Handcent Next SMS just flagged by Play Protect -- what's going on?



  • I've been using Handcent Next SMS app for many years. A few moments ago, the Playstore's Play Protect just disabled the app on my phone saying the following:

    This app is fake. It tries to take over your device or steal your data.

    The https://play.google.com/store/apps/details?id=com.handcent.app.nextsms&hl=en_US&gl=US for the app comes up blank now:

    enter image description here

    To my knowledge, 10,000s of people have been using this app for many years.

    Did something just change?

    Anybody have more information about this sudden change/situation??



  • The Handcent Next SMS app was flagged by Play Protect and taken down from the Play Store on March 26 due to embedding a malicious 3rd-party library and returned on March 30 with an updated, clean version.


    Timeline

    On March 26, according https://android.stackexchange.com/users/371073/user223149 while https://android.stackexchange.com/q/246037/44325 ,

    Got this answer from support:

    Our app Handcent Next SMS has been misidentified as malware by Google, we are in talks with Google to get our app back to play store. [...]

    Around 1 hour later, this was later confirmed on the official https://www.handcent.com/ , https://twitter.com/Handcent/status/1507549097288380416 , and https://www.facebook.com/handcent/posts/2198804186934782 ,

    Our app Handcent Next SMS has been misidentified as malware by Google, we are in talks with Google to get our app back to play store. [...]

    https://www.reddit.com/r/androidapps/comments/to1ss4/comment/i26xjel/?utm_source=reddit&utm_medium=web2x&context=3 sent an email to Handcent support and got a reply,

    I got a reply this morning with an explanation and an attachment with v9.9.9.

    *Security patch to fix a potential threat
    *Other fixes to make sure it's in a good safe state

    I installed it, and so far, so good.

    [...]

    Meanwhile, on March 28, Handcent posted an update to the same channels.

    https://www.handcent.com/

    We have resolved the issue, together with Google. The app will return to the play store soon. [...]

    https://twitter.com/Handcent/status/1508282177926021126

    We have resolved the issue, together with Google. It usually takes one day or two. [...]. It’s safer and good to go now.

    https://www.facebook.com/handcent/posts/2200406613441206

    We have resolved the issue, together with Google. The app will return to the play store soon. It usually takes one day or two. [...]. It’s safer and good to go now.

    On March 30, the app was back on the Play Store with v9.9.9.1.

    https://www.handcent.com/ also mentions,

    We are pleased to announce that Handcent Next SMS is back to the Google Play . [...]

    Handcent also followed up on their social media on March 31.

    https://twitter.com/Handcent/status/1509374817752952832

    Next SMS is now back on the play store, you could go to the play store and install it. [...]

    https://www.facebook.com/handcent/posts/2202641403217727

    Next SMS is now back on the play store, you could go to the play store and install it. [...]

    Those who sent an email might also receive a follow-up reply mentioning the app version on the Play Store,

    Next SMS is now back on the play store, you could go to the play store and install it 9.9.9.1. [...]


    Cause

    I decided to send an email to Handcent Support and received the v9.9.9 APK file, then also downloaded the APK for v9.9.9.1 after it was published on the Play Store. After decompiling and comparing the content with v9.9.8.6 and v9.9.8.5, one noticeable thing is the removal of coelib.c.couluslibrary since v9.9.9 (including v9.9.9.1 from the Play Store).

    AppCensus published a blog article written by Joel Reardon on April 6, titled https://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/ . It explained what and how this library worked in detail. Quoting a relevant part about this specific incident,

    Disclosure

    The following table are the apps that we confirmed communicating with mobile.measurelib.com. We reported this issue to Google on October 20th, 2021 along with this list of apps. They investigated it and removed these and other apps containing the SDK from the Play Store. [...]

    App Name Privacy Policy Installations phone email IMEI GPS router SSID router MAC
    [...] [...] [...] [...] [...] [...] [...] [...] [...]
    https://play.google.com/store/apps/details?id=com.handcent.app.nextsms https://web.archive.org/web/20220118151158/https://www.handcent.com/static/%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20ApplicationPrivacyStatement.html 1 million+ no yes yes no yes yes
    [...] [...] [...] [...] [...] [...] [...] [...] [...]

    (Emphasis added)

    An article from Android Police published on April 7, titled https://www.androidpolice.com/google-play-store-boots-data-harvesting-software-intelligence/ also stated,

    Still, there is some hope for those who have lost income streams from Google's ban. The company may allow some apps to return — as long as they delete the Measurement Systems code. The first few are in fact already back.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2