Stagefright is very likely the worst vulnerability to hit the Android ecosystem. All someone needs is your phone number in order to send a malicious MMS message that compromises your device. Even worse, the attacker can erase the message so you never know you’ve been hit.
The first thing you should do to protect yourself is turn off MMS auto-retrieval. The example below is from Google’s Messenger app, which is one of the best apps for text messaging.
Go to Advanced > Auto-retrieve and flip it off. The only downside is you’ll get prompted to accept or reject MMS messages, which are those that include images, video, or group texts. It’s a worthy inconvenience to prevent your device from becoming a spy phone that monitors your every move.
Not every texting app will have the ability to enable or disable auto-retrieval of MMS messages, but many do, and you'll find the toggle in the app's settings in a fashion similar to that above. If your texting app of choice doesn't offer this feature, it might be time to switch to one that does.
Additionally, it’s worth connecting with your phone maker or carrier via Twitter. All the major carriers have a customer support Twitter account that you can use to pester about when a patch is coming for Stagefright. Reach out directly to T-Mobile, AT&T, Verizon, or Sprint. The squeaky wheel gets the grease!
Why this matters: This flaw strikes at the heart of Android’s fragmentation. Google has already fixed the bug, but it’s up to phone manufacturers to apply it to their devices. Then the carriers must grant the update over their networks (except for unlocked devices, like some from Motorola). So far only Cyanogen devices and Circle’s Blackphone have applied the patch. Google says a fix will go out to Nexus devices soon.