A popular messaging app Go SMS Pro for Android devices has now been removed from Google Play due to security issues. App has over 100 million downloads.
The step was taken just hours after it was reported that the app highlighted some serious security flaws which could allow anyone to access photos, videos, and other files sent privately by its users.
Go SMS Pro developers were informed about the flaw back in August. However, the China-based company didn’t respond and confirm whether the issue was fixed.
The app had over 100 million downloads from Google Play before its removal. After the report came out, Google decided to take action on its own, and removed the app from the Play Store.
Apart from leaking messages, it also leaked private photos, financial transaction details, private messages, all part of SMS, on the web. Data of millions of Go SMS Pro users is available on the web.
Go SMS Pro allowed users to share files, photos, and videos. If the other person did not have the Go SMS Pro app installed a link was shared with them using regular SMS that allowed them to view the file in their browser.
Security researchers at Singaporean cyber-security firm Trustwave discovered the flaw in Go SMS Pro that publicly exposes media files transferred between its users.
The researchers found that the links sent through Go SMS Pro were sequential and could be predicted by someone who knows how it generates links.
The researchers did note that while it wasn’t possible to target any individual user on Go SMS Pro, but someone could cast a huge fishnet and dredge up a lot of private data.