Go SMS Pro Security Flaw Exposed Millions of Private User Files

Critical Vulnerability in Popular Android Messaging App

Go SMS Pro, a widely-used Android messaging app with over 100 million downloads, has been exposing users’ private photos, videos, and sensitive files due to a significant security vulnerability. Despite being notified months ago, the app developers have failed to address this critical privacy issue.

How the Data Exposure Occurred

Security researchers at Trustwave discovered the flaw in August 2020 and reported their findings to the app developers, following standard 90-day vulnerability disclosure protocols. When no response or fix was implemented, the researchers went public with their discovery.

The Technical Breakdown:

  • When users send media files to non-app users, Go SMS Pro uploads content to its servers
  • The app generates web links for recipients to view files without installing the app
  • These web addresses follow a predictable, sequential pattern
  • Any shared file—even between app users—generates a vulnerable web link

“An attacker could create scripts to scan millions of possible links and access private files,” explained Karl Sigler, Senior Security Research Manager at Trustwave.

Shocking Findings from the Data Leak

TechCrunch verified the researchers’ claims by examining sample links, uncovering:

  • Personal phone numbers
  • Sensitive bank transfer screenshots
  • Order confirmations with home addresses
  • Official arrest records
  • Explicit private photos

Developer Silence Raises Concerns

Attempts to contact the app developers proved unsuccessful:

  • One email bounced back due to a full inbox
  • Another email was opened but received no response
  • No security patches have been issued to date

Protecting Your Digital Privacy

This incident highlights the importance of:

  1. Researching apps before installation
  2. Understanding permissions granted to applications
  3. Considering encrypted alternatives for sensitive communications
  4. Regularly auditing your installed apps for security updates

With over 100 million installs on Google Play, this vulnerability potentially affects a massive user base. The continued silence from Go SMS Pro developers leaves users vulnerable to ongoing privacy risks.

Remaining 0% to read
All articles, information, and images displayed on this site are uploaded by registered users (some news/media content is reprinted from network cooperation media) and are for reference only. The intellectual property rights of any content uploaded or published by users through this site belong to the users or the original copyright owners. If we have infringed your copyright, please contact us and we will rectify it within three working days.