What you need to know
- Go SMS Pro, an Android messaging app with over a hundred million installs on the Play Store, has a massive security flaw.
- Researchers were able to view files sent as attachments via the app remotely as the app would upload these files online with auto-generated, publicly accessible URLs.
- The Go SMS Pro developers have yet to fix the issue.
Go SMS Pro, a popular third-party SMS app with over 100 million installs going off its Google Play listing has just been found to ship with a critical flaw.
Security researchers at the firm TrustWave found that the app was exposing user data carelessly by uploading files shared on the app to a public URL. After trying and failing to contact the app developers, they contacted the folks over at TechCrunch with their findings.
The researchers did note that while it wasn't possible to target any individual user go Go SMS Pro, someone could cast a huge fishnet and dredge up a lot of private data. TechCrunch were able to find "person's phone number, a screenshot of a bank transfer, an order confirmation including someone's home address, an arrest record," and several compromising photos. The app developers have gone AWOL in the meantime, so it's not likely that this would be fixed soon.
Some of Android's best features are its customizability and modularity. You're able to swap out parts of your phone's software with third-party versions created by other developers. It does require a lot of trust being handed over to developers — especially when it comes to data like SMS messages — and sometimes that trust isn't rewarded.
While the app does have over a hundred million downloads, it's not clear how many of those are recent. Most Android phones sold in 2020 ship with Google Messages as their default messaging app, and users prefer to use end-to-end encrypted apps like Telegram and WhatsApp anyway. If you do have this app installed, it goes without saying you should probably ditch it.
Signal Private Messenger
Signal is the preferred app of choice for people who really care about privacy. It doesn't have all the latest gifs and stories, but it's a competent messaging app that puts security first.
What a 💩 headline. You just have to throw shade at Google even when it isn't a Google app. Shameful!
I expect nothing less from the 💩 show that is AC these days...
It's a shame. That's a stupid headline.
Get the best of Android Central in in your inbox, every day!
Thank you for signing up to Android Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.