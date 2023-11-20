Nothing Chats, an Android app that promises iMessage support, has recently launched through its platform Sunbird. However, there have been alarming revelations that the app is not as secure as it claims to be. Sunbird has long boasted about its end-to-end encryption, ensuring a safe and private messaging experience. But recent findings suggest otherwise.

Independent researchers have discovered that user data can be accessed in plain text. Media attachments, including image files, are sent to Sentry with visible links in plain text. Additionally, all data is sent and stored through Firebase without any encryption. These findings have been verified 9to5Google.

Once a user authenticates with insecure JSON Web Tokens (JWT), they can access Nothing Chats’ Firebase database and view messages and files from other users in real-time and plain text. This includes vCards that contain personal information such as names, phone numbers, and email addresses.

It is important to note that Sunbird does not store user data on its own servers. However, over 630,000 media files, including images, videos, PDFs, audio, and more, are currently stored it via Firebase.

The privacy implications of these findings are significant. Both Sunbird and Nothing Chats have been promoting themselves as secure and private messaging platforms, but the reality seems to be quite the opposite. The lack of due diligence on the part of Nothing is particularly concerning.

Frequently Asked Questions

1. Is Nothing Chats end-to-end encrypted?

No, recent findings reveal that Nothing Chats is not fully end-to-end encrypted. User data can be accessed in plain text, compromising its security.

2. What data can be accessed in plain text?

All media attachments, including images, videos, audios, PDFs, and vCards containing personal information, can be accessed in plain text.

3. Is user data stored Sunbird?

Sunbird does not store user data on its own servers. However, over 630,000 media files are currently stored Sunbird through Firebase.

4. Has any action been taken to address these privacy issues?

Nothing has pulled Nothing Chats from the Play Store and will be delaying the launch to fix several bugs. The impact on Sunbird’s app remains unclear.

5. Should I download Nothing Chats or Sunbird?

No, it is advised not to download Nothing Chats or Sunbird due to the privacy concerns surrounding these platforms.