Sunbird Shuts Down iMessage App for Android Over Security Concerns

Sunbird, an app that is designed to deliver iMessages to Android devices, has been temporarily shut down due to security concerns. Sunbird this week sent out a notification to users letting them know about the shutdown (via 9to5Google).

sunbird app
Sunbird said that it was investigating security issues that had been raised by the Nothing Chats iMessage app, and shortly after, told users that Sunbird usage had been paused. "We will update you when we are ready to proceed," read the notification.

The Sunbird app was first introduced in late 2022, and it has been limited to customers that signed up for the waitlist. The Sunbird website describes the app as unifying "the world's most popular messaging apps" into a single app, with support for iMessage, SMS/MMS, Facebook Messenger, and WhatsApp.

Using Sunbird on an Android device allowed Android users to send messages to iPhone users that were delivered as iMessage "blue bubbles" rather than green text messages. The app claimed to have end-to-end encryption and confidential messaging for these Android to ‌iPhone‌ conversations, but those claims have been in question, leading to the pause in service.

Last week, Sunbird teamed up with smartphone manufacturer Nothing to launch "Nothing Chats," a messaging app that promised iMessage compatibility. The high-profile announcement led to a deep dive into how Nothing Chats worked and how Sunbird, as the backbone for the feature, functioned.

The Nothing Chats app required users to log in with their Apple ID, one of many red flags raised over Sunbird's security. Text.com looked into how Sunbird works, and found that it is sending a user's ‌Apple ID‌ credentials to a Sunbird server, where those credentials are authenticated using a virtual machine running macOS. ‌Apple ID‌ credentials were being sent over HTTP, which is unencrypted.

Nothing ended up pulling the Nothing Chats app from the Google Play Store less than 24 hours after it was announced, but Sunbird insisted that its service was secure and that ‌Apple ID‌ credentials and messages were "encrypted at all times." This turned out to be inaccurate, and there are vulnerabilities that could allow an attacker to intercept all Sunbird messages and media attachments. Sunbird employees also had direct access to a platform that stored message contents, contact information, and attachment URLs. 9to5Google discovered that Sunbird is storing more than 630,000 media files like images, videos, and PDFs from its users.

Texts.com ended up releasing a proof-of-concept app demonstrating how easy it was for iMessage conversations sent through Sunbird and Nothing Chats to be intercepted and viewed because the content was being sent in plain text.

Nothing said that the Nothing Chats app has been pulled "until further notice" as it works with Sunbird to "fix several bugs," but Sunbird has been quiet about the situation aside from the notification sent out to users. As Ars Technica points out, Sunbird's initial response to the security concerns does not seem to have come from "a competent developer," raising questions about Sunbird's ability to address the security problems.

Existing Sunbird and Nothing Chats users are advised to change their ‌Apple ID‌ passwords, remove the apps, and follow additional steps to remove their data. If the apps are reinstated, it is recommended that users do not download them.

Popular Stories

iOS 18

iOS 18.4 Will Include These New Features for Your iPhone

Wednesday February 5, 2025 7:15 am PST by
iOS 18.3 was released last month, so the first iOS 18.4 beta should be coming soon. iOS 18.4 is expected to be a more substantial update for the iPhone, with several new features and changes related to Apple Intelligence and beyond. Apple's website suggests that iOS 18.4 will be released in April, following beta testing. Below, we outline what to expect from the update so far. Apple...
iCloud General Feature Redux

iPhone Users Who Pay for iCloud Storage Receive an All-New Perk

Thursday February 6, 2025 11:21 am PST by
If you pay for iCloud storage on your iPhone, Apple has a new perk for you, at no additional cost. iCloud+ is the official name for Apple's paid iCloud storage plans, which range from 50GB for $0.99 per month to 12TB for $59.99 per month in the United States. iCloud+ plans already come with multiple perks for free, such as Hide My Email and HomeKit Secure Video, and now there is another one...
iPhone SE 4 Single Camera Thumb

