TextSecure user, and I can verify this as accurate.
When I first saw the stagefright bug, I looked for a way to disable MMS in the app. There is no way to disable MMS in the app, so I had a friend MMS me a message, and I got the warning as the post describes.
Feel free to test it out for yourself, but it was nice to see that TextSecure, by its nature, is secure from this bug through design.
Err wow I didn't think me raising an issue on Github would put me on the frontpage of HN. But I am glad to see that they handle this well by default - another reason why I will be keeping it!
As a digital and security training for human rights defenders and journalists all over the world - this is one of the reasons why I try as hard as possible to push the awesome work of the WhisperSystems team and Moxie.
This is a great example of where usability and security meet. Auto downloading MMS messages is certainly much nicer from a UX perspective. However it can lead to bugs as we are witnessing.
Even if your friends don't yet use TextSecure, you can still send / receive messages with them; when they do (if they do) get TextSecure, then messages can be encrypted -- until then, they will be as insecure [and with privacy issues] as normal default messaging.
So, what do you lose if you use TextSecure ... even if your friends don't or won't use it? What is the problem?
The kind of folks running TextSecure have already made an effort to install a replacement messaging application, hopefully this helps them also pay attention to the warning.
If nothing else it'll slightly slow down a worm utilising this exploit...
First of all, TextSecure does display pictures in MMS. It just doesn't call out to stagefright to do so. I've never recieved a video message, so don't know how that works.
Second of all, the difference between a 0-click infection and a 1-click infection is huge in terms of time it takes for a worm to spread.
From what I've seen, the bug doesn't affect iOS devices, so while I have no idea whether the behavior between TextSecure and Telegram is the same, iOS isn't vulnerable either way.
When I first saw the stagefright bug, I looked for a way to disable MMS in the app. There is no way to disable MMS in the app, so I had a friend MMS me a message, and I got the warning as the post describes.
Feel free to test it out for yourself, but it was nice to see that TextSecure, by its nature, is secure from this bug through design.