Nothing Chats beta gets pulled from the Play Store due to major privacy contradiction

12comments
Nothing Chats beta gets pulled from the Play Store due to major privacy contradiction
Last week, just before Apple stunned the tech world by announcing that it would allow iPhone to support RCS starting next year, Nothing CEO Carl Pei had announced the Nothing Chats app. Created in partnership with the Sunbird universal messaging platform that was planning to bring iMessage to Android users, the Nothing Chats app would allow Nothing Phone (2) users to use iMessage on their Android powered Nothing (2) phone.

The Verge reports that Nothing pulled the Nothing Chats beta app from the Google Play Store and is "delaying the launch until further notice" while seeking to exterminate several bugs. The app would  have allowed Nothing Phone (2) users to text with iMessage but only if Sunbird could log into users' iCloud accounts. Texts.blog, the blog of messaging client Texts.com, referred to the Nothing Chats app as a reskinned version of the Sunbird app and said that the app was not secure.

Texts.blog wrote, that both "Sunbird" and the "Nothing Chats" app require that users send their Apple ID info to their servers, where they are authenticated using a virtual machine running MacOS.


The Texts.com team discovered that messages sent using Sunbird's platform are not encrypted (Sunbird has access to every message sent and received through the app). A tweet from Android app developer Dylan Roussel says that Sunbird does this by "abusing @getsentry, which is used to monitor errors. But Sunbird logs messages, pretending they are errors." This contradicts an FAQ directly taken from the Nothing website on 11/17/2023 and later.

Recommended Stories
The question in the FAQ asked, "Are my messages secure?" The answer stated, "Yes, Nothing Chats is built on Sunbird’s platform and all Chats messages are end-to-end encrypted, meaning neither we nor Sunbird can access the messages you’re sending and receiving." But that does not match what Texts.com discovered. And if there is no encryption and your texts are compromised, you have sent your Apple ID to a third-party service and could allow attackers to view your photos, videos, contacts, notes, and more.

None of this will have any impact on Apple's decision to support RCS which was most likely an attempt by Apple to get ahead of the EU's Digital Markets Act (DMA) which could have forced Apple to add RCS support to the iPhone in the 27 EU member countries if the EU decided to call iMessage a "gatekeeper."

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless