Last week, Nothing launched its highly anticipated Nothing Chats messaging platform, a collaborative effort with Sunbird, aiming to break down messaging barriers between Android and iOS devices.
Read Also | Nothing Chats App: Unveiling Security Flaws and the Urgent Need for User Protection
The platform allowed Nothing Phone 2 users to seamlessly send and receive texts via iMessage, presenting messages in the distinctive blue bubbles characteristic of iMessage conversations. Moreover, it supported texting over the RCS protocol for other Android phones, along with standard SMS and MMS.
Despite its promising features, the beta version of the Nothing Chats app has faced criticism and concerns regarding user privacy and security. As a result, the Carl Pei-led UK startup has decided to temporarily pull the beta from the Google Play Store, citing the need to address several bugs in collaboration with Sunbird.
The decision to withdraw the beta came after users raised alarms about the transmission of Apple ID credentials via HTTP instead of the more secure HTTPS. To use iMessage services on the Nothing Chats app, users are required to log in with their Apple ID, a process that routes the login through a remote server farm. Kishan Bagaria, founder of Texts.com, labeled the app as “extremely insecure,” highlighting concerns that messages sent through Sunbird’s system lack end-to-end encryption, relying on a BlueBubbles-powered backend.
Dylan Roussel (@evowizz) further pointed out that Sunbird has access to all messages sent and received through the app, making all shared documents, including images, videos, audio, PDFs, and vCards, public.
We’ve removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs.
We apologise for the delay and will do right by our users.
— Nothing (@nothing) November 18, 2023
Moreover, an X user, wukko (@uwukko), revealed that the Nothing Chats app sends all messages and media attachments to Sentry. Additionally, all data is transmitted and stored through Firebase without encryption.
texts team took a quick look at the tech behind nothing chats and found out it’s extremely insecure
it’s not even using HTTPS, credentials are sent over plaintext HTTP
backend is running an instance of BlueBubbles, which doesn’t support end-to-end encryption yet pic.twitter.com/IcWyIbKE86
— Kishan Bagaria (@KishanBagaria) November 17, 2023
The Nothing Chats app was designed to bridge the gap by offering iMessage support for Android users. It facilitated blue bubble conversations between Android phones and iMessage users while also supporting RCS for compatible devices.
Despite these capabilities, concerns over privacy and security have prompted Nothing to delay the official launch, emphasizing their commitment to working with Sunbird to address the identified issues.
Read Also | Unlocking the iMessage Experience on Android: Nothing Chats and the Apple Dilemma
The app boasts features such as end-to-end encryption, group messaging, live typing indications, high-resolution media sharing, and read and delivery receipts, with promises of more features in the future. However, the current focus is on resolving privacy concerns before a widespread release.