Go SMS Pro, the popular Android instant messaging app, has been removed from the Google Play Store. For the moment, Google has not provided any official statement on the unavailability of the application; However, the development comes days after Singaporean cybersecurity company Trustwave claimed that Go SMS Pro posed serious security threats that risked exposing private photos, videos and other files exchanged by its users. Security researchers further said that China-based messaging company Go SMS Pro was made aware of the security breach in August. The Android app had over 100 million downloads from Google Play before it was deleted.
According to a TechCrunch report, Trustwave, after discovering the security breach, gave Go SMS Pro 90 days to resolve the issue, a common practice among companies when it comes to disclosing vulnerabilities in order to allow sufficient time for solve the problem. But after the deadline passed with no response, the security researchers went public to keep everyone safe. In a blog post, Trustwave says the weakness appeared on Go SMS Pro Android v7.91, although it is not clear if other versions of the app had the same flaw. The security company explains that Go SMS Pro, like all other messaging apps, allowed users to exchange media files and private messages. In addition, users without the app could also receive media files through a special link, received by SMS.
However, the security company had found that accessing the links was possible without any authentication or authorization, meaning that any malicious actor with the link could view the content such as photos or home videos. Plus, the URL link was sequential (hexadecimal) and predictable, in other words, it was easy to intercept and hack. “When sharing media files, a link will be generated regardless of the recipient who installed the application. As a result, a malicious user could potentially access all media files sent via this service as well as all those that will be sent. in the future. This obviously has an impact on the confidentiality of multimedia content sent through this application, ”added the security company.
The Tech Crunch report also added that the post was able to verify the conclusion by Trustwave. The company through the decoded link had access to a user’s phone number, bank transaction screenshot, arrest record, etc. As mentioned, the Go SMS Pro app has been removed from the Google Play Store and the company has also not shared any details about the flaw reported in August. Users who are still using the app on their Android smartphone are advised to delete it until more information from Google or Go SMS Pro is provided.