
Default Re: HTCMode = SMiShing app

Thanks for the info. I wasn't aware of trustgo being rated #1.

Sent from my HTC6435LVW using xda app-developers app
 
docnok63
Old
#6  
docnok63's Avatar
Senior Member - OP
Thanks Meter 628
Posts: 1,065
Join Date: Nov 2012
Location: Memphis, TN
Quote:
Originally Posted by johnwaug View Post
I can not find the HTC Mode.apk on my DNA at all. Not with TB or root file explorer. I am s-off, Viper1.1.3, beat mode kernel and costum recovery.
It might not be on your phone. It's in system/app if it is.

Quote:
Originally Posted by hurtfuljeep View Post
Thanks for the info. I wasn't aware of trustgo being rated #1.
Neither was I until yesterday and I was quite pissed a free app outperformed one I paid $15 for. When it found the vulnerability my anger turned to humility and concern.
My is rollin' wit...
 
MicroMod777
Old
#7  
MicroMod777's Avatar
Recognized Contributor
Thanks Meter 1914
Posts: 4,043
Join Date: Apr 2010
Location: Los Angeles

 
DONATE TO ME
Default Re: HTCMode = SMiShing app

All it does is allows apps to send u fake spam texts. I get that type of junk anyways without this apps help.

On the DNA I think its the HTCModeClient.apk. I'm gonna remove it on my Rom today and see if my text work normal.

Sent from my HTC6435LVW using Tapatalk 2
 
.torrented
Old
#8  
.torrented's Avatar
Recognized Contributor
Thanks Meter 1471
Posts: 2,785
Join Date: Mar 2011
Location: Suffolk, VA

 
DONATE TO ME
Quote:
Originally Posted by MicroMod777 View Post
All it does is allows apps to send u fake spam texts. I get that type of junk anyways without this apps help.

On the DNA I think its the HTCModeClient.apk. I'm gonna remove it on my Rom today and see if my text work normal.

Sent from my HTC6435LVW using Tapatalk 2
my texting worked just fine when i removed it off of my phone
 
MicroMod777
Old
#9  
MicroMod777's Avatar
Recognized Contributor
Thanks Meter 1914
Posts: 4,043
Join Date: Apr 2010
Location: Los Angeles

 
DONATE TO ME
Default Re: HTCMode = SMiShing app

Quote:
Originally Posted by .torrented View Post
my texting worked just fine when i removed it off of my phone
Mine seems fine also.

Sent from my HTC6435LVW using Tapatalk 2
 
Jaggar345
Old
#10  
Jaggar345's Avatar
Senior Member
Thanks Meter 151
Posts: 1,081
Join Date: May 2012
Location: Amston
Default Re: HTCMode = SMiShing app

So reading this seems really shady that they would do this. So I'm not rooted on this phone and I don't want to root because I enjoy this phone how it is. So obviously I can't freeze this so if I disable it, won't this be the same thing as freezing it?

Sent from my HTC6435LVW using xda app-developers app

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

[APK] Chrome Beta 37 Brings First Traces of Material Design

With Android L on the horizon, it’s no surprise that Google’s … more

Immersive Mode on Unrooted Devices with GMD Full Screen Immersive Mode

Everyone likes screen real estate–no question about that. The … more

Android Wear App Review: EchoWear Song Search – XDA Developer TV

Yesterday on XDA Developer TV, Producer AdamOutler tore down a Samsung … more