This week it was revealed that the app GO SMS Pro uploaded shared files (photos, videos, audio) to public URL hosting on the internet. This is a privacy nightmare, and one that could have been avoided. The app GO SMS Pro is one of the most popular messaging apps for Android because it’s simple and it appears to be free. But they’ve got to make their money somewhere, right?
Delete GO SMS Pro now
GO SMS Pro suggests you’ll get free themes, emoji, messenger abilities, and the ability to share all sorts of files to friends. The app has the in-store warning that it’ll offer in-app purchases and ads, which you can avoid, so what’s the drawback? A privacy betrayal the likes of which we’ve not seen for ages.
One major part of the revenue stream used by the folks at “Best Free Video Editor & Video Maker Dev” is a set of ads that appear with every shared piece of media. You share a photo, or an audio file, or a video, and the person who recieves said file clicks a URL, where they’ll see your shared file.
The issue with this system isn’t that an advertisement appears. The issue is that the URL is public. Each time a user shares a file with GO SMS Pro, they upload that file to the internet, where it can be viewed by the public.
Each URL generated by the app was generated sequentially, which meant that if you had one URL, you could change one character and see whatever file was sent next. That could be your file, or it could be a file sent by a neighbor. It could be personal information, it could be a private video. It’s all out there, right now, as noted by Trustwave.
Trustwave reached out to the developer once a month for the past several months with no response. After multiple attempts to contact the developer of the app, Trustwave disclosed the vulnerability to the public. If you use GO SMS Pro right now, you MAY be able to delete the files you’ve sent already – but not likely.
How to avoid this issue
If you ever share a file with the internet, with SMS, with anything, and the app you’re using gives you a URL (web address) to share, there’s a good chance the file you’ve shared isn’t 100% private. UNLESS you go to said URL and it requests a password or some form of login sequence.
At the very least, an app like GO SMS Pro should have generated each URL randomly. As of now, everything shared by users with this app since inception is out there in the public, open for viewing and download.