There are many people who don’t like the default messaging and SMS app in an Android phone. They want something more, a more customizable, more powerful app. Go SMS Pro is considered to be one such app and has been downloaded over 100 million times from the Google Play Store by Android users. If you are also using Go SMS Pro or have it on your phone, it’s time to delete it. Like now.
Go SMS Pro, a popular Android messaging app, has been removed from the Google Play Store. This happens hours after a report that highlighted some serious security flaws in the app, which is leaking messages left, right and center, including private photos, financial transaction details, private messages, pretty much anything that’s part of SMS , on the Web. The data of millions of Go SMS Pro users is available on the web.
The Go SMS Pro security breach report comes courtesy of Techcrunch, which was based on the work of security researchers at Singapore-based cybersecurity firm Trustwave. Researchers found that Go SMS Pro allows anyone to access photos, videos and other files sent privately by its users.
The researchers found that links sent via Go SMS Pro were sequential and could have been predicted by someone who knows how to generate links. This means that a bad actor might be able to access files shared by any Go SMS Pro user simply by modifying some parts of the URL generated by the app.
Go SMS Pro developers were notified of the flaw in August. However, it was not made clear that it was still patched up. The developers reportedly did not respond.
After the report came out, Google decided to go it alone and removed the app from the Play Store. The app had over 100 million downloads from Google Play prior to its removal. The creator of Go SMS Pro GOMO Apps was contacted by Trustwave researchers shortly after discovering the flaw in August. However, the China-based company did not respond and confirmed if the problem was resolved. Researchers noted that while it wasn’t possible to target any single user on Go SMS Pro, someone could launch a huge network and dredge up a lot of private data.
Go SMS Pro allowed users to share files, photos and videos. If the other person didn’t have the Go SMS Pro app installed, a link was shared with them using a regular SMS that allowed them to view the file in their browser.
While this report is specifically about Go SMS Pro, it should act as a warning sign for anyone using a third-party SMS app on a phone. While some of these apps may come from reputable companies, many of these apps come from shady sources. A user must understand that when an app has access to something like an SMS, through which the world communicates with a user, much of this data can potentially be used for identity theft and fraud if leaked.
Go SMS Pro which is used by millions of people is leaking messages, including private messages on the web, and the developers have remained silent.
- Go SMS Pro, an Android app with over 100 million downloads, has a serious security flaw.
- is leaking messages on the web on publicly accessible URLs.
- Go SMS Pro developers have yet to fix the issue, while the app has been removed from the Play Store.