Nothing Chats, an app similar to iMessage that launched earlier this week, has been removed from the Google Play Store. The company gives “several bugs” as the reason, stating the need for fixes before a re-launch.
However, reports suggest other reasons for the app’s removal. There are claims that significant security issues, not just “bugs,” led to its withdrawal. Technical analysis by Rida F’kih of Texts.com, along with Twitter users @batuhan and @1ConanEdogowa, points to concerns with the app’s security, particularly regarding message encryption.
The app’s service provider, Sunbird reportedly misled users about the security of messages. Signing up for Nothing Chats required using an Apple ID on Sunbird servers, operated through a Mac mini with a virtual machine. While Sunbird claimed messages were encrypted, further investigation revealed flaws. The JSON Web Tokens (JWT) used by the service were found to be transmitted unencrypted to another server without SSL, making them vulnerable to interception.
Furthermore, it was discovered that messages are decrypted and stored on Sunbird servers, posing a risk of unauthorized access. Texts.com demonstrated the vulnerability by intercepting the JWT and accessing all user information and conversations with just 23 lines of code.
The author of the report also provided a website demonstrating how someone with code knowledge could intercept their messages, particularly concerning for users of the Nothing Chats app.
The responsibility for these privacy issues lies with Sunbird. However, Nothing’s decision to collaborate with Sunbird has drawn criticism, particularly for labeling the situation as “bugs,” which many view as misleading.
The tech community is now waiting to see how Nothing company will address these issues when the app returns to the store. With Apple announcing RCS support, the necessity and safety of using third-party services like Nothing Chats, particularly with an Apple ID, are being questioned.
YOU CAN FOLLOW US ON– Telegram, Twitter, WhatsApp, and Google News