- The Go SMS Pro app exposes private photos, videos, and other files of millions of users.
- Security researchers found the flaw back in August.
- The app maker has not yet responded to the findings or taken any steps to fix it.
When it comes to third-party messaging apps for Android, Go SMS Pro is one of the most popular ones out there. It has over 100 million installs as per its Google Play Store listing and markets itself as the number one platform to replace Android’s stock messaging app. Unfortunately for its users, security researchers have discovered a major security flaw in the app.
TechCrunch has published a report based on research conducted by Trustwave, revealing that millions of Go SMS Pro users are vulnerable to file theft.
The app allows users to share photos, videos, and other files in the form of a web address so that those who don’t even have the app can access the files easily with the help of the link. Security researchers at Trustwave discovered that these links are sequential. This means that anyone who knows one web address can predict others and access files stored in them without proper consent.
Moreover, “An attacker can create scripts that could throw a wide net across all the media files stored in the cloud instance,” Karl Sigler, Senior Security Research Manager at Trustwave told TechCrunch.
The weakness was discovered on version 7.91 of the Go SMS Pro app. It is currently on version 7.93, with the latest update having rolled out on November 18. However, Trustwave believes that the vulnerability likely affects previous and potentially future versions as well. TechCrunch also independently verified Trustwave’s findings.
The security firm shared its finding with the app maker in August and gave it 90 days to fix the issue, as is standard practice in the industry. But after the deadline expired without a response, the researchers made their findings public.
So if you’re using Go SMS Pro right now, chances are you’re still affected. You might want to consider making a switch to another messaging app till the flaw is fixed. We’ll update this article if the app maker ever responds to or takes action on the issue.
Read next: The best messenger apps for Android