Researchers who identified a bug (really, a series of bugs) that puts some 950 million Android phones at risk of hacking called it "the mother of all Android vulnerabilities."
No one has exploited the vulnerability and actually hacked someone's phone -- at least, not yet. The security firm that found the bug, Zimperium, shared the information with Google back in April, along with a suggested patch. That suggests chances that you're going to hacked are pretty slim. But if you are an Android user, the chances that your phone is vulnerable are about 95 percent.
The flaw has to do with a media playback tool built into Android called Stagefright. It helps you get pictures and videos that people send you. Hackers could take advantage of it by getting your number and sending you a multimedia message containing malware. Once received, it would give them complete control over the handset and allow them to steal anything on it, such as credit card numbers or personal information.
But if it never gets received, the hackers are powerless. That's where you come in.
The key to protecting your phone is to turn off automatic retrieval of messages. Here's how:
Open your default messaging app -- the one that brings you texts, as well as picture and video messages. If you're not sure which one that is, go into your phone's settings, select the "more" item under the Wireless & Networks section and look for "Default messaging app."
Open that app, go to its settings and find the option for auto-retrieving multimedia messages. (You may have to dig into "advanced settings," as I did in the Message+ app on my HTC One M9.)
Now: Uncheck that box.
From here on out, you have control over whether or not to download pictures and videos that come with multimedia messages sent to you. Don't open any from numbers you don't know and you should be safe.
It's an extra step that could get annoying if you get a lot of texts, but it should do the trick for now.