GO SMS Pro Vulnerability Issue

Texting may not be widely used as when it was first introduced itwo decades ago. Today, instant messaging or social networking is more common. All you need is Internet connection and an app to communicate with family, friends, and colleagues. The SMS experience won’t be obsolete yet but it will continue to be enhanced. There are plenty of SMS-related apps like Go SMS Pro. This messaging app for Android has been helpful but unfortunately, the app has reportedly exposed data of users even those sent privately.

Trustwave’s security researchers have discovered a problem last August related to the files being exposed by the app. They have contacted the app developer right away, hoping it would fix the issue. A 90-day deadline was set but the app maker has not done anything yet.

The researchers only went public recently to report the issue. The developer has not responded to the complaint about Go SMS Pro.

What usually happens is that when the app sends a file, video, or photo to a contact that doesn’t use the app, the file is uploaded to a server. The app then shares a web address via text so the receiver can see the file. That is not an unusual practice but the web addresses generated were sequential. This means the addresses are not random and anyone can see them as long as a predictable web address is known.

At this point, Go SMS Pro has been installed on Android devices over 100 million times. A quick experiment has revealed the claim was possible. Trustwave’s Senior Security Research Manager note that app’s vulnerability to public access. He said, “An attacker can create scripts that could throw a wide net across all the media files stored in the cloud instance.” No word has been given by the app developer yet.