Sunbird, the pretty sketchy iMessage app for Android, has been exposed as having major privacy concerns, and has now opted to shut down the app for the time being.
Sunbird first announced its iMessage app for Android in late 2022 and has been offering the app in a closed alpha problem for a while now. But, more recently, the company caught further attention for partnering with Nothing for the “Nothing Chats” app that offered iMessage on the Nothing Phone (2). The app was ultimately only available for less than a day, though, as major privacy concerns came to light.
As we broke down over the weekend, Nothing Chats, and in turn Sunbird, failed to live up to the promise of end-to-end encryption for user messages and files, with that data relatively easy to access by other users. We found over 630,000 files accessible through this vulnerability, where Sunbird had claimed that data was not stored on its own servers – technically true, as the data was stored via Firebase.
You can read a full breakdown of the security issues in our previous coverage.
Nothing, in response to the problems, opted to block downloads of Nothing Chats almost immediately. Further, a notification was sent to users who had set up the app that usage of the app had been “paused.”
As it turns out, Sunbird has opted to do this not just for Nothing’s app, but for its own services. Users in the r/Sunbird subreddit showed a notification where Sunbird explains that it has paused usage of the app “for now” as it investigates concerns – the same phrasing was sent via Nothing Chats today, but to Sunbird users on November 18.
Dear Sunbird User. We have decided to pause Sunbird usage for now while we investigate security concerns. We will update you…
… read more 9to5google.com
