Nothing Chats release turns to disaster with Nothing Phone (2) users found sending unencrypted messages and media
Nothing has already run into trouble with its Nothing Chats app, less than a week after boasting that it was the 'first mobile company to offer a solution to one of the biggest frustrations between Android and iOS users'. To recap, Nothing explained that it had developed Nothing Chats in collaboration with Sunbird, another app designed to bring iMessage support to Android. Initially, Nothing would limit Nothing Chats usage to the Phone (2) (curr. US$559 on Amazon) in Canada, the EU, UK and the US.
Subsequently, Apple confirmed that Rich Communications Services (RCS) messaging would be coming to iOS in 2024, covered separately. In theory, Apple's adoption of RCS could negate the need for a third-party like Nothing Chats to bridge the gap between Android and iMessage. Nonetheless, Nothing Chats went live on November 17 as Nothing Chats (Beta) but was quickly pulled because of 'several bugs'.
We've removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs.— Nothing (@nothing) November 18, 2023
We apologise for the delay and will do right by our users.
As the embedded tweet above, these 'bugs' were severe enough for Nothing to delay Nothing Chats 'until further notice' with no additional explanation provided. Thankfully, the likes of @evowizz and @KishanBagaria have offered some clarity as to why Nothing may have discontinued Nothing Chats so quickly. In short, it seems that Nothing Chats lacks the end-to-end encryption that Nothing went to lengths to explain in an FAQ.
When presented with evidence demonstrating this deficiency, Sunbird insisted that its service was secure, even though it sends credentials using the unencrypted HTTP protocol. Please see @evowizz's Twitter thread and Text's blog post for detailed explanations about the security issues inherent with Nothing Chats and Sunbird. Incidentally, Sunbird has informed its users that it has 'decided to pause Sunbird usage for now while we investigate security concerns'.
Currently, it remains to be seen whether Nothing Chats and Sunbird return or in what capacity. However, users of either app should be able to remove some of their stored data by following the steps below. Ultimately, data sent using either platform should be considered compromised at this stage.
I’ve been banned from @sunbirdapp’s Discord, probably because I made a tool that deletes some of the data they keep.— batuhan içöz (@batuhan) November 18, 2023
If you are a Sunbird/Nothing Chats user, here’s my recommendation, in order:
- Change your Apple ID password *now* and revoke their session
- Remove the app