Nothing Chats, launched then pulled in just a week -

Nothing Chat, the messaging app by Nothing, encountered a setback: The beta version was removed from the Play Store just one day after its initial release. The official launch has been postponed to allow for further evaluation and improvement.

We've removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs.

We apologise for the delay and will do right by our users.
— Nothing (@nothing) November 18, 2023

Nothing Chat” was developed in collaboration with Sunbird and promised end-to-end encrypted messaging with blue bubbles, aiming to address communication challenges between Android and iPhones by supporting both RCS and iMessage. Critics expressed concerns about potential security risks associated with these solutions.

9to5Google and Text.com exposed security risks, revealing that contrary to Nothing and Sunbird’s claims, the app was not actually end-to-end encrypted. Sunbird stored messages in plain text at Sentry and Firebase, where unencrypted authentication tokens could be intercepted, allowing unauthorized parties to access messages.

texts team took a quick look at the tech behind nothing chats and found out it's extremely insecure

it's not even using HTTPS, credentials are sent over plaintext HTTP

backend is running an instance of BlueBubbles, which doesn't support end-to-end encryption yet pic.twitter.com/IcWyIbKE86
— Kishan Bagaria (@KishanBagaria) November 17, 2023

Among various bugs, 9to5Google found that media files sent via Nothing Chat were publicly accessible, with 630,000 stored by Sunbird. The decision to remove the app followed the publication of a blog post by Texts.com, which revealed the lack of end-to-end encryption in the Sunbird system, the basis of the app. While messages to the Sunbird servers were encrypted, they could be intercepted when sending unencrypted JSON web tokens to another server. The messages were decrypted and stored on the Sunbird servers, where they were vulnerable to unauthorized access. Texts.com intercepted JWTs and gained access to the Firebase real-time database and user information with minimal code.

In light of the security concerns raised by the Nothing Chat incident, users are reminded of the importance of staying vigilant when adopting new messaging apps. It’s crucial to thoroughly evaluate the claims made by developers and to be cautious when submitting sensitive data until the security of an app has been thoroughly vetted. In addition, this incident should stimulate a broader community dialog about messaging app security. By encouraging collaboration between users, developers, and regulators, joint efforts can be made to establish best practices, share insights, and ensure that messaging apps prioritize privacy and data security in both design and implementation.

Nothing Chats, launched then pulled in just a week

Like this:

Similar Posts

IKEA expands the VAPPEBY range with a new waterproof speaker

HTC: The Once-Great Smartphone Maker That Lost Its Way

The trash crisis, trade war, and trash collection