- Nothing recently introduced Apple’s iMessage-like feature named Nothing Chats.
- The brand introduced Nothing Chats just to provide a solution to the long-standing texting troubles between Android and iPhones.
- The beta version of Nothing Chats is not appearing on the Play Store because it has been removed.
Nothing recently introduced Apple’s iMessage-like feature named Nothing Chats. But now, the beta version of Nothing Chats is not appearing on the Play Store because it has been removed. The brand has shifted the launch date of the application at least until further official notice.
The brand introduced Nothing Chats just to provide a solution to the long-standing texting troubles between Android and iPhones, along with support for both RCS and iMessage, as well as to cover up the gap between them. But here’s the noticeable catch: a concern about the security risks associated with such workarounds.
This is being speculated by a post on X, formerly Twitter, shared by @uwukko, which stated
“Nothing chats app (skinned sunbird) is an absolute privacy nightmare that sends/stores ALL data unencrypted on Firebase.”
With this statement, it is clear that the Nothing Chats application lacks a layer of security, due to which all the data gets unencrypted on Firebase. The issue does not stop here; and it also sends all messages and attachments to the sentry. However, why it is happening, the reason is not clear yet.
“And for whatever reason, it also sends ALL messages and attachments to sentry (again, in plain text).”
It appears that the reason behind delaying the launch program is that the app is based on Sunbird’s system, is not end-to-end encrypted, and can be compromised easily. The reports reveal that the engineering team discovered that Sunbird and Nothing Chats required users to send their Apple ID credentials to their servers. The team also found multiple security issues, which included that crucial credentials were being sent over an unencrypted channel (HTTP).
Instead of Sunbird claiming to have ISO27001 certification, recent reports also reveal that the brand offered misleading information regarding end-to-end encryption. Although messages sent to Sunbird’s servers were encrypted, JSON Web Tokens (JWT) were being sent even without encryption to another Sunbird server.
If the information is to be believed, Sunbird is the one who is responsible for the privacy troubles, and Nothing is being criticized for collaborating with them and downplaying the situation, such as – bugs. Meanwhile, Sunbird stated that HTTP is only utilized for the initial request from the application to the back-end, informing it of the forthcoming iMessage connection.
Nothing Chats was launched in the beta stage on the Play Store on Tuesday after being announced earlier this week.