Sunbird, the platform in which Nothing Chats is built upon, is apparently not end-to-end encrypted as promised.
Nothing unveiled the app just last week, which aims to bring iMessage compatibility to Android.
The process involves users logging into their Apple ID, which then routes the login to random Mac minis as relay points. This enables virtually sending and receive iMessage content between iOS and Android.
texts team took a quick look at the tech behind nothing chats and found out it’s extremely insecure
it’s not even using HTTPS, credentials are sent over plaintext HTTP
backend is running an instance of BlueBubbles, which doesn’t support end-to-end encryption yet pic.twitter.com/IcWyIbKE86
— Kishan Bagaria (@KishanBagaria) November 17, 2023
Dylan Roussel took to X that Sunbird has access to every message through the app on the device—due to it being unencrypted—whereas all the media and document files are publicly accessible in plain text and in real -time.
He mentioned that over 637,780 media and documents are stored by Sunbird, despite the company’s promise that their servers do not store user data.
Roussel particularly pointed out accessible vCards that contain personal information such as users’ names, phone numbers, and email among other personal data.
As a proof, he even downloaded one and was able to access a certain user’s personal info. He says that over 2,300 users’ data are publicly exposed.
Nothing apparently pulled out the app from Play Store, but not as a direct response to the findings. On X, the company announced that they have removed the Nothing Chats beta from Play Store to “fix several bugs”—delaying launch until further notice.
Many users in the thread disagree as the company seemed to be downplaying the situation of a ‘huge’ privacy issue to mere bugs in the app.
Nothing intended to commence the Nothing Chats beta exclusively for Phone (2) users since November 17. However, with Apple, just days after the date, has announced that they will finally support RCS 14 on the iPhone.
This makes this whole premise of bringing iMessage to iPhone trivial, to say the least.
YugaTech.com is the largest and longest-running technology site in the Philippines. Originally established in October 2002, the site was transformed into a full-fledged technology platform in 2005.
How to transfer, withdraw money from PayPal to GCash
Prices of Starlink satellite in the Philippines
Install Google GBox to Huawei smartphones
Pag-IBIG MP2 online application
How to check PhilHealth contributions online
How to find your SIM card serial number
Globe, PLDT, Converge, Sky: Unli fiber internet plans compared
10 biggest games in the Google Play Store
LTO periodic medical exam for 10-year licenses
Netflix codes to unlock hidden TV shows, movies
Apple, Asus, Cherry Mobile, Huawei, LG, Nokia, Oppo, Samsung, Sony, Vivo, Xiaomi, Lenovo, Infinix Mobile, Pocophone, Honor, iPhone, OnePlus, Tecno, Realme, HTC, Gionee, Kata, IQ00, Redmi, Razer, CloudFone, Motorola, Panasonic, TCL, Wiko
Best Android smartphones between PHP 20,000 - 25,000
Smartphones under PHP 10,000 in the Philippines
Smartphones under PHP 12K Philippines
Best smartphones for kids under PHP 7,000
Smartphones under PHP 15,000 in the Philippines
Best Android smartphones between PHP 15,000 - 20,000
Smartphones under PHP 20,000 in the Philippines
Most affordable 5G phones in the Philippines under PHP 20K
5G smartphones in the Philippines under PHP 16K
Smartphone pricelist Philippines 2024
Smartphone pricelist Philippines 2023
Smartphone pricelist Philippines 2022
Smartphone pricelist Philippines 2021
Smartphone pricelist Philippines 2020
