Last week smartphone maker Nothing made waves by announcing plans to launch Nothing Chats, an app that promised to let users of its Android phones tap into Apple’s iMessage service. The promise was that users could use iMessage features like group chats, live typing indicators, and voice notes… and messages would show up on Apple devices as blue bubbles rather than green.
But less than 24 hours after launch, Nothing removed the app from the Google Play Store. Now the company that makes the software behind Nothing Chats has followed suit: the Sunbird app is no longer available from the Google Play Store, and the company has alerted existing users that Sunbird has “decided to pause Sunbird usage for now while we investigate security concerns.”
What are those security concerns? Basically the fact that there isn’t any.
Sunbird’s service basically tricks iMessage into thinking you’re using an Apple device. When you send a message to iMessage users via the Sunbird or Nothing Chats apps, you first have to login with an Apple ID, because your message is sent to a Mac that Sunbird has set up as a server and then forwarded to iMessage.
According to Sunbird’s website, all of your messages are end-to-end encrypted and none of your data is stored on the company’s servers.
But as soon as Nothing Chats launched, users did a little digging and discovered that messages were not encrypted and were actually being sent as insecure plain-text.
It’s unclear if the company has ever delivered on its promise to encrypt user data. While Sunbird got some publicity when its app first launched in private beta in December, 2022, the service surely came under significantly more scrutiny this month when a smartphone maker made the surprising announcement that it was building an iMessage for Android app for its users based on the back of Sunbird (which still hadn’t emerged from beta, and therefore had a limited user base).
So while both nothing and Sunbird have suggested that they’re putting their iMessage-for-Android plans on hold temporarily, I wouldn’t be surprised if neither ever resumes operations.