QKSMS discontinued

QKSMS was unfortunately discontinued!
Is the iodé team already working on an alternative?

1 Like

Development appears to have stopped, but the app continues to work and I’m not aware of any critical issues with it. I will continue to use it.

Yes unfortunaly QKSMS discontinued…
The application works fine but Simple SMS Messenger (F-Droid) is excellent
and the application is updated regularly :slightly_smiling_face:

2 Likes

At the moment, maybe not. But that is not future-proof. With any new Android version, it will no longer work. And security updates are also important for any app.

The app sounds very good and very privacy friendly. It also has its own backup option. SMS Messenger could indeed make iodé the new standard.

2 Likes

That’s bad news. We are not in a hurry, but will look for an alternative. Maybe, simply the stock Lineage SMS app…

2 Likes

You make some interesting but - from what I know and understand - mostly wrong assertions. Do you have any evidence to support those assertions?

Specifically

What makes you think that? The only way that I know of for a new Android version to break an app is if the new version removes, or makes breaking changes to the APIs used by the app. In my experience, Google are very good at not doing that in Android, and “old” apps will normally continue to work in new Android versions, long after development or maintenance of the app has stopped.

Are you able to name any non-privileged apps that have stopped working because of changes made in a new version of Android?

Security updates are very important for the system kernel, the OS, and for low-level libraries which have direct or unrestricted access to low level system resources, APIs, or data. For non-privileged apps like QKSMS, any access they have to those resources, APIs and data is via Android’s higher level APIs, regulated by Android’s permission system.

Security vulnerabilities (again, from what I know and understand) usually occur in those lower level system components, and any fix is usually made in those components, not in the Apps which use them (via Android’s high-level APIs etc…). Any apps affected by the vulnerability are usually fixed by a new or updated version of the OS which includes the fixed component(s).

I have not made a major study of the subject, but I don’t know of any security vulnerabilities which occurred in the code of a non-privileged app, or needed to be fixed in the code of the app, or even by re-building the app. Are you able to give any specific examples of such a vulnerability and the app(s) affected by it?

If you are able to provide some evidence-based responses to what I have written, I will be very happy to look at them and, if necessary, to modify or retract anything I have written here which appears to be wrong or inaccurate. If you are not able to provide any supporting evidence, then perhaps you would consider editing or retracting your original assertions, to avoid spreading unnecessary FUD? Thank you.

1 Like

But, so long as QKSMS continues to work as well as it does, why change?

If there is no security update attack are possible !
For more informations https://pure.port.ac.uk/ws/portalfiles/portal/230731/1569604713.pdf

From my brief reading of that paper (dated 2012, i.e. 10 years ago), it seems to be concerned with theoretical vulnerabilities - modification, replay and man-in-the-middle attacks - with SMS messages as they traverse the mobile network.

If (and it is a very big if) the vulnerabilities outlined in the paper, were ever to be exploited ‘in the wild’, and such attacks were ever to occur, there is nothing that QKSMS (or any other app whose purpose is to display messages that have already been received, or to create messages, and pass them to the underlying OS for transmission) could do to mitigate them. The problem - and the suggested solutions to it - seems to lie in the transport and/or network layers, and would need to be implemented in that part of the OS which is responsible for encoding., encrypting and transmitting or receiving the messages (i.e. at levels much lower than the level at which QKSMS, Simple SMS, or any other SMS messaging client app operates).

Neither QKSMS, Simple SMS, the default Android messaging app, nor any other SMS clent app could do anything to mitigate the risk. A “security update” to QKSMS would achieve nothing.

Thanks anyway for the link. I would still be interested to read about any real vulnerability (or even a theoretical one) that would need to be fixed in an SMS client app rather that at lower layers.

1 Like

Thanks for this very nteresting answer.

have a good day