Mastodon

Uninstall Go SMS Pro Today

Posted by Matt Birchler
— 1 min read
Uninstall Go SMS Pro Today

From Lifehacker:

The Go SMS Pro texting app has over 100 million installations from the Google Play Store, but popularity doesn’t matter: You need to stop using it and delete it from your phone now. Cybersecurity firm Trustwave recently discovered a major security loophole in the app that makes all photos, videos, and other media attachments you’ve sent through the app publicly accessible.

Go SMS has been saving your files sent through the app on their servers, required no authentication to access them, and named the files sequentially so you could just go browsing with basically no effort and find all sort of things. And no, this isn't an "in theory" concern, TechCrunch did it.

Using this method, TechCrunch found sensitive financial information, home addresses, transaction receipts, and explicit photos that had been sent through the app.

Brutal.

I used Go SMS for a little bit many years ago when I had an HTC One M8, and I don't think I sent anything this way, but man, what disasterous security.