In a surprising turn of events, Nothing’s recently launched chat application, “Nothing Chats,” has been swiftly removed from the Google Play Store.
This move follows the revelation of serious security flaws by researchers, contradicting the company’s claims of robust data protection and its collaboration with Sunbird for the app’s development.
Nothing, known for its “Disruptive” approach in the smartphone world, recently launched their Nothing Chats, designed to support Apple’s iMessage along with other nifty features. This move was met with enthusiasm, as it promised a bridge between Android and iOS messaging. However, the excitement was short-lived.
Nothing Chats : Security Flaws Exposed
As soon as beta version of app was launched on play store, Security Researchers did some digging. They uncovered alarming security flaws in Nothing Chat, in stark contrast to the assurances given by Nothing and its partner, Sunbird. Contrary to claims of end-to-end encryption, the entire chat data was found to be public.
The revelation is shocking: the app doesn’t even employ HTTPS, meaning credentials are sent over unsecure plaintext HTTP.
The backend of Nothing Chat is powered by an instance of BlueBubbles, a platform not yet equipped to support end-to-end encryption. This loophole left user data vulnerable and easily accessible.
Sunbird‘s role in this debacle is particularly concerning. The company seemed not so legit from day one.
Not only did they have access to every message sent and received through the app, but all forms of media – images, videos, audios, documents – sent via Nothing Chat and Sunbird were public.
In a baffling response to concerns, Sunbird stated that using HTTP was part of an initial request and downplayed the severity.
But, another security researcher, Dylan Roussel debunked lame claims further.
Lies of Sunbird, Foolish Nothing
Further investigation revealed that Sunbird might have knowingly deceived Nothing. The messages, far from being end-to-end encrypted, were accessible because Sunbird uploaded data to Firebase. Adding to this, Sunbird was found to be misusing the @getsentry tool, which is typically used for monitoring errors, to log messages by masquerading them as errors.
The Privacy Catastrophe
This security nightmare doesn’t end there. Personal information of over 2300 users has been compromised, marking one of the most significant privacy blunders by a smartphone company in recent times.
Nothing’s Response and the Way Forward
Acknowledging these severe lapses, Nothing tweeted about removing the beta version of Nothing Chats from the Play Store.
They’ve delayed the launch to address these “bugs” with Sunbird. However, considering the gravity of these breaches, it’s questionable whether the project should continue at all, especially given Sunbird’s cavalier attitude towards user privacy.
Apple support for RCS in iMessage : The Diminishing Need for Third-Party Solutions
Adding to the woes of Nothing Chats is Apple’s recent announcement to support RCS in iMessage by 2024. This move is set to revolutionize cross-platform messaging, offering features like high-quality media sharing, read receipts, and typing indicators natively. It significantly reduces the necessity for third-party solutions like Nothing Chats.
Marketing led innovation is not everything | User Privacy is important
Nothing’s journey with Nothing Chats serves as a stark reminder of the importance of thorough vetting and auditing of partner applications, especially in matters of user privacy and security.
With technological advancements and native solutions like RCS on the horizon, the relevance of apps like Nothing Chats is diminishing. It’s a hard lesson for Nothing, but one that underscores the evolving landscape of digital communication and the paramount importance of user trust.