Nothing’s wild plan to put iMessage on Android through its Nothing Chats app has fallen at the first hurdle after it was pulled from the Google Play Store over some major security and privacy issues.
In a post on X, formerly Twitter, on Saturday, Nothing said, “We've removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs.” The post apologized for the delay and promised to “do right by our users.”
As a friendly community note on the post advises, it seems likely this is due to some major security issues on the app. According to 9to5Google, Nothing Chats “is a privacy nightmare with unencrypted messages and images.”
Are you even trying?
As the report notes, Nothing Chats is powered by a system called Sunbird, which claims its servers “do not store user data promoting a safe, secure, and private messaging environment” and that its messaging is “encrypted” and “confidential,” a stance backed by Nothing.
While the company claims its chats “are end-to-end encrypted,” 9to5Google reports “that’s just not true.” Research conducted by ‘Wukko’ on X reveals the app “is an absolute privacy nightmare that sends/stores ALL data unencrypted on firebase” and “sends ALL messages and attachments to sentry” in plain text.
With some security hocus pocus, “Once a user authenticates with the JSON Web Tokens (JWT) that are insecure in transit, they can access Nothing Chat’s Firebase database and see messages and files from other users sent in real-time and in plain text,” an absolutely wild breach. What’s more, there are reportedly more than 600,000 media files being stored “by Sunbird via Firebase.”
It was the revelation of these issues that prompted Nothing to pull the app. Nothing’s announcement was also overshadowed this week by news that Apple is bringing support for RCS messaging to the iPhone in 2024. While this will give users much better interoperability when sending and receiving messages from Android users, it won’t end the green and blue bubble divide that seems to underpin the argument, with Apple confirming this isn’t a replacement for iMessage or any kind of expansion of its proprietary messaging platform.
As we noted at launch, Nothing’s plan to bring iMessage to Android phones involves handing over your Apple ID credentials so it can be used to sign into a Mac mini on a server farm. It screams insecure, and if that wasn’t enough to put you off using it, these latest developments certainly should, if it ever returns to Google Play, that is.
More from iMore
