Nothing, a tech startup led by Carl Pei, has pulled its Nothing Chats app from the Google Play Store, citing “several bugs” and alleged security concerns. The app, which was released in November 2023, was intended to allow Android users to communicate with iPhone users using iMessage.
However, the company has received criticism for the app’s security practices. According to a report by a security researcher, Nothing Chats transmitted login credentials for Apple IDs through HTTP, rather than the more secure HTTPS protocol. This means that login credentials could be intercepted by a third party.
We've removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs.— Nothing (@nothing) November 18, 2023
We apologise for the delay and will do right by our users.
In addition, the app was found to rely on a BlueBubbles-powered backend, which raised concerns about the privacy of user data. BlueBubbles is an open-source project that allows Android users to send and receive iMessages. However, the project has been criticized for its lack of transparency and for its reliance on third-party servers.
As a result of these concerns, Nothing has decided to remove the app from the Play Store until it can address the security issues. The company has apologized for the inconvenience and has said that it is working on a fix.
- Security is a top priority when developing any app that handles user data.
- It is important to use secure protocols like HTTPS to protect user credentials.
- Developers should be transparent about how they collect and use user data.
The beta version of Nothing Chats, a promising new messaging application, has been introduced to the public. This innovative platform brings fresh features to the messaging landscape, offering users a unique and potentially enhanced communication experience. Despite the anticipation, critics have expressed reservations regarding potential security risks associated with the app, highlighting the need for careful scrutiny and robust safety measures to protect user data and privacy.
In response to user concerns and criticism, the app faced removal after users shared a blog post outlining potential vulnerabilities. The decision was made to address and rectify any security issues identified by the user community. Texts.com’s reverse engineering team played a key role in uncovering vulnerabilities, specifically identifying that Sunbird, the company behind Nothing Chats, utilized HTTP only for the initial setup process. This discovery underscores the importance of maintaining robust security protocols throughout the app’s development to ensure user confidence and data protection.