Google Pulls HushSMS after Flash SMS DoS Info
Not too long ago, we talked about the Flash SMS (class 0) DoS vulnerability affecting the current lineup of Nexus devices. Discovered by Romanian security researcher Bogdan Alec, the vulnerability was such that Flash SMS (class 0) messages sent in rapid succession would cause unexpected behavior on various Nexus devices. Curiously, though, the bug only affected Nexus device owners.
Luckily, the vulnerability was never all that damaging. After all, the worst outcome that has been seen so far is data loss due to a device reboot. That said, the vulnerability certainly opens up users to annoying pranks and spam that can get in the way of essential productivity.
Now, the vulnerability has claimed its first major conquest, though in a somewhat unexpected way. No, there wasn’t a malicious attack based on the vulnerability. HushSMS by app developer Michael Mueller has been removed by the Google Play store for being in “violation of the dangerous products provision of the Content Policy and sections 4.3 and 4.4 of the Developer Distribution Agreement.” This is for an application that has been available in the Play store for roughly ten months, and one that, “can send messages in accordance to the 3GPP Specification 23.040 ‘Technical realization of the Short Message Service,’ and some other specifications like OMA WAP,” as stated by Mueller himself.
While many of us are anticipating an official fix to come in the forthcoming Android 4.4.1, we can’t help but think that this is a rather curious “solution” to the problem by Google. For reference, the Google Cached Page for the HushSMS Play Store Listing is still available. More information from the developer can be found in the source link below.