As a brute-force approach, perhaps you could send the video through otherwise identical patched and unpatched emulators and compare post-playback memory and filesystem states?

It's also probably possible to extend the patches to detect malicious input.

Someone could probably also create a video with a payload to hot patch libstagefright.

> Someone could probably also create a video with a payload to hot patch libstagefright.

This is brilliant. Assuming that it doesn't cause further problems.

Ok, I guess I better turn MMS auto-retrieve back on then ;)

This is cool idea. One problem may be that different versions of Android have different versions of libstagefright and just hot-patching that or dropping a replacement may brick older phones.

Here's a more modest idea: Google should immediately issue update for Hangouts and Messenger app that at least disables automatic MMS retrieval. Many users have automatic updates for those apps turned on or maybe at least they'll see a notification about app needing approval to update.

The exploit author told a Forbes reporter that Fennec (Android version of Firefox) has already been patched. If that's correct, that seems to imply two things: (1) MMS is just one of many vectors and (2) apparently somehow the exploit can be mitigated at the app level.

Firefox packages its own copy of the libraries it uses, including the stagefright library. They patched their copy in the new release.