Where to find Go SMS Pro
Go SMS Pro is a free messenger app that you can download on Play Store. Although it is a popular app, beware of Go SMS Pro because there is a serious security flaw. It has over 100 million installs with a Google Play rating of 4.5/5.
This flaw can give any hacker an opportunity to access the content that you have sent.
Update 21/11/20: Go SMS Pro has been removed from Play Store.
There is no update yet to fix the vulnerability although the developer was alerted on the issue several months ago.
According to TechCrunch, the following findings were discovered:
“In viewing just a few dozen links, we found a person’s phone number, a screenshot of a bank transfer, an order confirmation including someone’s home address, an arrest record, and far more explicit photos than we were expecting, to be quite honest.”
What really happens behind the scenes?
Go SMS Pro uploads every media file that you send to the internet and creates a URL for those files.
This means anyone who has access to that URL is able to view your media file.
Media files may be a photo or video and when you send a message with any of those files, the content is uploaded to its servers.
Once the a URL is created for each of the uploaded files, this URL is then sent to the recipient who has Go SMS Pro.
The recipient then sees the media file directly in the message. However, the URL is publicly accessible on the internet.
The problem with Go SMS Pro is that sensitive data like screenshots or other personal data, photos etc is uploaded to the servers.
No authentication exists when you want to open the link and that means anyone with the link accesses the content.
In addition, the URLs generated are highly predictable and one can easily come up with a URL of another media file by making small changes.
Shockingly, the developer has been mum on that matter and attempts to reach out to the developer hit a brickwall.
From a security perspective, if you have Go SMS Pro its best that you stop using it until the issue highlighted above is addressed.
Try other messaging apps, taking care not to fall for dubious alternatives.
Remember to use a VPN every time you are working with sensitive data online.
Share the article with your friends who are using Go SMS Pro. Your data is your business.