GO SMS Pro, an Android instant messaging app with over 100 million installs, is publicly exposing private multimedia files shared between its users. Unauthenticated attackers can gain access to private voice messages, videos, photos, and photos shared by users. Trustwave security researchers discovered the vulnerability three months ago. The developer’s website is not available at the moment, with customers who want to visit it seeing a Tengine web server installation message instead of the site’s contents. Users can access the files shared by the app’s servers using a shortened URL which redirects to a content delivery network server.
Source: https://www.bleepingcomputer.com/news/security/android-chat-app-with-100-million-installs-exposes-private-messages/