Go SMS Pro, a popular messaging app for Android devices, that has been downloaded over 100 million times from Google Play Store by Android users, has now been pulled from Google Play.
This was done just hours after it was reported that the app highlighted some serious security flaws which could allow anyone to access photos, videos, and other files sent privately by its users.
Go SMS Pro developers were informed about the flaw back in August. However, the China-based company didn’t respond and confirm whether the issue was fixed.
The app had over 100 million downloads from Google Play before its removal. After the report came out, Google decided to take action on its own, and removed the app from the Play Store.
Apart from leaking messages, it also leaked private photos, financial transaction details, private messages, all part of SMS, on the web. Data of millions of Go SMS Pro users is available on the web.
Go SMS Pro allowed users to share files, photos, and videos. If the other person did not have the Go SMS Pro app installed a link was shared with them using regular SMS that allowed them to view the file in their browser.
Security researchers at Singaporean cyber-security firm Trustwave discovered the flaw in Go SMS Pro that publicly exposes media files transferred between its users.
The researchers found that the links sent through Go SMS Pro were sequential and could be predicted by someone who knows how it generates links.
The researchers did note that while it wasn’t possible to target any individual user on Go SMS Pro, but someone could cast a huge fishnet and dredge up a lot of private data.
Trustwave researchers found the issue particularly on the Go SMS Pro version 7.91, though they mentioned in a blog post that it was still in place.
The Go SMS Pro app is no longer available for download from Google Play. It may, however, still be there on millions of devices where it was installed before its removal.