- Nothing Chats, a rival to apps like Beeper and AirMessage, advertised itself as a secure platform for sending messages to iMessage users.
- However, less than 24 hours after its launch, investigations into the app revealed that Nothing Chats logged every message in plain text and stored unencrypted data, including text messages, images, videos, and more, making it a significant privacy and security risk.
- The company removed the app from the Play Store following these complaints, citing “several bugs” that need fixing.
IMHO, the big fuck up is on the business side of the fence. Their product’s success rides on Apple not sicking their giant legal team on them. They needed to play this carefully. AKA, they needed to live up to the security promises.
Now they’re in the press for being an iMessage security vulnerability, and security is something Apple spends a LOT of marketing money on.
Apple is going to want to protect that image, and I wouldn’t be surprised if they come for Sunbird in the coming weeks.
They played this fast and loose, and it will probably cost them.
Yeah very much this. Their way of running a bunch of Macs intercepting iCloud messages was already sketchy, so I was surprised Apple hadn’t come for them sooner. But now that it turns out everything was being stored unencrypted in plaintext? Apple’s legal team couldn’t be happier, they did their jobs for them.
My guess is that they would care less about people who decide to sign up for this service, but they are going to care about the customers on the other end of the line. AKA, the people who are not tunneling through Sunbird, and don’t know they’re communicating with a compromised user.
That’s definitely true, if they follow their “Apple is the most secure consumer electronics manufacturer” PR strategy, they will be intent to try to trace what accounts were communicating with whom, and alert said Apple users about potential data breaches. Tbh, while it fits their MO of being really good at PR, it’s also just generally a good thing. People should know if messages they sent that they thought were secure turned out not to be.