Last week, Nothing made headlines again for its new Nothing Chats app. This intended to bring the possibility of using Apple’s iMessage on an Android smartphone to the Phone (2). But it doesn’t seem to have gone well.
A few hours after the app became available to users, Nothing was forced to remove it from the Google Play Store. In a statement on the social network X, Nothing said it was due to “correct several errors”. But it turned out that this statement does not tell the whole story.
Nothing Chats app exposed user data
As several media outlets reported, a technical analysis discovered that this withdrawal is due to security concerns. The app claims to have end-to-end encryption, but findings reveal that it exposed users’ data and images.
The discovery was initially made by Kishan Bagaria, founder of texts.com. Sunbird, providing this service to Nothing, would be deceiving users regarding the end-to-end encryption of messages.
Messages sent to Sunbird servers were, in fact, encrypted. However, the JSON Wеb Tokеns (JWT) generated by the service were later sent to another Sunbird server. And this sending already made them vulnerable.
Furthermore, messages would be decrypted and stored on Sunbird servers. In this way, they also ended up being susceptible to unauthorized access. These security issues can be attributed to Sunbird. However, it was Nothing that decided to work with this and assume that the removal of the app from the Play Store was just to “correct errors”.
It will now be interesting to see how this situation will progress. It all started because Apple didn’t support RCS when sending messages to Android. But in the meantime, the Cupertino manufacturer ended up announcing that it will bring this support at the beginning of 2024. We’ll see if, and when, there is room for Nothing Chats to return to the Google store. And what the repercussions will be for the young brand.