Stagefright Detector

11,398

Zimperium INC. Tools

Everyone

Stagefright Detector- screenshot thumbnail

Stagefright Detector App for Android Devices

Zimperium zLabs expert and VP of Platform Research and Exploitation, Joshua Drake (@jduck) discovered multiple critical vulnerabilities in Stagefright library and provided patches to Google to secure Android. We provided these patches to carriers and vendors through Zimperium Handset Alliance (ZHA). While the patches have been applied, it may be years until they reach all devices.

Zimperium zLabs created a Detector app to validate that you are running a version that is not vulnerable to the discovered Stagefright vulnerabilities. Some phone vendors have released partial patches to the vulnerabilities disclosed and this app can help you to understand if your device is vulnerable or not.

Stagefright is a critical Android vulnerability. It allows hackers to get 'media' or 'system' privileges on your device after processing an incoming MMS message, by surfing the web any one of the 11 potential attack vectors. In many cases, the attack do not require any end-user action. To make matters worse, the attacker can delete the MMS before you open it.

In order to test if your device is vulnerable, we built the ‘Stagefright Detector’ app.

This app will tell you three major things:
- whether your device is vulnerable
- which CVEs your device is vulnerable to
- whether you need to update your mobile operating system

Stay protected: ZIMPERIUM Mobile Threat Protection enterprise customers, vendors and carriers are protected from the Stagefright vulnerability without requiring any special update.

This application anonymously collect the results of the test and shares it with device vendors and carriers through ZHA. We do not collect any personal information.
Carriers and Device Vendors that are interested to join Zimperium Handset Alliance and increase the security of its user base - join here: https://groups.google.com/forum/#!forum/zimperium-handset-alliances

About Zimperium:
Zimperium is a pioneer in advanced mobile threat protection, delivering enterprise-grade solutions for Android and iOS devices. Our solutions use patented machine-learning technology to detect host and network-based threats in real-time. Founded in 2010, Zimperium is backed by Samsung, Telstra and Sierra Ventures, and has enterprise customers across all major verticals worldwide.

Reviews

4.2

11,398 total

5 7,557

4 1,587

3 753

2 378

1 1,123

Lovedit Goooooood

soccer cat

Tells me I'm not vulnerable. Before you start accusing the app of being unreliable or giving false reports try clicking where it says READ MORE. It quite plainly tells you how it works. Smart users do that before installing any app. If you have questions just email them. The address is right at the bottom of the page.

Tim Ehrhart

Confused after running Quadrooter detector... My cm13 with security patch level Aug 05, 2016 now reports being Stagefright vulnerable! Very confusing results. This was patched long ago. All other Stagefright detectors report not vulnerable

Liam Irwin

Broken or fake results Both my 6P (NDP5) and Z4 Tablet (6.0.1) which are up to date show 41 vulnerabilities each. But with aeroplane mode turned on both say not vulnerable.

Yaza Forreal

So am I vulnerable or infected? It gives me 9 criticals and says I am vulnerable. Shouldn't it be moderate then? And why can't I fix it? Still though it's a good software to know whether you've been compromised. Don't give out your phone numbers on the net!

Wanda Wattenberg

Inconsistent results I ran this twice today and the first time I had like 17 vulnerabilities and now it says not vulnerable. I have the latest security patch and marshmallow 6.0.1 so that's not the issue.

User reviews

December 31, 2016

Lovedit Goooooood

soccer cat September 20, 2016

Tim Ehrhart August 11, 2016

Liam Irwin July 30, 2016

Broken or fake results Both my 6P (NDP5) and Z4 Tablet (6.0.1) which are up to date show 41 vulnerabilities each. But with aeroplane mode turned on both say not vulnerable.

Yaza Forreal June 3, 2016

Wanda Wattenberg August 16, 2016

Arvind Kamath June 17, 2016

Incorrect results I'm running Android 6.0.1 with the Matching updates and this shows my phone being vulnerable to nearly all the vulnerabilities. The lookout stagefright detector shows my phone as not being vulnerable. This app is highly unreliable and I do not recommend it.

Leonard Davison May 29, 2016

5.3 Still Broken? Version 5.1 showed I was vulnerable to one CVE. 5.2 changed the display to a summary view. 5.3 still shows all zeros for critical /high/moderate but I get a big red vulnerable. Which is correct? The count or the big red warning? I'm beginning to doubt their ability to execute....

Mat Beckmann September 23, 2016

Doesn't work. I know from source code that my phone is infected with the surfaceflinger/stage fright virus. Yet the app says there is no problem.

Ohexu Tawun May 25, 2016

Since the latest update shows more vulnerabilities Like 12 or so, while previously there were no vulnerabilities detected. I'm running Android 6.0, which should be fixed.

