Go SMS Pro is exposing private data of millions of users

Go SMS Pro, the choice of many for their messaging needs has been publicly exposing the private data of its users including photos, videos and other data files. According to the sources, GOMO, the company behind the popular messaging app with 100,000,000+ install on the Google Play Store hasn’t still done nothing to remove the security flaw.

Trustwave’s security researchers discovered the flaw way back in August 2020 and reached out to the company giving them 90 days to fix the issue, as is the industry standard for disclosing vulnerabilities in software, before making the issue public. The company, however, failed to even respond to the researchers therefore they made the details of the security flaw public.

The app lets you send media files like pictures or videos to people who do not have the app installed by providing you with a link that is sent to the receiver through text so they can view the media. The researchers, however, found that this didn’t just happen when an app user wanted to send the media to someone without the app. It happened for all media shared on the platform. Furthermore, the links generated were sequential allowing anyone with a link to cycle through any file shared on the platform.

Image Source: TechCrunch