Nothing’s ambitious chat application, developed in collaboration to bridge the gap between Android and iMessage, has been removed from the Google Play Store due to privacy concerns. The company has officially acknowledged that the beta version of Nothing Chat has been taken down from the Play Store ‘until further notice to address several bugs.’
Recently, Nothing introduced the Nothing Chats messaging platform last week in partnership with Sunbird, aiming to break down messaging barriers between Android and iOS devices. This messaging app enables Nothing Phone 2 users to send and receive texts via iMessage, displaying messages as blue bubbles on iMessage. Additionally, it supports texting over the RCS protocol to other Android phones, along with SMS and MMS. However, since its announcement, numerous users have expressed worries regarding the security and privacy issues of the service.
We’ve removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs.
We apologise for the delay and will do right by our users.
— Nothing (@nothing) November 18, 2023
The decision to remove the Nothing Chats app from the Google Play Store follows widespread user criticism, primarily centred around the transmission of Apple ID credentials via HTTP rather than the more secure HTTPS protocol. To access iMessage services, users are mandated to log in with their Apple ID through the Nothing Chats app, a process that directs the login through a Mac situated in a remote server farm.
Kishan Bagaria, founder of Texts.com, took to X to label the app as “extremely insecure,” asserting that messages sent within Sunbird’s system lack end-to-end encryption and rely on a BlueBubbles-powered backend.
texts team took a quick look at the tech behind nothing chats and found out it’s extremely insecure
it’s not even using HTTPS, credentials are sent over plaintext HTTP
backend is running an instance of BlueBubbles, which doesn’t support end-to-end encryption yet pic.twitter.com/IcWyIbKE86
— Kishan Bagaria (@KishanBagaria) November 17, 2023
Dylan Roussel (@evowizz) highlighted that Sunbird possesses access to all messages sent and received through the app on user devices, emphasizing a potential privacy breach.
nothing chats app (skinned sunbird) is an absolute privacy nightmare that sends/stores ALL data unencrypted on firebase
and for whatever reason it also sends ALL messages and attachments to sentry (again, in plain text) pic.twitter.com/CxBS7TZwCl
— wukko (@uwukko) November 18, 2023
Furthermore, findings by another X user, wukko (@uwukko), unveiled that the app sends all messages and media attachments to Sentry, with all data routed and stored through Firebase, remaining entirely unencrypted.
– Sunbird has access to every message sent and received through the app on your device.
– All of the documents (images, videos, audios, pdfs, vCards…) sent through Nothing Chat AND Sunbird are public.
– Nothing Chats is not end-to-end encrypted.
— Dylan Roussel (@evowizz) November 18, 2023
SEE ALSO: Apple Faces Extended Delay in Developing 5G Modem, Missing Spring 2025 Launch Timeline