Brenden Fogle June 26, 2016

Scam Downloaded this app to see if I was vulnerable, and I was "vulnerable". I checked it with 5 other apps, including the one from Lookout. All said not vulnerable.

Ray Luo May 25, 2016

The old version works better In the latest version, the UI has been changed to display 3 summary numbers, rather than a detailed list. Fine. But then it incorrectly displays 3 zeros, while my phone does have one vulnerability? It is a bug.

A Google User July 29, 2016

Fake test! This application looks like fake. When I disabled Wi-Fi and mobile Internet, it shows me "Your device is not vulnerable", but when I enabled Wi-Fi, it shows me 8 Critical, 20 High, and 4 Medium vulnerabilities. Looks like it get info about device and display default values for such smartphones from the Internet.

Kamran Mokhtar July 7, 2016

Not reliable anymore It used to be a handy app that use to analyze and check which library is vulnerable but after update it only relays on a security patch date from build.prop.

Corsario Negro May 25, 2016

Still showing 0/0/0 but Vulnerable Latest patch (5.3) did not fix this problem. Galaxy Tab 4, custom Lollipop ROM

Anthony Berlingieri June 17, 2016

Android 6.0.1 Vulnerable?!?!??? Great that someone made this. But: I was safe prior to the latest updates from Android, but after the 6.0.1 "security" patch I now have 15 vulnerability problems.

Jeff Wieland August 27, 2016

Erratic Results Sometimes it says that my phone has no vulnerabilities, and sometimes it says that it has what appears to be all of them.

Mike Dickerson September 1, 2016

Great No ads, no bullshit. Detects vulnerabilities and tells you. Update: Not compatible with Android 6+? Showing vulnerable to everything

July 17, 2016

I don't know.. It seems like the app is wrong.. I have Moto X Style XT1572 with android 6.0.1 + may 1, 2016 security patch but it shows that my device is vulnerable with 1 critical, 13 high and 1 moderate... I don't believe it...

Justin Clevenger October 1, 2016

To the complainers Google can't fix this issue yet. It's a system and component issue.

Ian Sykes December 2, 2016

Unreliable This app gives me about 30 vulnerabilities I am supposed to have although every other app states that I am not vulnerable. I know that there is no way for the stagefright malware to be landed on my device. Therefore the application is not to be trusted

Mark Kikkert August 8, 2016

Needs an update Keeps telling me my Samsung Galaxy S5 has multiple Stagefright vulnerabilities even though I'm running the latest firmware.

Joao Mauricio Burin May 26, 2016

Not reliable This app says my Moto X Pure is totally vulnerable, but it runs android 6 that is suposed to be patched.

Adam West August 9, 2016

The app is good as the company If you turn of ability to receive data you will get not vulnerable do to not beign able to recieve text messages.

Randy P June 15, 2016

This new update is purely crap How can I go from 0 vulnerabilities to 1 Critical 13 High and 9 Moderate???

Oscar Jurado October 4, 2016

Android 6.0.1, Note 4. App "finds" over 50 vulnerabilities, all CVE-2016 (stagefright vulnerabilities are CVE-2015 only). Emailed them twice over the last 3 weeks asking for further info; haven't had a response yet.

Sagi K. September 10, 2016

Fake results I'm running OxygenOS 3.2.4 on my Oneplus 3 and it claims that I'm vulnerable.

Rohan Wallace May 25, 2016

Good After receiving a security update. This showed that my last vulnerability was closed.

Richard Giddens September 10, 2016

Doesn't detect properly with some custom roms As per subject. False positives and inconsistent results.

Paul May 28, 2016

Stagefright Just run this on my Nexus 6p which has the latest updates Result Not Vulnerable

C.H. LEE August 20, 2016

Inconsistent results.... Please fix. Thanks.

Bob Haya July 31, 2016

Several other apps disagree with this one

Christa L October 19, 2016

Mediaserver has PAGES of vulnerabilites! Yikes!

Max Khor July 9, 2016

Note 5(6.0.1 official Malaysia) is Immune

Michael Bruno October 17, 2016

It works Thanks

kato7 youknow November 7, 2016

great app work a good. thank you. :)

Mark MacCurrie May 24, 2016

Not vulnerable.... CM13 LG G3

Thomas Johnson August 8, 2016

Works great

Paul Adolph May 19, 2016

Flaky on older Android builds On my Nexus 6P before the May Android update, this app would report vulnerable on some runs of the app and not vulnerable on other runs. After my 6P took the May Android update, the app consistently shows not vulnerable as expected. Occasional green results on old vulnerable Android is worrisome.