Looks like big problems
The other day, a rather curious event happened on the market quite quietly. Nothing has introduced the Nothing Chats application , which could be called just another instant messenger, but the point is that this application actually allows Android owners to exchange messages with iPhone owners via iMessage. And a few days later, this application was removed from the Google Store.
Nothing initially stated that this was done due to the discovery of several bugs that simply needed to be fixed. However, it seems that the real reason is something else, and it is worse.
Let us remind you that the interaction between the Android messenger and iMessage occurs on a third party. She is represented by the Sunbird company, which provides its platform through which the magic happens. However, it turned out that in terms of data security, this platform is apparently much worse than Sunbird itself stated. In particular, there is no end-to-end encryption.
iMessage for Android only lasted a few days.
The Sunbird platform, and therefore the Nothing Chats app, requires a new user of the app to submit their Apple ID credentials to set up syncing. This data is then authenticated on your behalf using a virtual machine running MacOS. The main problem is that the request containing user credentials occurs over an unencrypted channel (HTTP).
The situation as a whole is more complex and is fully described on the Text.Blog website, where several specialists explain how they discovered the problem and what it is. Among other things, they show that they can obtain users’ personal data.
Thus, in fact, Nothing may not be to blame for the situation, but whether the application will now return to the Google Store is an open question.
