Recently we reported on VivaVideo, yet another app available on Google Play that could put Android users at risk, by attempting to initiate premium subscriptions and delivering “invisible ads”, essentially stealing money from the user. Shortly prior, security firm Avast also listed 21 whole apps that are best to stay away from, as they’ve been found to bombard users with ads, even outside the app itself, among other things.But not all Android app dangers come from malicious intent, sometimes a developer just isn’t careful or caring enough, in order to protect its users. One such case now reported by cybersecurity firm Trustwave is said to have been leaking user data, in the form of user images and other media shared in private messaging sessions between its users and those who don’t have the app.
The app, named GO SMS Pro, looks just like an average messaging app, at the likes of Facebook Messenger, and promises to “encrypt messages & protect your privacy”.
The app in question has been downloaded by millions of Android users
According to Trustwave, if a GO SMS Pro user sends a photo or another file to someone who doesn’t use the app, the media file in question will be sent as a link, that can be opened in any internet browser, on any device, and by anyone. On top of that, the links are generated in a sequential fashion, and thus are easy to guess. A malicious person could easily start sifting through countless private images that were sent via the app, finding any random people’s photos and media that they probably thought was privately shared between just one another.
Trustwave says that the privacy and security issue with this app was reported to its developer all the way back in August, but the developer never responded. It’s not clear if the issue has been patched since then, but for now, if you find yourself using messaging apps that aren’t made by trusted developers, it’s best to uninstall them. Especially if those apps are handling your private information.