This week, it was revealed that the GO SMS Pro app uploaded shared files (photos, videos, audio) to public URL hosting on the internet. This is a privacy nightmare that could have been avoided. The GO SMS Pro app is one of the most popular messaging apps for Android because it is simple and appears to be free. But they need to make money somewhere, right?
Delete GO SMS Pro now
GO SMS Pro suggests that you will have free themes, emoji, messenger skills and the ability to share all types of files with friends. The app has a notice in the store that it will offer in-app purchases and ads, which you can avoid. What is the downside? A betrayal of privacy that we haven’t seen in years.
An important part of the revenue stream used by the staff of “Best Free Video Editor & Video Maker Dev” is a set of advertisements that appear with each piece of shared media. You share a photo, an audio file or a video, and the person who receives the file clicks on a URL, where they will see the shared file.
The problem with this system is not that an advertisement appears. The problem is that the URL is public. Every time a user shares a file with GO SMS Pro, he uploads that file to the internet, where it can be seen by the public.
Each URL generated by the application was generated sequentially, which means that if you had a URL, you could change a character and see the file sent next. It can be your file or it can be a file sent by a neighbor. It can be personal information or a private video. It’s all out there now, as noted by Trustwave.
Trustwave contacted the developer once a month for the past few months, with no response. After several attempts to contact the application developer, Trustwave disclosed the vulnerability to the public. If you use GO SMS Pro now, YOU MAY be able to delete files that you have already uploaded – but probably not.
How to avoid this issue
If you have already shared a file over the Internet, with SMS, with anything, and the application you are using provides a URL (web address) to share, there is a good chance that the file you have shared is not 100% private. UNLESS you go to that URL and it asks for a password or some form of login string.
At a minimum, an application like GO SMS Pro must have generated each URL at random. From now on, everything shared by users with this application from the beginning is available to the public, open for viewing and downloading.