• Home
  • Apps
  • Apps News
  • Go SMS Pro Messaging App Pulled from Google Play Following Privacy Issues

Go SMS Pro Messaging App Pulled from Google Play Following Privacy Issues

Security researchers at Trustwave discovered the flaw in Go SMS Pro that publicly exposes media files transferred between its users.

Share on Facebook Tweet Snapchat Share Reddit Comment
Go SMS Pro Messaging App Pulled from Google Play Following Privacy Issues

Go SMS Pro had over 100 million downloads from Google Play before its removal

Highlights
  • Go SMS Pro generates URLs for media files being shared by its users
  • The URLs are, however, sequential and of predictable nature
  • Go SMS Pro developer didn’t provide any clarity on the fix

Go SMS Pro, a popular messaging app for Android devices, has been pulled from Google Play. The new development comes just hours after a serious vulnerability was reported in the app that could allow anyone to access photos, videos, and other files sent privately by its users. Go SMS Pro developers were informed about the flaw back in August. However, no clarity has been made on whether it has been patched yet. The app had over 100 million downloads from Google Play before its removal.

Security researchers at Singaporean cyber-security firm Trustwave discovered the flaw in Go SMS Pro that publicly exposes media files transferred between its users. The app allows users to send media files such as photos and videos to others, just like any other messaging app. If the recipient doesn't have Go SMS Pro installed on their devices, the media file is shared with them as a URL via regular SMS. This link lets the recipient view the media file using a Web browser.

The researchers, as reported by TechCrunch, found that the links sent through Go SMS Pro were sequential and could be predicted by someone who knows how it generates links. This means that a bad actor could be able to access the files shared by any Go SMS Pro user by simply changing some parts of the URL generated by the app.

Trustwave researchers found the issue particularly on the Go SMS Pro version 7.91, though they mentioned in a blog post that it was still in place. TechCrunch's Zack Whittaker mentioned in his report that after looking at a few dozen links, he spotted a person's phone number, a screenshot of a bank transfer, and an order confirmation that included an individual's home address, among other details.

Go SMS Pro creator GOMO Apps was reached out by Trustwave researchers shortly after they discovered the flaw in August. However, the Guangzhou-based company didn't respond and confirm whether the issue was fixed.

TechCrunch reported that it tried reaching out to the Go SMS Pro maker by emailing on two addresses connected to the app. However, an email sent to one address bounced back with a message that the inbox was full, while another email was received but wasn't responded and a follow-up was not even opened.

Gadgets 360 also sent an email to GOMO Apps for comment on the issue but didn't receive any response at the time of filing this story.

The Go SMS Pro app is no longer available for download from Google Play. It may, however, still be there on millions of devices where it was installed before its removal. The app also appears to still be live in some regions as a link for the US location was showing its listing on Google Play, though it's not accessible in India.

That said, if you're among the users of Go SMS Pro, you should consider switching to a different app.


In 2020, will WhatsApp get the killer feature that every Indian is waiting for? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Jagmeet Singh Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
Samsung Integrates Google Assistant to Its 2020 Smart TV Lineup
Cruella, Pinocchio, Peter Pan and Wendy Could Go Direct to Disney+ Hotstar: Report
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com