Last week smartphone maker Nothing made waves by announcing plans to launch Nothing Chats, an app that promised to let users of its Android phones tap into Apple’s iMessage service. The promise was that users could use iMessage features like group chats, live typing indicators, and voice notes… and messages would show up on Apple devices as blue bubbles rather than green.

But less than 24 hours after launch, Nothing removed the app from the Google Play Store. Now the company that makes the software behind Nothing Chats has followed suit: the Sunbird app is no longer available from the Google Play Store, and the company has alerted existing users that Sunbird has “decided to pause Sunbird usage for now while we investigate security concerns.”

What are those security concerns? Basically the fact that there isn’t any.

Sunbird’s service basically tricks iMessage into thinking you’re using an Apple device. When you send a message to iMessage users via the Sunbird or Nothing Chats apps, you first have to login with an Apple ID, because your message is sent to a Mac that Sunbird has set up as a server and then forwarded to iMessage.

According to Sunbird’s website, all of your messages are end-to-end encrypted and none of your data is stored on the company’s servers.

But as soon as Nothing Chats launched, users did a little digging and discovered that messages were not encrypted and were actually being sent as insecure plain-text.

It’s unclear if the company has ever delivered on its promise to encrypt user data. While Sunbird got some publicity when its app first launched in private beta in December, 2022, the service surely came under significantly more scrutiny this month when a smartphone maker made the surprising announcement that it was building an iMessage for Android app for its users based on the back of Sunbird (which still hadn’t emerged from beta, and therefore had a limited user base).

So while both nothing and Sunbird have suggested that they’re putting their iMessage-for-Android plans on hold temporarily, I wouldn’t be surprised if neither ever resumes operations.

via Ars Technica, 9to5Google, and The Verge

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,500 other subscribers

Join the Conversation

1 Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. The end to end encryption on imessage, just like Google’s E2EE (apparently shared with Samsung and no one else) on RCS, only really makes sure that the service provider’s proprietary clients can read the data, where it can be extracted for analytics and if anyone pays them enough.
    And of course, fundamentally, you can only encrypt the messages between the phone and the mac mini, where they have to be decrypted before being re-encrypted to be passed along to apples servers as imessages. But at least Airmessage and BlueBubbles has the decency to do that. I’m surprised Sunbird wasn’t just using either of these.

    Reply