Nothing recently launched its own iMessage for Android, dubbed “Nothing Chats,” on Play Store. This ambitious project aimed to enable chatting with iMessage users from Android, marking the first free option of this magnitude—a feature initially available for the Nothing Phone 2.
However, the app’s stint in Play Store was short-lived, lasting less than a week. Nothing stated that they withdrew it “until further notice to collaborate with Sunbird in fixing various errors.” The focus shifted to developers who uncovered security issues after dissecting the app.
Please follow us on Twitter and Facebook.
What Was Nothing Chats?
Nothing Chats, a collaboration between Nothing and Sunbird, intended to bridge the gap between iMessage and Android. Sunbird, a messaging app (and web solution), assured users that communication wasn’t stored on its servers, and encryption kept chats within the device.
Nothing Chats adapted Sunbird’s technology exclusively for Nothing’s platform, debuting on November 15, only to be removed three days later on November 18.
Developer Concerns Surface
Kishan Bagaria, Texts.com founder affiliated with Automattic (parent company of WordPress), flagged Nothing Chats as “extremely insecure.” Kishan Bagaria exposed the app’s code on social media and published a detailed report unveiling critical flaws like the absence of HTTP protocol usage and inadequate app encryption. This meant that information was transmitted in plain text, easily accessible to anyone.
texts team took a quick look at the tech behind nothing chats and found out it's extremely insecure
it's not even using HTTPS, credentials are sent over plaintext HTTP
backend is running an instance of BlueBubbles, which doesn't support end-to-end encryption yet pic.twitter.com/IcWyIbKE86
— Kishan Bagaria (@KishanBagaria) November 17, 2023
Independent Confirmation and Sunbird’s Defense
From 9to5Google they assure that independent investigations, including one by Dylan Roussel, an Android app developer, corroborated the identified vulnerabilities. Roussel confirmed that documents sent via Nothing Chats were public, highlighting the absence of end-to-end encryption.
Sunbird countered these accusations , claiming that HTTP protocol was used in limited parts and asserting end-to-end encryption. However, conflicting evidence arose from the app’s code, contradicting their claims.
Nothing’s Response
Nothing released a statement on X (formerly Twitter), acknowledging app errors but sidestepping security concerns. They removed the beta version of Nothing Chats from Play Store, postponing the launch until issues are resolved, emphasizing apologies and commitment to rectify the situation for users.
We've removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs.
We apologise for the delay and will do right by our users.
— Nothing (@nothing) November 18, 2023
Efforts to reach Nothing for additional comments are ongoing, and this article will be promptly updated if more information becomes available.
Read Also:
The Huawei Honor 100: Lineup Leaks Specifications After Receiving Launch Date
Introduction Of The Galaxy S24: Samsung Fans To Mark This Date On Your Calendars
Apple Shows Generosity: If You Have An iPhone 14, You Won’t Have to Pay After All