Incomplete 'Go SMS Pro' Patch Left Millions of Users' Data Still Exposed Online
December 01, 2020Ravie Lakshmanan
A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. The security misstep made it possible for an attacker to come up with a trivial script to access media files transferred between users, including private voice messages, photos, and videos, stored on an unauthenticated, publicly accessible server. Although the behavior was observed on version 7.91 of GO SMS Pro for Android, the app makers have since released three subsequent updates, two of which (v7.93 and v7.94) were pushed to the Google Play Store after public disclosure of the flaw and Google's removal of the app from the marketplace. Google reinstated the app back to the Play Store on November 23. Now following an analysis of the updated versions, Trustwave researchers said , "GOMO is attempting to fix the issue, but a complete fix is still not available in the app.&