X

Concerning privacy, Nothing Chats were taken down from the Google Play Store.

Nothing Chats beta was once eliminated from the Google Play Store due to privateness concerns. The app, powered by way of the Sunbird messaging platform, allowed Nothing Phone customers to message iMessage users, following Apple’s current announcement of RCS support.

Reports point out that the launch is delayed due to trojan horse extermination efforts. The app required get entry to to users’ iCloud debts for texting with iMessage. Texts.blog known as Nothing Chats a reskinned, insecure model of the Sunbird app.

The reverse engineering group investigated and discovered that Sunbird and Nothing Chats required sending Apple ID credentials to their servers. The preliminary findings printed vulnerabilities affecting Nothing’s version.

The crew found protection issues, which include sending integral credentials over an unencrypted channel (HTTP). Despite Sunbird claiming ISO27001 certification, the investigation printed deceptive facts about end-to-end encryption.

Messages despatched to Sunbird’s servers had been encrypted, however JSON Web Tokens (JWT) have been despatched besides encryption to some other Sunbird server, making them inclined to interception.

Messages have been decrypted and saved on Sunbird servers, prone to unauthorized access. Texts.com intercepted JWTs, gaining get admission to to the Firebase real-time database and person facts with simply 23 traces of code.

While Sunbird is without delay accountable for privateness issues, Nothing obtained criticism for working with them and downplaying the state of affairs as “bugs.” It stays unsure if Nothing Chats can tackle these protection worries and return to the Play Store successfully.

Categories: News Technology
Neha Kamble:
X

Headline

You can control the ways in which we improve and personalize your experience. Please choose whether you wish to allow the following:

Privacy Settings

All rights received