Sunbird, the messaging platform powering Nothing’s recently announced — and shut down — Nothing Chats app, also shut down in the wake of significant privacy and security problems.
A quick recap for those who might have missed it: Sunbird claims to enable iMessage on Android devices, though it requires signing in with your Apple ID on a device the company controls.
That alone set off alarm bells for privacy-conscious users but didn’t stop Nothing from partnering with Sunbird for Nothing Chats and then making a big deal about bringing iMessage to the Nothing Phone (2). Such a big deal, in fact, that Nothing CEO Carl Pei seemed to take credit for Apple adopting RCS, despite Apple’s about-face clearly stemming from looming regulatory action.
Anyway, reporting from 9to5Google detailed various significant privacy and security issues with Nothing Chats and Sunbird, ultimately leading to Nothing pulling the Chats app from the Play Store and now Sunbird vanishing too. The most notable issue was that data was not end-to-end encrypted as promised and, worse, was fairly easy to access by other people — 9to5 found over 630,000 accessible files through a vulnerability.
Sunbird hasn’t released a statement about the issues or the app shut down, but users took to the Sunbird subreddit to share a notification they received saying that the service was “temporarily on hold.”
“Dear Sunbird User. We have decided to pause Sunbird usage for now while we investigate security concerns. We will update you when we are ready to proceed,” the message reads.
Another notification labeled “Turning off media” says:
“Good afternoon everyone. We are investigating the security issues raised in the last 24 hours. In an abundance of caution and to protect your confidential data, we are shutting down Sunbird media temporarily. We will keep you posted. Thank you, & sincere apologies for the inconvenience.”
9to5 notes that the notification went out on November 18th, but that Nothing Chats users received a notification with the same phrasing on the 21st.
The Sunbird app is no longer accessible through the Play Store. Moreover, reporting from Ars Technica detailed how Sunbird previously refused to answer basic technical questions in an earlier media briefing and even shut down the briefing’s chat to avoid questions. There are also reports of the Sunbird Discord banning users who try to bring up security concerns.
All this goes to show that the skeptics were right about Sunbird, and there was plenty of reason to be wary of the app before Nothing Chats. Plus, the whole debacle has raised some serious concerns about Nothing, which managed to launch a product integrating Sunbird. Either the company didn’t know about the security issues, which is very concerning given how quickly they were found by the public, or it knew and didn’t bother to address the problems. It also raises concerns about other apps that promise iMessage on Android.
But hey, with RCS coming to the iPhone now, you probably don’t need to worry about getting iMessage on your Android phone anymore.
Header image credit: Sunbird
Source: Reddit Via: 9to5Google
MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.
