The launch of the Sunbird app, ‘Nothing Chats’, made headlines last week after promising to solve all the current issues users face with Android/iPhone text threads. The app was supposed to allow Phone (2) users to connect their Apple IDs and access iMessage on their Android devices, eliminating low-quality images, videos, and random glitches in group messages. Soon after its launch, however, the app was taken down from the Google Play store, citing privacy and security issues.
While the app and Sunbird advertise the end-to-end encryption of the service, the platforms put user data in jeopardy. This is because they require users to sign into a third-party Mac with their Apple ID. When users connect to Nothing Chats with their Apple ID, they are actually logging into a Mac Mini in a Sunbird server farm in the US or Europe which routes their messages from Android to iOS.
Questions surrounding the safety of the app pointed out that one breach of Sunbird’s servers could expose all of the connected devices and data to vulnerabilities. These concerns over the promised security of the end-to-end encryption for user messages and files turned into reality on the launch date. 9to5Google reports that over 630,000 files of data stored were easily accessible to other users and private messages were downloaded with only a short bit of code. Soon thereafter, Sunbird and Nothing blocked the download of the app from the Google Play store to “fix several bugs.”
The privacy nightmare of Nothing Chats brings forth an important cyber safety lesson. Before giving a third-party app access to personal information, it is important to understand the full extent of the risks involved. An app may offer a service that is functional and helpful, but that does not mean it is worth compromising your data. Always do your research and ask the right questions before giving up your information.