Nothing Chat removed from Google Play Store due to security concerns

Nothing Chat removed from Google Play Store due to security concerns

Last week, Nothing announced Nothing Chats, a brand new chat application This eliminates the need to send messages and files over old, insecure SMS and MMS systems Unfortunately, Nothing has removed this app from Google Play

NothingChats works, and the process requires Sunbird to log into an iCloud account from its servers, which are supposed to work on a Mac Mini That's sketchy enough, but it gets worse: Textscom reports that Songbird's messages are not encrypted end-to-end Apparently, it is not that difficult to compromise the system

9to5Google found that the site's owner, Dylan Roussel, went into more detail in a Twitter/X thread

Roussel claims that Sunbird works by sending decrypted messages via HTTP to Firebase's cloud synchronization server and storing them in unencrypted plain text He notes that Sunbird also has access to these messages because they are logged as errors by the debugging service Sentry

Sunbird claims that sending via HTTP is not a problem because it is only used as part of the initial request, according to Roussel, who notes that this still leaks the user's email address Sunbird's messages are then sent to Firebase's The fact remains that Sunbird's messages are publicly available through Firebase's real-time database and are not encrypted

Nothing's FAQ claims that Sunbird's system is secure and encrypted end-to-end, while simultaneously stating that messages and Apple credentials are not stored at any point in their journey Roussel states that the exact opposite seems to be happening

One of the biggest advantages of iMessage is that it is encrypted end-to-end by default Apple also cites additional security as one of the reasons it will adopt the RCS messaging standard next year In both cases, your messages are secure and inaccessible to third parties, including Apple

Therefore, if you are going to be communicating in a ludicrously insecure manner, you might as well stick with the traditional SMS option At least you don't have to use Apple's credentials to log into a third-party server

According to the official Nothing Chats page, the beta app has now been removed from the Play Store and its release will be delayed until Nothing and Sunbird fix "some bugs" This is putting it lightly

When reached for comment, a spokesperson for Nothing said, "We have removed the beta version of Nothing Chats from the Play Store We apologize for this delay and do our best to accommodate our users"

He commented

In the meantime, the dream of hiding as a blue bubble Apple user without buying an iPhone is not going to come true anytime soon And given all that has been revealed, that is probably something you should try to avoid in the future

Categories