{"id":55027,"date":"2023-11-18T18:09:51","date_gmt":"2023-11-18T18:09:51","guid":{"rendered":"https:\/\/entertainment.runfyers.com\/index.php\/2023\/11\/18\/nothing-chats-has-already-been-pulled-from-google-play-over-privacy-issues\/"},"modified":"2023-11-18T18:09:51","modified_gmt":"2023-11-18T18:09:51","slug":"nothing-chats-has-already-been-pulled-from-google-play-over-privacy-issues","status":"publish","type":"post","link":"https:\/\/entertainment.runfyers.com\/index.php\/2023\/11\/18\/nothing-chats-has-already-been-pulled-from-google-play-over-privacy-issues\/","title":{"rendered":"Nothing Chats has already been pulled from Google Play over privacy issues"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<div class=\"duet--article--article-body-component\">\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">Nothing has pulled the <a href=\"https:\/\/x.com\/nothing\/status\/1725902458189119690?s=20\" target=\"_blank\">Nothing Chats beta<\/a> from the Google Play store, saying it is \u201cdelaying the launch until further notice\u201d while it fixes \u201cseveral bugs.\u201d The app <a href=\"https:\/\/www.theverge.com\/2023\/11\/14\/23960516\/nothing-chats-imessage-android-phone\" target=\"_blank\" rel=\"noopener\">promised to let Nothing Phone 2 users text with iMessage<\/a>, but it required allowing Sunbird, who provides the platform, log into users\u2019 iCloud accounts on its own Mac Mini servers, which&#8230; isn\u2019t great?<\/p>\n<\/div>\n<div class=\"duet--article--article-body-component\">\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">The removal came after users widely shared a <a href=\"https:\/\/texts.blog\/2023\/11\/18\/sunbird-security\/\" target=\"_blank\" rel=\"noopener\">blog from Texts.com<\/a> showing that messages sent with Sunbird\u2019s system aren\u2019t actually end-to-end encrypted \u2014 and that it\u2019s not hard to compromise it. The app launched in beta yesterday after <a href=\"https:\/\/www.theverge.com\/2023\/11\/14\/23960516\/nothing-chats-imessage-android-phone\" target=\"_blank\" rel=\"noopener\">being announced earlier this week<\/a>.<\/p>\n<\/div>\n<div class=\"duet--article--article-body-component\">\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\"><a href=\"https:\/\/9to5google.com\/2023\/11\/18\/nothing-chats-sunbird-unencrypted-data-privacy-nightmare\/\" target=\"_blank\" rel=\"noopener\"><em>9to5Google <\/em>pointed<\/a> to a thread from <a href=\"https:\/\/x.com\/evowizz\/status\/1725872540873081000?s=20\" target=\"_blank\">site author Dylan Roussel<\/a>, who found that part of Sunbird\u2019s solution involves decrypting and transmitting messages using HTTP to a Firebase cloud-syncing server and storing them there in unencrypted plain text. <a href=\"https:\/\/twitter.com\/evowizz\/status\/1725872546396930082?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1725872546396930082%7Ctwgr%5E553b6d74b993b55ec5132706f9eb737c3d2402dc%7Ctwcon%5Es1_c10&amp;ref_url=https%3A%2F%2F9to5google.com%2F2023%2F11%2F18%2Fnothing-chats-sunbird-unencrypted-data-privacy-nightmare%2F\" target=\"_blank\" rel=\"noopener\">Roussel posted that<\/a> the company itself has access to messages because it logs them as errors using Sentry, a debugging service.<\/p>\n<\/div>\n<div class=\"duet--article--article-body-component\">\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\"><a href=\"https:\/\/x.com\/sunbirdapp\/status\/1725637821367746611?s=20\" target=\"_blank\">Sunbird claimed yesterday<\/a> that HTTP is \u201conly used as part of the one-off initial request from the app notifying back-end of the upcoming iMessage connection.\u201d <\/p>\n<\/div>\n<div class=\"duet--article--article-body-component\">\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">That was in response to someone pointing to <a href=\"https:\/\/texts.blog\/2023\/11\/18\/sunbird-security\/\" target=\"_blank\" rel=\"noopener\">Texts.com\u2019s blog<\/a> examining the vulnerability. Texts.com wrote that \u201can attacker subscribed to the Firebase realtime database will always be able to access the messages before or at the moment they are read by the user.\u201d The blog also points out that the company could look at messages in its Sentry dashboard, directly contradicting the <a href=\"https:\/\/go.redirectingat.com\/?xs=1&amp;id=1025X1701640&amp;url=https%3A%2F%2Fus.nothing.tech%2Fpages%2Fnothing-chats%23%3A~%3Atext%3DYes%252C%2520Nothing%2520Chats%2520is%2520built%2520on%2520Sunbird%25E2%2580%2599s%2520platform%2520and%2520all%2520Chats%2520messages%2520are%2520end%252Dto%252Dend%2520encrypted%252C%2520meaning%2520neither%2520we%2520nor%2520Sunbird%2520can%2520access%2520the%2520messages%2520you%25E2%2580%2599re%2520sending%2520and%2520receiving.\" target=\"_blank\" rel=\"noopener\">claim from Nothing\u2019s FAQ<\/a> that nobody at Sunbird can access messages that are sent or received.<\/p>\n<\/div>\n<div class=\"duet--article--article-body-component\">\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">We\u2019ve reached out to Nothing for further comment, but the company did not respond by press time.<\/p>\n<\/div>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/www.theverge.com\/2023\/11\/18\/23966781\/nothing-chats-imessage-unencrypted-sunbird-plaintext\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nothing has pulled the Nothing Chats beta from the Google Play store, saying it is \u201cdelaying the launch until further notice\u201d while it fixes \u201cseveral bugs.\u201d The app promised to let Nothing Phone 2 users text with iMessage, but it required allowing Sunbird, who provides the platform, log into users\u2019 iCloud accounts on its own [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":55028,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":{"0":"post-55027","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tech"},"_links":{"self":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/55027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/comments?post=55027"}],"version-history":[{"count":0,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/55027\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media\/55028"}],"wp:attachment":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media?parent=55027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/categories?post=55027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/tags?post=55027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}