Sunbird Shuts Down iMessage App for Android Over Security Concerns

Sunbird, an app that is designed to deliver iMessages to Android devices, has been temporarily shut down due to security concerns. Sunbird this week sent out a notification to users letting them know about the shutdown (via 9to5Google).

sunbird app
Sunbird said that it was investigating security issues that had been raised by the Nothing Chats iMessage app, and shortly after, told users that Sunbird usage had been paused. "We will update you when we are ready to proceed," read the notification.

The Sunbird app was first introduced in late 2022, and it has been limited to customers that signed up for the waitlist. The Sunbird website describes the app as unifying "the world's most popular messaging apps" into a single app, with support for iMessage, SMS/MMS, Facebook Messenger, and WhatsApp.

Using Sunbird on an Android device allowed Android users to send messages to iPhone users that were delivered as iMessage "blue bubbles" rather than green text messages. The app claimed to have end-to-end encryption and confidential messaging for these Android to ‌iPhone‌ conversations, but those claims have been in question, leading to the pause in service.

Last week, Sunbird teamed up with smartphone manufacturer Nothing to launch "Nothing Chats," a messaging app that promised iMessage compatibility. The high-profile announcement led to a deep dive into how Nothing Chats worked and how Sunbird, as the backbone for the feature, functioned.

The Nothing Chats app required users to log in with their Apple ID, one of many red flags raised over Sunbird's security. Text.com looked into how Sunbird works, and found that it is sending a user's ‌Apple ID‌ credentials to a Sunbird server, where those credentials are authenticated using a virtual machine running macOS. ‌Apple ID‌ credentials were being sent over HTTP, which is unencrypted.

Nothing ended up pulling the Nothing Chats app from the Google Play Store less than 24 hours after it was announced, but Sunbird insisted that its service was secure and that ‌Apple ID‌ credentials and messages were "encrypted at all times." This turned out to be inaccurate, and there are vulnerabilities that could allow an attacker to intercept all Sunbird messages and media attachments. Sunbird employees also had direct access to a platform that stored message contents, contact information, and attachment URLs. 9to5Google discovered that Sunbird is storing more than 630,000 media files like images, videos, and PDFs from its users.

Texts.com ended up releasing a proof-of-concept app demonstrating how easy it was for iMessage conversations sent through Sunbird and Nothing Chats to be intercepted and viewed because the content was being sent in plain text.

Nothing said that the Nothing Chats app has been pulled "until further notice" as it works with Sunbird to "fix several bugs," but Sunbird has been quiet about the situation aside from the notification sent out to users. As Ars Technica points out, Sunbird's initial response to the security concerns does not seem to have come from "a competent developer," raising questions about Sunbird's ability to address the security problems.

Existing Sunbird and Nothing Chats users are advised to change their ‌Apple ID‌ passwords, remove the apps, and follow additional steps to remove their data. If the apps are reinstated, it is recommended that users do not download them.

Popular Stories

Apple Intelligence General Feature

Apple Intelligence Features Not Coming to European Union at Launch Due to DMA

Friday June 21, 2024 9:44 am PDT by
Apple today said that European customers will not get access to the Apple Intelligence, iPhone Mirroring, and SharePlay Screen Sharing features that are coming to the iPhone, iPad, and Mac this September due to regulatory issues related to the Digital Markets Act. In a statement to Financial Times, Apple said that there will be a delay as it works to figure out how to make the new...
iOS 18 on iPhone Feature

Everything New in iOS 18 Beta 2

Monday June 24, 2024 12:52 pm PDT by
Apple today released the second betas of iOS 18 and iPadOS 18 to developers, and the software adds support for new features that Apple is working on, plus it tweaks some of the interface changes that have been made in the updates. Apple will refine iOS 18 over the course of the next few months, with multiple changes and refinements expected from now until September. We've highlighted...
Apple WWDC24 Apple Intelligence hero 240610

Apple Explains iPhone 15 Pro Requirement for Apple Intelligence

Wednesday June 19, 2024 4:48 am PDT by
With iOS 18, iPadOS 18, and macOS Sequoia, Apple is introducing a new personalized AI experience called Apple Intelligence that uses on-device, generative large-language models to enhance the user experience across iPhone, iPad, and Mac. These new AI features require Apple's latest iPhone 15 Pro and iPhone 15 Pro Max models to work, while only Macs and iPads with M1 or later chips will...
amazon echo dot

Amazon Could Charge Up to $10/Month for Alexa

Friday June 21, 2024 2:55 pm PDT by
Apple competitor Amazon is working on a revamp of its Alexa assistant, and the new version could cost up to $10 per month, according to a report from Reuters. The upcoming version of Alexa will support conversational generative AI, and Amazon is planning for two tiers of service. There will be a free tier and a second, premium tier that is priced at $5 at a minimum, with Amazon considering...
top stories 22jun2024

Top Stories: Apple Watch X Rumors, New Final Cut App for iPhone, and More

Saturday June 22, 2024 6:00 am PDT by
The avalanche of news coming out of WWDC earlier this month is finally starting to slow, but that doesn't mean there wasn't still lots to talk about in Apple news and rumors this week. This week saw some additional rumors about the upcoming Apple Watch models, the release of major Final Cut Pro updates, the launch of Apple's annual Back to School promo in the U.S. and Canada, new...

Top Rated Comments

gatorvet96 Avatar
8 months ago
Wow. So very surprised that an app that has you give them you Apple-id and password to a unknown entity in an unknown location with unknown level of trust could have a security issue.

Sarcasm
Score: 33 Votes (Like | Disagree)
DMG35 Avatar
8 months ago
Well that was over before it even started.

Nothing needs a rag to wipe all of that egg off their face.
Score: 29 Votes (Like | Disagree)
JanoschR Avatar
8 months ago
That aged like a glass of milk ?
Score: 23 Votes (Like | Disagree)
breenmask Avatar
8 months ago
lol who thought this was a good idea
Score: 16 Votes (Like | Disagree)
GMShadow Avatar
8 months ago

Enjoy your new freedoms Europe. There will be more of this in due time coming your way in 2024.
"I loaded a bunch of sketchy apps, my credentials were stolen, and my bank account cleaned out! This is Apple's fault!"
Score: 14 Votes (Like | Disagree)
alexandr Avatar
8 months ago

Wild that anyone may have bought the Nothing phone based on the promise that it could send / receive iMessages
"Wild that anyone may have bought the Nothing phone." Fixed it for ya :)
Score: 13 Votes (Like | Disagree)