The Go SMS Pro application is one of the most popular within its category – messaging apps. According to the investigation by the cybersecurity agency, Trustwave, users’ private photos, videos and other files are at serious risk of exposure.
What is most serious is the fact that the vulnerability was discovered last August, however, the programmers were warned, but did nothing to fix it. In view of the above, the cybersecurity agency thus issues a severe recommendation.
You better remove the GO SMS Pro app now
The free application for Android allowed to replace the native app of messages, being well classified and relatively popular in this category. Note that in the Android operating system it is possible, for example, to exchange system applications.
In fact, the openness and versatility of the Android system is one of the undeniable advantages of this Google platform. However, it can also be a vector used for questionable purposes, purposefully or passively as occurred in the present case.
With more than 100 million installations from the Google Play Store, the GO SMS Pro app is fraught with a severe security breach that could compromise user data. In other words, it poses a risk to privacy.
The latest security breach on Android
At issue is an abnormal behavior, detected by the researchers, which ends up exposing the users’ data. This being a popular app in the Google ecosystem, the implications of this security breach can affect millions of people.
According to Trustwave, the problem is divided into several behaviors and activities in critical areas that, taken together, make the application a serious security and privacy risk. Take, for example, the fact that all files shared through a message sent by the GO SMS Pro app are sent to the Internet.
Then, the general application an access code to the files of the sender (s), also known as link, so that the recipient (s) have access to them. It is important to note that this behavior occurs even if both users use this SMS app.
Above we can see an instance in which the contents are shown, as well as the link created for remote access. This situation creates a serious risk to the user’s privacy, facilitating improper access to the files sent.
In summary, we are dealing with sending the contents to a specific online server and, in addition, unnecessary storage. This multiplies the chances of a third party obtaining undue access to them.
The SMS GO Pro app is a serious attack on privacy
The security agency’s report highlights that application developers are aware of such behaviors. However, they seem to ignore the problems, without any action being taken to correct or even mitigate the situation.
Given the easy access to the links (links) to the uploaded files, without any authentication being required, nothing prevented third parties from having access to the same data.
Trustwave advised the responsible developers and gave them 90 days to remedy the flaws. In the absence of a response after the indicated period, the security agency made these conclusions public.
EBox editors recommend: