I turned on my old HTC espresso after a decade and I remembered that I loved this app.

It creates an unique profile image for contacts without a profile picture

So now when you open the contact list instead of having a list of capital letters in a circle you have a list of capital letters in a more colorful circle

Unfortunately it’s now outdated and discontinued, but it still works on Android 14.

Seems like some asshole took the source code and republished the app as is, without credit, in the Amazon app store to get some financial incentive (around 2014 blackberry paid devs to republish their apps and many assholes decided that it was a good idea to “steal” open source apps)

After this, dev took development private but then got tired of the update treadmill that Google forces on the play store, so the apps were automatically delisted.

Luckily, fdroid doesn’t have such artificial limitations on outdated apps that still work as intended.

  • Moonrise2473@feddit.itOP
    link
    fedilink
    arrow-up
    10
    arrow-down
    2
    ·
    edit-2
    7 months ago

    Even for a 100% offline app?

    The chance of something like this being exploited is much lower than a zero day on the browser you’re using right now

    Not to mention that you can install it and then immediately uninstall it after it generated the profile pics

    • taladar@sh.itjust.works
      link
      fedilink
      arrow-up
      12
      arrow-down
      1
      ·
      7 months ago

      It likely parses the profile pictures with some image parsing libraries, those have frequent security issues.

      • Moonrise2473@feddit.itOP
        link
        fedilink
        arrow-up
        4
        arrow-down
        2
        ·
        7 months ago

        Apart that in this specific case it only touches empty contacts or overwrites existing, but who would have placed in your own contact list a specially crafted image with the exploit targeting this niche app that nobody uses?

        I insist that something that’s not a web browser and it’s not connected to internet doesn’t need weekly/monthly updates. The program it’s done and it’s ok to stop development.

        • taladar@sh.itjust.works
          link
          fedilink
          arrow-up
          2
          arrow-down
          4
          ·
          7 months ago

          the exploit targeting this niche app that nobody uses?

          Which likely uses one of the extremely common libraries for image parsing which are much more likely to be targeted. And profile pictures enter your contacts from all kinds of online sources.

          • Moonrise2473@feddit.itOP
            link
            fedilink
            arrow-up
            6
            arrow-down
            4
            ·
            7 months ago

            btw you know what’s the beauty of open source? That you can take the source and update the vulnerable library to a nightly updated 2 hours ago, if it’s that important for you.

            I guess you’re watching every month that all your apps are updated to the latest version. “OMG this app hasn’t been updated in the last 6 weeks, IMMEDIATE UNINSTALL!!!”

            For me, the chance that one of my contact pics contain an exploit (i would mean that i manually did it, i don’t use online services) my is lower than getting hit by an asteroid, so i accept the risk.

            • thegreekgeek@midwest.social
              link
              fedilink
              English
              arrow-up
              2
              ·
              7 months ago

              Goodness, someone got out of bed on the wrong side this morning. I remember when this app came out! I’m pretty sure some of my contacts still have the pictures.