FORUMS

Google No Longer Sending Calendar SMS Notifications

In a not entirely surprising move, Google announced that it’s putting an … more

Enable Multi-Window Mode on M Developer Preview

What was not mentioned in yeterday’s keynote was Android M’s multi-window … more

I/O Summary: Google Cardboard Virtual Reality

One year ago, Google introduced cardboard. Amazingly enough, that was all it took to fire … more

Android M Preview Images – XDA TV

Android M preview images are available. That and much more news is covered by Jordan when he … more

HTCMode = SMiShing app

Thanks Meter: 710
 
By docnok63, Senior Member on 22nd February 2013, 07:55 AM
Post Reply Subscribe to Thread Email Thread
Hey all,

There's been quite a few reports of people getting duplicate SMSes in the ViperDNA ROM thread. I think I have, unfortunately, found the cause. The other day, I got a SMS from someone not on my contact list/nor anyone I recognized at all. It was like spam email, but from SMS with a link to some site to boot. I brushed it off and just deleted the message. I was reading Android Police's new article on Android anti-virus apps. I was surprised to see my $15 Kaspersky app doing so poorly, so I uninstalled it and installed the #1 rated TrustGo. I did a scan and it found a "High Risk" threat in HTCMode. I followed the link provided by the app and, sure enough, Google has acknowledged the vulnerablility.

This vulnerability is being kept very close to Google's chest, so you don't find much about it doing a search for it. It certainly isn't getting a whole lot of press, but it's gotten some.

I tried to delete the app via TrustGo, but it failed. So went into Titanium Backup and froze the app and then was able to uninstall it. I've rebooted a couple times since uninstall and there doesn't seem to be any repercussions from getting rid of it. I highly recommend you do the same.

Just a heads-up. Protect your shiny DNA and your personal info/data,
Doc
Attached Thumbnails
Click image for larger version

Name:	2013-02-22-01-12-00[2].jpg
Views:	720
Size:	38.3 KB
ID:	1750852   Click image for larger version

Name:	2013-02-22-01-12-48[1].jpg
Views:	627
Size:	11.2 KB
ID:	1750853   Click image for larger version

Name:	2013-02-22-01-16-49[1].jpg
Views:	626
Size:	23.0 KB
ID:	1750854   Click image for larger version

Name:	2013-02-22-01-18-09[1].jpg
Views:	648
Size:	40.3 KB
ID:	1750855   Click image for larger version

Name:	2013-02-22-01-12-00[2].jpg
Views:	720
Size:	38.3 KB
ID:	1750852   Click image for larger version

Name:	2013-02-22-01-12-48[1].jpg
Views:	627
Size:	11.2 KB
ID:	1750853   Click image for larger version

Name:	2013-02-22-01-16-49[1].jpg
Views:	626
Size:	23.0 KB
ID:	1750854   Click image for larger version

Name:	2013-02-22-01-18-09[1].jpg
Views:	648
Size:	40.3 KB
ID:	1750855  
Last edited by docnok63; 22nd February 2013 at 09:10 AM.
The Following 8 Users Say Thank You to docnok63 For This Useful Post: [ View ]
 
 
22nd February 2013, 12:49 PM |#2  
Senior Member
Flag San Antonio
Thanks Meter: 16
 
More
Quote:
Originally Posted by docnok63

Hey all,

There's been quite a few reports of people getting duplicate SMSes in the ViperDNA ROM thread. I think I have, unfortunately, found the cause. The other day, I got a SMS from someone not on my contact list/nor anyone I recognized at all. It was like spam email, but from SMS with a link to some site to boot. I brushed it off and just deleted the message. I was reading Android Police's new article on Android anti-virus apps. I was surprised to see my $15 Kaspersky app doing so poorly, so I uninstalled it and installed the #1 rated TrustGo. I did a scan and it found a "High Risk" threat in HTCMode. I followed the link provided by the app and, sure enough, Google has acknowledged the vulnerablility.

This vulnerability is being kept very close to Google's chest, so you don't find much about it doing a search for it. It certainly isn't getting a whole lot of press, but it's gotten some.

I tried to delete the app via TrustGo, but it failed. So went into Titanium Backup and froze the app and then was able to uninstall it. I've rebooted a couple times since uninstall and there doesn't seem to be any repercussions from getting rid of it. I highly recommend you do the same.

