Sunbird, the company behind the iMessage app for Android that smartphone manufacturer Nothing embraced last week for its Nothing Chats app, has temporarily shut down the app following revelations of major privacy vulnerabilities. This also follows Nothing pulling the Nothing Chats app from the Play Store for the same reasons.
The app, which had been in closed alpha testing for some time, promised end-to-end encryption for user messages and files. However, it was discovered that this encryption was not properly implemented, allowing other users to easily access sensitive data.
Over 630,000 files were found to be vulnerable to this exploit, raising serious concerns about the app’s security. In response, Sunbird initially opted to block downloads of the app and sent a notification to existing users informing them that usage had been paused. However, the company has now decided to extend the suspension to all Sunbird services, not just the app for Android. In the notification to users shown below, Sunbird stated that it is investigating the security concerns and will provide an update when it is ready to resume service.
Sunbird temporarily on hold
Dear Sunbird User. We have decided to pause Sunbird usage for now while we investigate security concerns. We will update you when we are ready to proceed.
Turning off media
Good afternoon everyone. We are investigating the security issues raised in the last 24 hours. In an abundance of caution and to protect your confidential data, we are shutting down Sunbird media temporarily. We will keep you posted. Thank you, & sincere apologies for the inconvenience.
The privacy concerns surrounding Sunbird’s app are not the first red flags that have emerged. However, Sunbird’s website still maintains claims about end-to-end encryption and data privacy, despite the app’s shutdown and the ongoing investigation into security issues. The app is also not widely available for download via the Google Play Store, as it had until now only been available to alpha testers and those who were part of the Nothing Phone 2 “Nothing Chats” beta.
The temporary shutdown of Sunbird’s iMessage app for Android serves as a reminder of the importance of transparency and thorough security testing in the development of messaging applications. Users should always exercise caution when using third-party messaging apps and ensure that they understand the app’s encryption protocols and privacy policies.