Nothing Chats app removed after shocking security flaws revealed
Nothing and Sunbird withdrew their insecure iMessage bridge after it was revealed that Sunbird not only logged and stored messages, vCards, and other data but also allowed others to download the user data. The app raised suspicions within days for its apparent lack of encryption and its use of plaintext HTTP to send login credentials over the internet.
Android app developer Dylan Roussel discovered some alarming facts about the app that showed how unsafe it was for its users. In a thread, Roussel claimed that Sunbird had access to every message and file sent through the app and that Nothing Chats did not use end-to-end encryption at all.
Roussel explained that Sunbird had access because it misused Sentry, an error detection tool. He also found that he could access and download media and vCards posted by other users, revealing their phone numbers and information.
Roussel suggested at the time that Nothing should remove the app from the Play Store and warn all users. He also commented that Nothing should have verified that the app which uses their name is secure before claiming it is.
“This is probably the biggest privacy nightmare I’ve seen by a phone manufacturer in years,” Roussel wrote.
Reader Comments