Just a heads-up. Protect your shiny DNA and your personal info/data,
Doc

Thanks for the heads up! I wonder why HTC is packing this junk in with their software.
22nd February 2013, 02:33 PM |#3  
docnok63's Avatar
OP Senior Member
Flag Memphis, TN
Thanks Meter: 710
 
More
Quote:
Originally Posted by darkace

Thanks for the heads up! I wonder why HTC is packing this junk in with their software.

Perhaps HTC has nothing to do with this software and (as if they care) the developers are trademark infringing when they use it in the app. They merely use the HTC name to legitimize their software and make you think it should be on your phone (some Sense software.) I'm sure on the S3 it's called SamsungMode or TouchMode and tries to make it look like it's part of TouchWiz.

If HTC did create this software, then the SMiShers have just found a way to exploit a vulnerability in the software as they did with other brands. As the video and write-up details, this is not HTC-specific; but Android-wide.

http://www.youtube.com/watch?v=gLujaf0Y4-A
Last edited by docnok63; 22nd February 2013 at 02:44 PM.
22nd February 2013, 04:41 PM |#4  
Senior Member
Thanks Meter: 33
 
More
Re: HTCMode = SMiShing app
I can not find the HTC Mode.apk on my DNA at all. Not with TB or root file explorer. I am s-off, Viper1.1.3, beat mode kernel and costum recovery.

Sent from my HTC6435LVW using xda app-developers app
22nd February 2013, 05:15 PM |#5  
hurtfuljeep's Avatar
Member
Thanks Meter: 31
 
More
Re: HTCMode = SMiShing app
Thanks for the info. I wasn't aware of trustgo being rated #1.

Sent from my HTC6435LVW using xda app-developers app
22nd February 2013, 06:37 PM |#6  
docnok63's Avatar
OP Senior Member
Flag Memphis, TN
Thanks Meter: 710
 
More
Quote:
Originally Posted by johnwaug

I can not find the HTC Mode.apk on my DNA at all. Not with TB or root file explorer. I am s-off, Viper1.1.3, beat mode kernel and costum recovery.

It might not be on your phone. It's in system/app if it is.

Quote:
Originally Posted by hurtfuljeep

Thanks for the info. I wasn't aware of trustgo being rated #1.

Neither was I until yesterday and I was quite pissed a free app outperformed one I paid $15 for. When it found the vulnerability my anger turned to humility and concern.
22nd February 2013, 09:48 PM |#7  
MicroMod777's Avatar
Recognized Contributor
Flag Los Angeles
Thanks Meter: 2,687
 
Donate to Me
More
Re: HTCMode = SMiShing app
All it does is allows apps to send u fake spam texts. I get that type of junk anyways without this apps help.

On the DNA I think its the HTCModeClient.apk. I'm gonna remove it on my Rom today and see if my text work normal.

Sent from my HTC6435LVW using Tapatalk 2
23rd February 2013, 07:17 PM |#8  
.torrented's Avatar
Recognized Contributor
Flag Suffolk, VA
Thanks Meter: 1,482
 
Donate to Me
More
Quote:
Originally Posted by MicroMod777

All it does is allows apps to send u fake spam texts. I get that type of junk anyways without this apps help.

On the DNA I think its the HTCModeClient.apk. I'm gonna remove it on my Rom today and see if my text work normal.

Sent from my HTC6435LVW using Tapatalk 2

my texting worked just fine when i removed it off of my phone
23rd February 2013, 09:03 PM |#9  
MicroMod777's Avatar
Recognized Contributor
Flag Los Angeles
Thanks Meter: 2,687
 
Donate to Me
More
Re: HTCMode = SMiShing app
Quote:
Originally Posted by .torrented

my texting worked just fine when i removed it off of my phone

Mine seems fine also.

Sent from my HTC6435LVW using Tapatalk 2
24th February 2013, 05:39 AM |#10  
Jaggar345's Avatar
Senior Member
Flag Amston
Thanks Meter: 155
 
More
Re: HTCMode = SMiShing app
So reading this seems really shady that they would do this. So I'm not rooted on this phone and I don't want to root because I enjoy this phone how it is. So obviously I can't freeze this so if I disable it, won't this be the same thing as freezing it?

Sent from my HTC6435LVW using xda app-developers app
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes