Go SMS Pro, a popular messaging app for Android devices, has been removed from Google Play. The new development comes just hours after a serious vulnerability was reported in the app that could allow anyone to access photos, videos and other files sent privately by its users. The developers of Go SMS Pro were notified of the flaw in August. However, no details have been made as to whether it has been fixed yet. The app had more than 100 million downloads from Google Play before it was deleted.
Security researchers at Singaporean cybersecurity firm Trustwave have discovered the flaw in Go SMS Pro that publicly exposes media files transferred between its users. The app allows users to send media files like photos and videos to other people just like any other messaging app. If the recipient has not installed Go SMS Pro on their devices, the media file is shared with them as a URL via standard SMS. This link allows the recipient to view the media file using a web browser.
Researchers, as TechCrunch reported, found that links sent through Go SMS Pro were sequential and could be predicted by someone who knows how it generates links. This means that a bad actor might be able to access files shared by any Go SMS Pro user just by modifying parts of the URL generated by the app.
Trustwave researchers found the problem especially on Go SMS Pro version 7.91, although they mentioned in a blog post that it was still in place. TechCrunch’s Zack Whittaker mentioned in his report that after reviewing a few dozen links, he spotted a person’s phone number, a screenshot of a wire transfer, and an order confirmation that included the a person’s home address, among other details.
The creator of Go SMS Pro, GOMO Apps, was contacted by researchers at Trustwave shortly after discovering the flaw in August. However, the Guangzhou-based company did not respond and did not confirm whether the issue had been resolved.
TechCrunch reported that it tried to contact the creator of Go SMS Pro by sending an email to two addresses logged into the app. However, an email sent to an address was resent with a message that the inbox was full, while another email was received but was not answered and a follow-up was not successful. not even been opened.
Gadgets 360 also emailed GOMO Apps to comment on the issue, but received no response when filing this story.
The Go SMS Pro app is no longer available for download on Google Play. However, it may still be present on millions of devices it was installed on before it was removed. The app also appears to be still live in some areas, as a link to the US location showed its listing on Google Play, although it is not accessible in India.
Having said that, if you are one of the Go SMS Pro users, you should consider switching to a different app.
In 2020, will WhatsApp get the killer feature that all Indians have been waiting for? We discussed it on Orbital, our weekly tech podcast, to which you can subscribe through Apple Podcasts or RSS, download the episode, or just hit the play button below.