C. Scott Brown / Android Authority
TL;DR
- Nothing has removed Nothing Chats from the Play Store after a number of investigations discovered that it’s a whole security mess.
- Sunbird, the platform that powers Nothing Chats, has entry to each message despatched and acquired via the app in your gadget.
- All photographs, paperwork, and messages despatched via Nothing Chats and Sunbird are additionally publicly accessible.
Nothing just lately made an enormous deal about its new iMessage-compatible texting platform referred to as Nothing Chats. It even promised that messages despatched over the service, which is powered by Sunbird, are end-to-end encrypted and never saved on any servers. However, a number of investigations have now proved that Nothing and Sunbird’s security claims are completely false. Nothing has additionally pulled the app from the Play Store and delayed its official launch.
We’ve removed the Nothing Chats beta from the Play Store and might be delaying the launch till additional discover to work with Sunbird to repair a number of bugs.
We apologise for the delay and can do proper by our customers.
It’s fascinating how Nothing has deemed the serious security flaws in its apps as mere “bugs.”
According to X consumer Wukko and 9to5Google’s impartial findings, Nothing Chats are in no way encrypted, as all consumer information from the app will be accessed in plain textual content. Nothing Chats reportedly sends all messages and media attachments to Sentry, a cloud-based software efficiency monitoring & error monitoring service. Additionally, all app information is distributed unencrypted and saved on Firebase, Google’s cell and net app growth platform.
Thread time!
Summary:
– Sunbird has entry to each message despatched and acquired via the app in your gadget.– All of the paperwork (photographs, movies, audios, pdfs, vCards…) despatched via Nothing Chat AND Sunbird are public.
– Nothing Chats just isn’t end-to-end encrypted.
9to5Google’s Dylan Roussel additional found that Sunbird, the service that powers Nothing Chats, can entry each message despatched and acquired via the app.
The security issues get even murkier since Roussel found that anybody can entry Sunbird and, by extension, Nothing Chats’ Firebase database. That means all messages and recordsdata ever despatched by customers in addition to their cellphone numbers, names, e mail addresses, and extra will be seen by anybody.
Roussel stated Sunbird shops greater than 637,780 media recordsdata in Firebase, and the non-public info of over 2,300 customers is publicly accessible.
Meanwhile, the oldsters at Texts.com additionally detailed the security loopholes in Nothing Chats in a weblog put up. They figured {that a} quick bit of code was all that was wanted to automate the method of downloading the app’s consumer information, together with messages and media recordsdata.
If you’re somebody who has used Sunbird or Nothing Chats, researchers at Texts advocate you alter your Apple ID password instantly and take away the apps from your telephones. You also needs to head to this hyperlink to take away your information from Firebase.