iPhone SE 4 Launching as Soon as Next Week

Thursday February 6, 2025 3:30 pm PST by
Apple's next-generation iPhone SE could debut as soon as next week with a launch to follow later in February, reports Bloomberg's Mark Gurman. Apple isn't expected to hold an event for the iPhone SE 4, and will instead unveil the device through a press release. The iPhone SE 4 is expected to have an iPhone 14-style design, with Apple eliminating the thick bezels and Touch ID Home button of...
iOS 18

iOS 18.3.1 Update Coming Soon for iPhones

Thursday February 6, 2025 7:31 am PST by
Apple is internally testing iOS 18.3.1 for iPhones, according to our website's analytics logs, which have been a consistently reliable indicator of upcoming iOS versions. The software update should be released within the next few weeks. iOS 18.3.1 should be a minor update that addresses software bugs and/or security vulnerabilities. Apple Intelligence notification summaries for news and...
maxresdefault

An Apple TV Refresh is Coming in 2025 - Here's What You Should Know

Wednesday February 5, 2025 10:17 am PST by
Apple hasn't refreshed the Apple TV since 2022, but rumors suggest that we're finally going to get an update in 2025. We don't have a full picture of what to expect yet, but we have some hints on what's coming. Subscribe to the MacRumors YouTube channel for more videos. Updated A-Series Chip The current Apple TV 4K uses the A15 Bionic chip that was in the iPhone 13 lineup, and it's time for...
iCloud General Feature Redux

Apple Ordered by UK to Create Global iCloud Encryption Backdoor

Friday February 7, 2025 2:37 am PST by
The British government has secretly demanded that Apple give it blanket access to all encrypted user content uploaded to the cloud, reports The Washington Post. The undisclosed order is said to have been issued last month, and requires that Apple creates a back door that allows UK security officials unencumbered access to encrypted user data worldwide – an unprecedented demand not before...
Apple Leak Feature

Apple Leaker Issues Apology: 'Profound and Expensive Mistake'

Friday February 7, 2025 9:21 am PST by
Last year, we reported that Apple sued its former software engineer Andrew Aude for providing journalists with confidential information about the company's future plans, including details about the Journal app, Vision Pro headset, and more. As reported by 9to5Mac, the Superior Court of Santa Clara County on Thursday dismissed the lawsuit after Apple and Aude reached an agreement to resolve...
apple wallet drivers license feature iPhone 15 pro

iPhone Driver's Licenses to Expand to These 7 U.S. States

Wednesday February 5, 2025 6:27 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Below, we outline which U.S. states and territories offer the feature, and additional states that have committed to rolling it out in...

Top Rated Comments

gatorvet96 Avatar
16 months ago
Wow. So very surprised that an app that has you give them you Apple-id and password to a unknown entity in an unknown location with unknown level of trust could have a security issue.

Sarcasm
Score: 33 Votes (Like | Disagree)
DMG35 Avatar
16 months ago
Well that was over before it even started.

Nothing needs a rag to wipe all of that egg off their face.
Score: 29 Votes (Like | Disagree)
JanoschR Avatar
16 months ago
That aged like a glass of milk ?
Score: 23 Votes (Like | Disagree)
breenmask Avatar
16 months ago
lol who thought this was a good idea
Score: 16 Votes (Like | Disagree)
GMShadow Avatar
16 months ago

Enjoy your new freedoms Europe. There will be more of this in due time coming your way in 2024.
"I loaded a bunch of sketchy apps, my credentials were stolen, and my bank account cleaned out! This is Apple's fault!"
Score: 14 Votes (Like | Disagree)
alexandr Avatar
16 months ago

Wild that anyone may have bought the Nothing phone based on the promise that it could send / receive iMessages
"Wild that anyone may have bought the Nothing phone." Fixed it for ya :)
Score: 13 Votes (Like | Disagree)