GO SMS Pro app still exposing millions of users’ sensitve data

GO SMS Pro app still exposing millions of users’ sensitve data

 

Previously, it was revealed that the GO SMS Pro messaging app was exposing highly sensitive data of more than 100 million users.


A couple of weeks ago, we reported on an Android messaging app named GO SMS Pro which had a flaw that allowed unauthorized individuals to see other people’s private messages. This was due to a link being generated every time a media message was sent which could be not only used by someone other than the recipient to see the message but the link itself could also be incremented to view the messages of others.


Although at the time of the post, the flaw had not been patched, we have an update now. Covered by Trustwave, in the latest, it has been found that the developers of the app have been trying to release a patch but have been unsuccessful in doing so.


It started initially from November 20 when Google removed the app from its Play Store. Three days later, the app was up again but this time with an updated version at the helm.


However, these updated versions which number 2 did not fix the problem at hand. Firstly in the app’s version 7.93, the company disabled sending media files completely.


However, in another subsequent update, although the sending was enabled, the media sent was not viewable by the receiver rendering it useless as shown below:



Despite this, the researchers have stated that “we can confirm that older media used to veri ..