The Stagefright security flaw, said to have put a billion Android devices at risk when it was discovered in 2015, probably hasn’t infected a single smartphone. Adrian Ludwig, director of Android security, says there had been no “confirmed” cases of infections caused by the bug, according to a report from The Register.

Stagefright made it possible for attackers to infect a device with malicious code through MMS and MP3 previews. The hackers could then grant themselves permissions on the device to take control of it.

Google, naturally, has a reason to play down the presence of security flaws on the Android system, just as antivirus software developers have a reason to inflate it. That said, Stagefright and similar security exploits generally rely on specific circumstances to be effective — and most Android security threats are simpler in nature.

“We see spamming ads for fake antivirus stuff but it’s really basic social engineering. Even if malware is installed it seldom involved privilege escalation, it primarily just downloads other apps,” said Ludwig.

Ludwig said that Android’s Verify Apps system was the basis for the no confirmed infections claim but I should point out that this excludes devices which don’t make use of Google Play Services, like the Android phones sold in China or Amazon’s Android products.

Are you surprised to learn that Stagefright hasn’t caused any damage? Let us know in the comments.

Source: ANDRIOD AUTHORITY