Apple has announced that it will start supporting RCS in its Messages app after many years of holding out. But, shortly before Apple's revelation, phone maker Nothing launched an alternative solution – and it's turned out to be a privacy and security disaster.
Called Nothing Chats, in theory it would have allowed Android users to have an iMessage-like experience when talking to Apple users, with blue text bubbles in place of the green ones currently shown if someone is messaging from Android. It wouldn’t have replicated some other iMessage features, though, like editable texts.
Thread time!Summary:- Sunbird has access to every message sent and received through the app on your device.- All of the documents (images, videos, audios, pdfs, vCards...) sent through Nothing Chat AND Sunbird are public.- Nothing Chats is not end-to-end encrypted.November 18, 2023
However, there was a serious problem with Nothing Chats: it was a privacy nightmare. In order to use it, you needed to hand over your iCloud login details, with no guarantee that this information would be safely stored by Nothing or Sunbird, the company that developed Nothing Chats.
Things got worse when it was revealed by developer Dylan Roussel (via AppleInsider) that Sunbird had access to every single message sent using the service, including texts, images, videos and more. It achieved this by abusing the Senty error-detection tool: instead of using it to log errors, Sunbird used it to capture entire messages and then pretend that they were errors.
A security nightmare
It didn’t end there. As further detailed by Roussel, anyone could access these messages, and Nothing Chats hadn’t implemented any kind of end-to-end encryption at all – despite claiming that it had.
The lack of attention paid to security and privacy concerns is quite incredible given the size of Nothing, and the numbers of customers it presumably sought to attract to Nothing Chats. Roussel called it “probably the biggest ‘privacy nightmare’ I’ve seen by a phone manufacturer in years.”
These lapses led to the Nothing Chats app being pulled from the Google Play Store over the weekend, a rapid and ignominious demise for what Nothing founder Carl Pei originally called a “naughty idea.” As per Europe’s GDPR privacy statue, Sunbird now has 72 hours to notify potential victims after being made aware of the app’s problems.
If there’s one thing Apple does extremely well, it’s protect its users privacy. We don’t yet know exactly how Apple will incorporate RCS into its Messages app, but it’s a good bet that it’ll be a more competent rollout than Nothing Chats.