Nothing Chats Privacy Issues

Nothing Chats beta app, promising iMessage access for Nothing Phone 2 users was removed from the Google Play Store due to privacy issues. It required access to user's iCloud accounts, raising security concerns. Security concerns were raised because it required access to customers' iCloud accounts. Analysis revealed that messages could be stolen since they were not fully encrypted.

Description

The Google Play Store has removed the Nothing Chats beta app, which allowed users of the Nothing Phone 2 to access iMessage with their messaging app services. Security issues were brought up by the app's functionality, which required Sunbird, the platform provider, to enter into users' iCloud accounts. Messages received across Sunbird's system were not end-to-end encrypted and were highly vulnerable to attacks, according to a Texts.com blog. After further investigations, Dylan Roussel of 9to5Google discovered that Sunbird's method included storing messages in plain text on a Firebase server, decrypting them, and sending them without encryption. This technique violated claims of message confidentiality and privacy by granting Sunbird access to messages. In response, Sunbird said that the iMessage connection was initially established just using HTTP. Texts.com brought focus to the Firebase database's vulnerability to potential attackers. Nothing didn't reply to calls for remarks, despite of all these concerns.

Laws and Regulations

California Consumer Privacy Act of (2018)
General Data Protection Regulation (GDPR)
The Information Technology Act(India)

Sources

https://www.theverge.com/2023/11/18/23966781/nothing-chats-imessage-unencrypted-sunbird-plaintext