Go SMS Pro, a popular messaging application for Android devices, has been removed from Google Play. This new development comes hours after a serious vulnerability was reported in the app that could allow anyone to access photos, videos and other files sent privately by its users. The developers of Go SMS Pro learned of the vulnerability as early as August. However, it is not clear whether it has been patched. Before it was deleted, the app had been downloaded more than 100 million times from Google Play.
Security researchers from Trustwave, a Singapore-based cybersecurity company, discovered a vulnerability in Go SMS Pro that publicly exposed media files transferred between users. The application allows users to send media files such as photos and videos to others, just like any other messaging application. If Go SMS Pro is not installed on the recipient’s device, the media file will be shared with them via regular SMS as a URL. This link allows the recipient to view the media file using a web browser.
According to a report from TechCrunch, the researchers found that the links sent via Go SMS Pro are continuous and can be predicted by people who know how to generate the link. This means that malicious actors only need to change certain parts of the URL generated by the application to access files shared by any Go SMS Pro user.
Trustwave researchers discovered this problem in Go SMS Pro version 7.91, although they mentioned in a blog post that it still exists. TechCrunch’s Zack Whittaker mentioned in his report that after checking dozens of links, he found a person’s phone number, a screenshot of a bank transfer, and an order confirmation including the individual’s home address.
Soon after the security breach was discovered in August, Trustwave researchers contacted GOMO Apps, the creator of Go SMS Pro. However, the Guangzhou-based company did not respond and confirmed whether the problem has been resolved.
TechCrunch reported that it tried to email the two addresses associated with the application to contact the manufacturer of Go SMS Pro. However, an email sent to one address was bounced back and showed a message that the inbox was full, and another email was received, but no reply was received, and the follow-up email was not even opened.
Gadget 360 also sent an email to GOMO Apps to solicit comments on this issue, but did not receive any response when submitting this story.
The Go SMS Pro app is no longer available for download from Google Play. However, it may still be installed on millions of devices before removing it. The app seems to be still in use in some regions, as the link to the US location is showing its listing on Google Play, although it is not accessible in India.
That is, if you are one of the users of Go SMS Pro, you should consider switching to other apps.
In 2020, will WhatsApp gain the killer feature that every Indian is waiting for? We discussed this on the weekly technical podcast Orbital, you can subscribe via Apple Podcast or RSS, download the episode or click the play button below.