a nothing Announced with pomp and circumstance Nothing chatsan application that promises to solve the integration problem between Android smartphones and iMessage from apple.
However, what seemed like a great idea quickly turned into a disaster after several privacy and security issues related to user data were discovered.
No conversations have been delayed due to multiple security and privacy issues
Nothing has announced the launch of Nothing chats, a messaging app that promises to solve the green bubble problem in the interaction between iPhone and Android smartphones.
With the Sunbird service, it will be possible to use one of the Mac Mini farms located in the US and Europe to allow forwarding of messages between the user and their contacts and maintain iMessage compatibility and functionality with Nothing Phone (2).
This entire process will ensure the security of user data and messages, with all communications end-to-end encrypted and Apple ID data destroyed immediately after it is sent and login is performed.
When Nothing Chats’ big launch date arrived yesterday, everything quickly went from a huge success to a major nightmare for the startup Nothing.
After the launch, curiosity prompted many people to test this service and test its security promises, which quickly generated the first doubts and criticism.
Initially, it was discovered that access data was sent over HTTP instead of HTTPS, putting user data at risk. In the face of this doubt, Sunbird was quick to justify that the information was pre-encrypted and that the key was provided over HTTPS.
Although this response did not give the community any comfort, as there was still data to be found, such as the user’s email, the situation turned out to be worse.
It was later revealed that user data is not end-to-end protected after all, but rather is available in plain text.
On social network X, user Wukko has also been confirmed by 9to5GoogleHe revealed that the Nothing Chats app sends all multimedia files via Sentry with a link to these files visible in plain text.
Furthermore, all data is sent and stored through Firebase which is fully decrypted.
In the tests conducted, it was discovered that after authenticating the user through JSON Web Tokens (JWT), which is not secure when transmitting information, he can access the Nothing Chats Firebase database and view messages and files sent by other users in time. And in plain text.
In other words, it is possible to access other users’ content such as vCards, names, phone numbers, emails and even other personal data.
9to5Google also revealed that around 630,000 files are hosted by Sunbird on Firebase, including images, videos, PDFs and audio files, showing that although the data is not stored on Sunbird’s servers, it is in fact stored in an external service.
After being notified of all these security issues, Nothing decided to remove the app from the Play Store, as it is not currently available for installation, and postpone its launch after reviewing the entire process and resolving all privacy and security issues with Sunbird.
This whole issue has become a huge headache for Nothing, which, in addition to having a major privacy nightmare to solve for Nothing Chats, could see their brand and credibility somewhat affected by this issue.
Sunbird has already alerted the community
Distrust of Sunbird’s service is not new and has actually started before.
The company began discussing iMessage compatibility in 2022, with a launch scheduled for summer 2023, something that ultimately did not happen and has not yet been launched.
Furthermore, when the beta version of this service was launched, Sunbird held a pre-launch session with the media to introduce this new feature, canceling the free question session in the middle of the conference and refusing to talk about the technical details of the solution.
All of this raised a red flag and left the community apprehensive about this service.
These doubts have now been tested with Nothing Chats, showing a very immature service riddled with security and privacy issues.
Share this article
“Coffee trailblazer. Social media ninja. Unapologetic web guru. Friendly music fan. Alcohol fanatic.”