Global consumer electronics brand Nothing has taken swift action by pulling its recently launched “Nothing Chats” beta app from the Google Play Store. The decision comes just a day after its initial release, citing privacy concerns as the main reason behind the removal.
The app, which aimed to be compatible with Apple’s iMessage, relied on the messaging platform Sunbird for its functionality. However, users started raising alarms after sharing a blog post from Texts.com, which highlighted security vulnerabilities in Sunbird’s message encryption. The Verge reported that the encryption lacked end-to-end security, making it vulnerable to compromise.
Further investigation by Dylan Roussel, detailed on 9to5Google, revealed that Sunbird’s solution involved decrypting and transmitting messages through HTTP to a Firebase cloud-syncing server. These messages were stored in an unencrypted plain text format, and the debugging service Sentry recorded them as errors, giving Sunbird unauthorized access to all the messages exchanged through the app.
Responding to these concerns, Sunbird explained that HTTP was only used during the initial request from the app to establish the iMessage connection. However, the company’s method of logging messages as errors raised significant privacy and security concerns.
In light of these findings, Nothing made the decision to remove the Nothing Chats beta app from the Play Store and announced a postponement of the app’s launch until further notice. The company expressed its commitment to addressing the identified bugs in collaboration with Sunbird so that user privacy can be assured.
The swift removal of the beta app emphasizes the critical importance of addressing privacy concerns, especially in messaging apps that handle sensitive user data. Users should remain vigilant and ensure that the messaging platforms they use prioritize end-to-end encryption to safeguard their privacy.
Q: Why was the “Nothing Chats” beta app removed from the Google Play Store?
A: The app was swiftly removed due to privacy concerns raised about Sunbird’s message encryption.
Q: What was the security vulnerability in Sunbird’s encryption?
A: Texts.com highlighted that Sunbird’s encryption lacked end-to-end security, making it susceptible to compromise.
Q: How did Sunbird access the messages exchanged through the app?
A: Sunbird logged the messages as errors using a debugging service called Sentry, which gave them unauthorized access to all the messages.
Q: What is the future of the Nothing Chats app?
A: The launch of the app has been postponed until further notice to address the identified bugs in collaboration with Sunbird.