Messages icon indicating copy to clipboard operation
Messages copied to clipboard

Published 20 hours ago verified publisher icon FossifyOrg

Option to disable auto-rendering of MMS images (tap to render).

Open dave-burke opened this issue 2 months ago • 0 comments

Checklist

  • [x] I made sure that there are no existing issues - open or closed - to which I could contribute my information.
  • [x] I made sure that there are no existing discussions - open or closed - to which I could contribute my information.
  • [x] I have read the FAQs inside the app (Menu -> About -> FAQs) and my problem isn't listed.
  • [x] I have taken the time to fill in all the required details. I understand that the request will be dismissed otherwise.
  • [x] This issue contains only one feature request.
  • [x] I have read and understood the contribution guidelines.

Feature description

I would like to disable automatic rendering of images in MMS. This is different from disabling auto-downloading of the MMS message itself. I would like text-based group messages and the text portion of 1:1 MMS messages containing an image to be rendered, but the image itself would be a placeholder until I tap it.

Why do you want this feature?

Image rendering is a unique attack surface for security threats. A bug in the rendering library could result in a zero-click vulnerability. This would be a straightforward way to allow the user not to load an image if the message is unexpected or otherwise suspicious.

Additional information

I would not expect this to be the default behavior, but an opt-in setting for security-conscious users.

An alternative solution would be to only auto-render images from known or favorite contacts, but I'd prefer the render-on-click option since it gives me more control.

I think it's probably possible for a malicious payload to be contained in the non-image portion of an MMS, but disabling auto-downloading of MMS entirely makes group conversations extremely awkward. You have to go to the 1:1 chat with the sender, download the message, then the message moves to the group thread. This feature would be a nice compromise to reduce the image rendering attack surface while accepting some risk from the rest of the MMS payload in exchange for usability.

dave-burke avatar Sep 13 '25 15:09 dave-burke