- Go SMS Pro, an Android app with over 100 million downloads, has a serious security flaw.
- t is leaking messages on the web on publicly accessible URLs.
- Go SMS Pro developers have yet to fix the issue, while the app has been removed from Play Store.
There are a lot of people who don't like the default messaging and SMS app in an Android phone. They want something more, an app more customisable, more powerful. The Go SMS Pro is considered one such app and has been downloaded over 100 million times from Google Play Store by Android users. If you too are using the Go SMS Pro or have it on your phone, it's time to delete it. Like now.
The Go SMS Pro, a popular Android messaging app has been removed from the Google Play Store. This happens hours after a report that highlighted some serious security flaw in the app, which is leaking messages left, right and centre, including private photos, financial transaction details, private messages, basically anything part of SMS, on the web. Data of millions of Go SMS Pro users is available on the web.
The report of the Go SMS Pro security breach comes courtesy Techcrunch, which relied on the work of security researchers at Singapore-based cyber-security firm Trustwave. The researchers have found that Go SMS Pro allows anyone to access photos, videos, and other files sent privately by its users.
The researchers found that the links sent through Go SMS Pro were sequential and could be predicted by someone who knows how it generates links. This means that a bad actor could be able to access the files shared by any Go SMS Pro user by simply changing some parts of the URL generated by the app.
Go SMS Pro developers were informed about the flaw back in August. However, no clarity has been made on whether it has been patched yet. The developers reportedly have not responded.
After the report came out, Google decided to take action on its own, and removed the app from the Play Store. The app had over 100 million downloads from Google Play before its removal. Go SMS Pro creator GOMO Apps was reached out by Trustwave researchers shortly after they discovered the flaw in August. However, the China-based company didn't respond and confirm whether the issue was fixed. The researchers did note that while it wasn't possible to target any individual user go Go SMS Pro, someone could cast a huge fishnet and dredge up a lot of private data.
Go SMS Pro allowed users to share files, photos, and videos. If the other person did not have the Go SMS Pro app installed a link was shared with them using regular SMS that allowed them to view the file in their browser.
While this report particularly concerns Go SMS Pro, it should serve as a warning sign for anyone using a third-party SMS app on a phone. While some of these apps could be from reputable companies, many of these apps are from shady sources. A user must understand that when an app is given access to something like SMS, through which the world communicates with a user, a lot of this data can be potentially used for identity theft and fraud if it is leaked.