I turned on my old HTC espresso after a decade and I remembered that I loved this app.

It creates an unique profile image for contacts without a profile picture

So now when you open the contact list instead of having a list of capital letters in a circle you have a list of capital letters in a more colorful circle

Unfortunately it’s now outdated and discontinued, but it still works on Android 14.

Seems like some asshole took the source code and republished the app as is, without credit, in the Amazon app store to get some financial incentive (around 2014 blackberry paid devs to republish their apps and many assholes decided that it was a good idea to “steal” open source apps)

After this, dev took development private but then got tired of the update treadmill that Google forces on the play store, so the apps were automatically delisted.

Luckily, fdroid doesn’t have such artificial limitations on outdated apps that still work as intended.

  • taladar@sh.itjust.works
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    9 months ago

    It likely parses the profile pictures with some image parsing libraries, those have frequent security issues.

    • Moonrise2473OP
      link
      fedilink
      arrow-up
      4
      arrow-down
      2
      ·
      9 months ago

      Apart that in this specific case it only touches empty contacts or overwrites existing, but who would have placed in your own contact list a specially crafted image with the exploit targeting this niche app that nobody uses?

      I insist that something that’s not a web browser and it’s not connected to internet doesn’t need weekly/monthly updates. The program it’s done and it’s ok to stop development.

      • taladar@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        arrow-down
        4
        ·
        9 months ago

        the exploit targeting this niche app that nobody uses?

        Which likely uses one of the extremely common libraries for image parsing which are much more likely to be targeted. And profile pictures enter your contacts from all kinds of online sources.

        • Moonrise2473OP
          link
          fedilink
          arrow-up
          6
          arrow-down
          4
          ·
          9 months ago

          btw you know what’s the beauty of open source? That you can take the source and update the vulnerable library to a nightly updated 2 hours ago, if it’s that important for you.

          I guess you’re watching every month that all your apps are updated to the latest version. “OMG this app hasn’t been updated in the last 6 weeks, IMMEDIATE UNINSTALL!!!”

          For me, the chance that one of my contact pics contain an exploit (i would mean that i manually did it, i don’t use online services) my is lower than getting hit by an asteroid, so i accept the risk.

          • thegreekgeek@midwest.social
            link
            fedilink
            English
            arrow-up
            2
            ·
            9 months ago

            Goodness, someone got out of bed on the wrong side this morning. I remember when this app came out! I’m pretty sure some of my contacts still have the pictures.