Following reports from 9to5Google and other publications that SunBird, the platform Nothing Chats is built upon, is not as encrypted as the company claimed, Nothing has pulled the app for the time being in response.
Nothing took to X to say, “We’ve removed the Nothing Chats beta from the Play store and will be delaying the launch until further notice to work with Sunbird to fix several bugs. We apologize for the delay and will do right by our users.”
9to5Google’s report details how SunBird and Nothing Chats allow users and SunBird to effectively see every message sent through its platform, showcasing that it’s not encrypted. On top of this, that means you can also see personal user information like their email addresses.
Sunbird has access to every message sent and received through the app. They do this by abusing @getsentry, which is used to monitor errors.
But Sunbird logs messages, pretending they are errors.
Here are part of the requests (img 1, 3) and their entire "message" (img 2, 4) pic.twitter.com/pzwwQVWfOb
— Dylan Roussel (@evowizz) November 18, 2023
We've removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs.
We apologise for the delay and will do right by our users.
— Nothing (@nothing) November 18, 2023
Nothing announced Nothing Chats as a way for Android users to use iMessage to keep in touch with iPhone users. Later the same week, Apple announced that support for RCS is coming in late 2024, rendering much of what Nothing aimed to accomplish with Nothing Chats useless.
Nothing still launched the Nothing Chats app on November 17th. However, less than a day later, users found all the security exploits, confirming that SunBird and Nothing Chats by proxy, are unsecured and users’ messages can be taken with minimal hacking.