GO SMS Pro, an Android instant messaging app with more than 100 million installs, is still exposing the private shared messages of millions of users. The app’s developer has been working on a fix for the flaw behind the data leak for almost two weeks. The flaw, discovered by Trustwave researchers three months ago and publicly disclosed on November 19, enabled unauthenticated attackers to gain unrestricted access to voice messages, videos, and photos privately shared by users. Images downloaded from the app’s servers are already being shared on underground forums, and developers are updating them daily.
Source: https://www.bleepingcomputer.com/news/security/android-app-still-exposing-messages-of-100m-users-despite-bug-fix/