Nothing goes right for Nothing with the launch of Nothing Chats, the Sunbird-based chat application with which it is possible to chat with iMessage from Android. Announced last Wednesday, the next day Apple announced that it would adapt the RCS standard, spoiling the party. Later, several researchers They have found serious security flaws in the application and finally Nothing has paused downloads of the application on Google Play while the matter is clarified.

Nothing Chats uses Sunbird technology to be able to chat with iMessage on Android, blue bubbles included, but some of the advertised features, such as the fact that all messages are end-to-end encrypted they seem not to be trueaccording to several security researchers.

Nothing Chats doesn’t last long on Google Play

Today it is not possible to use iMessage on Android and all possible solutions, such as Beeper or Sunbird, are based on having to iMessage is used on another device that is used as a bridge between the Mac ecosystem and our Android. In the case of Sunbird, a Mac server farm with which, in theory, Android phones communicate securely, including end-to-end encryption, and without saving a copy of your messages.

The problem is that the system appears to be considerably less secure than advertised. The investigations of, Dylan Roussel, Wukko and others detail what they call the “privacy nightmare” that is Nothing Chats and Sunbird.


From using HTTP and not HTTPS to what all messages are saved unencrypted in Firebase and, in fact, can be accessed by a person who intercepts the Token, which is sent in an insecure way. What’s more, Sunbird technically has the ability to read each and every message of the users.

Sunbird for his part has defended its application and implementationalthough the best proof of privacy problems are the proofs of concept, available on Github, with the code to demonstrate the different Sunbird vulnerabilities and how messages are saved in clear text in the Firebase database.

To all this, Nothing Chats is Sunbird with the design of the house, so Sunbird vulnerabilities are Nothing Chats vulnerabilities. Due, Nothing has decided to remove Nothing Chats from Google Play until “some bugs are fixed.”


Thus, what should have become a marketing maneuver on the part of Nothing has ended up generating quite a bit buzzYes, although not the good one. First, The announcement that Apple will support RCS in the future clouded some of the advantages of an application like Nothing Chats, although not all: the issue of green bubbles still existed.

Now, the system’s privacy problems and the “forced” departure of the application from the application store affects another of the application’s main claims, its security. Will have to see if the app goes back to the store in the future and, if so, whether users will trust it.

Via | 9to5Google

In Android | WhatsApp adds passkeys as an alternative to SMS verification