Nothing Chats partner Sunbird has informed users that it has temporarily shut down its messaging platform, following reports of several security issues affecting the service. The company was recently in the news after it emerged as the partner for smartphone maker Nothing’s iMessage chat app for Android. Users of the app that promises access to chats from different platforms including WhatsApp, Instagram, and iMessage on the same app, have received a message stating that the company would provide additional information in the future.
In a message shared with Sunbird users over the weekend, the company announced its decision to put the service on hold temporarily. “Dear Sunbird User. We have decided to pause Sunbird usage for now while we investigate security concerns. We will update you when we are ready to proceed,” the company stated in a push notification sent to users.
Another notification from Sunbird stated, “Good afternoon everyone. We are investigating the security issues raised in the last 24 hours. In an abundance of caution and to protect your confidential data, we are shutting down Sunbird media temporarily. We will keep you posted. Thank you & sincere apologies, for the inconvenience.
The shutdown of the Sunbird app comes shortly after Nothing pulled its much hyped Nothing Chats app from the Play Store — the company touted its app as a way to message iPhone users via Apple’s proprietary iMessage chat service while using the company’s Nothing Phone 2. The recently announced Nothing Chats and Sunbird — previously available to alpha testers — both ran on the latter’s service.
Over the weekend, 9to5Google reported on several issues with the Nothing Chats service that revealed that Sunbird was capable of accessing all messages and attachments (media, documents, and contact cards) that were received and sent via the Nothing chats app as they were public. Nothing Chats asks users to log in with their Apple ID, which would enable access to iMessage via a Mac server farm, according to reports.
Sunbird has access to every message sent and received through the app. They do this by abusing @getsentry, which is used to monitor errors.
But Sunbird logs messages, pretending they are errors.
Here are part of the requests (img 1, 3) and their entire “message” (img 2, 4) pic.twitter.com/pzwwQVWfOb
— Dylan Roussel (@evowizz) November 18, 2023
Meanwhile, rival messaging platform, Texts.com also published a blog post that highlighted several security flaws with the service — even demonstrating how the app’s claim of ‘end-to-end encrypted’ messages was false as the plain text version of these messages was easily accessible.
While Nothing has restricted the download of the Nothing Chats app, Sunbird appears to have shut down access to its app to fix the myriad of privacy and security issues plaguing the service. It is currently unclear when Nothing Phone 2 owners can expect to gain access to the service.
With Apple agreeing to implement support for RCS messaging in 2024, it’s only a matter of time before texting between iOS and Android users sees a vast improvement, which might negate the need for yet another third-party texting app.