Global consumer electronics brand, Nothing, has recently made the decision to remove its ‘Nothing Chats’ beta app from the Google Play Store. The app, which was designed to be compatible with Apple iMessage, was powered by the Sunbird messaging platform. However, due to growing privacy concerns, the company opted to remove the app until further notice.
In an official statement, Nothing explained that the decision to delay the app’s launch was a result of the need to work with Sunbird in order to address various bugs. The company acknowledged the inconvenience caused by the delay and promised to prioritize its users’ satisfaction.
The app’s removal came to light after users shared a blog post from Texts.com, which revealed that the Sunbird messaging platform lacked end-to-end encryption and was therefore susceptible to compromise. Furthermore, a report from 9to5Google highlighted that Sunbird’s solution involved decrypting and transmitting messages using HTTP to a Firebase cloud-syncing server without encryption.
Dylan Roussel, a tech enthusiast, discovered that Sunbird logs all messages by exploiting a debugging service called Sentry, which the company uses to monitor errors. This raised concerns about the privacy and security of user data.
Sunbird clarified that HTTP was only used as a one-off initial request from the app to establish an iMessage connection with the back-end.
Nothing Chats was originally announced on November 14, with the beta version being released just three days later. However, following the privacy concerns, the app was swiftly removed from the Google Play Store.
FAQ:
Q: What was the reason for the removal of the Nothing Chats beta app?
A: The app was removed due to privacy concerns, specifically related to the lack of end-to-end encryption on the Sunbird messaging platform.
Q: Was the app delayed indefinitely?
A: The launch of the app has been delayed until further notice, in order to work with Sunbird to address bugs and improve privacy features.
Q: How was user data compromised?
A: Sunbird’s method of decrypting and transmitting messages using HTTP, without encryption, raised concerns about the privacy and security of user data.