Sunbird Shuts Down iMessage App for Android Over Security Concerns

by

Sunbird, an app that is designed to deliver iMessages to Android devices, has been temporarily shut down due to security concerns. Sunbird this week sent out a notification to users letting them know about the shutdown (via 9to5Google).

sunbird app
Sunbird said that it was investigating security issues that had been raised by the Nothing Chats iMessage app, and shortly after, told users that Sunbird usage had been paused. "We will update you when we are ready to proceed," read the notification.

The Sunbird app was first introduced in late 2022, and it has been limited to customers that signed up for the waitlist. The Sunbird website describes the app as unifying "the world's most popular messaging apps" into a single app, with support for iMessage, SMS/MMS, Facebook Messenger, and WhatsApp.

Using Sunbird on an Android device allowed Android users to send messages to iPhone users that were delivered as iMessage "blue bubbles" rather than green text messages. The app claimed to have end-to-end encryption and confidential messaging for these Android to ‌iPhone‌ conversations, but those claims have been in question, leading to the pause in service.

Last week, Sunbird teamed up with smartphone manufacturer Nothing to launch "Nothing Chats," a messaging app that promised iMessage compatibility. The high-profile announcement led to a deep dive into how Nothing Chats worked and how Sunbird, as the backbone for the feature, functioned.

The Nothing Chats app required users to log in with their Apple ID, one of many red flags raised over Sunbird's security. Text.com looked into how Sunbird works, and found that it is sending a user's ‌Apple ID‌ credentials to a Sunbird server, where those credentials are authenticated using a virtual machine running macOS. ‌Apple ID‌ credentials were being sent over HTTP, which is unencrypted.

Nothing ended up pulling the Nothing Chats app from the Google Play Store less than 24 hours after it was announced, but Sunbird insisted that its service was secure and that ‌Apple ID‌ credentials and messages were "encrypted at all times." This turned out to be inaccurate, and there are vulnerabilities that could allow an attacker to intercept all Sunbird messages and media attachments. Sunbird employees also had direct access to a platform that stored message contents, contact information, and attachment URLs. 9to5Google discovered that Sunbird is storing more than 630,000 media files like images, videos, and PDFs from its users.

Texts.com ended up releasing a proof-of-concept app demonstrating how easy it was for iMessage conversations sent through Sunbird and Nothing Chats to be intercepted and viewed because the content was being sent in plain text.

Nothing said that the Nothing Chats app has been pulled "until further notice" as it works with Sunbird to "fix several bugs," but Sunbird has been quiet about the situation aside from the notification sent out to users. As Ars Technica points out, Sunbird's initial response to the security concerns does not seem to have come from "a competent developer," raising questions about Sunbird's ability to address the security problems.

Existing Sunbird and Nothing Chats users are advised to change their ‌Apple ID‌ passwords, remove the apps, and follow additional steps to remove their data. If the apps are reinstated, it is recommended that users do not download them.

Tags: Android, iMessage, Nothing

Top Rated Comments

gatorvet96 Avatar
gatorvet96
23 weeks ago
Wow. So very surprised that an app that has you give them you Apple-id and password to a unknown entity in an unknown location with unknown level of trust could have a security issue.

Sarcasm
Score: 33 Votes (Like | Disagree)
DMG35 Avatar
DMG35
23 weeks ago
Well that was over before it even started.

Nothing needs a rag to wipe all of that egg off their face.
Score: 29 Votes (Like | Disagree)
JanoschR Avatar
JanoschR
23 weeks ago
That aged like a glass of milk ?
Score: 23 Votes (Like | Disagree)
breenmask Avatar
breenmask
23 weeks ago
lol who thought this was a good idea
Score: 16 Votes (Like | Disagree)
GMShadow Avatar
GMShadow
23 weeks ago

Enjoy your new freedoms Europe. There will be more of this in due time coming your way in 2024.
"I loaded a bunch of sketchy apps, my credentials were stolen, and my bank account cleaned out! This is Apple's fault!"
Score: 14 Votes (Like | Disagree)
alexandr Avatar
alexandr
23 weeks ago

Wild that anyone may have bought the Nothing phone based on the promise that it could send / receive iMessages
"Wild that anyone may have bought the Nothing phone." Fixed it for ya :)
Score: 13 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 18 Siri Integrated Feature

iOS 18 Rumored to Add These 10 New Features to Your iPhone

Wednesday April 24, 2024 2:05 pm PDT by
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the "biggest" update in the iPhone's history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more....
Read Full Article
apple id account

Apple ID Accounts Logging Out Users and Requiring Password Reset

Saturday April 27, 2024 12:41 am PDT by
There are widespread reports of Apple users being locked out of their Apple ID overnight for no apparent reason, requiring a password reset before they can log in again. Users say the sudden inexplicable Apple ID sign-out is occurring across multiple devices. When they attempt to sign in again they are locked out of their account and asked to reset their password in order to regain access. ...
Read Full Article354 comments
macos sonoma feature purple green

Apple's Regular Mac Base RAM Boosts Ended When Tim Cook Took Over

Friday April 26, 2024 6:34 am PDT by
Apple used to regularly increase the base memory of its Macs up until 2011, the same year Tim Cook was appointed CEO, charts posted on Mastodon by David Schaub show. Earlier this year, Schaub generated two charts: One showing the base memory capacities of Apple's all-in-one Macs from 1984 onwards, and a second depicting Apple's consumer laptop base RAM from 1999 onwards. Both charts were...
Read Full Article419 comments
maxresdefault

The MacRumors Show: Apple's iPad Event Finally Announced!

Friday April 26, 2024 8:31 am PDT by
On this week's episode of The MacRumors Show, we discuss the announcement of Apple's upcoming "Let loose" event, where the company is widely expected to announce new iPad models and accessories. Subscribe to The MacRumors Show YouTube channel for more videos Apple's event invite shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Apple CEO Tim...
Read Full Article42 comments
ipad pro 2022

Apple Event Rumors: iPad Pro With M4 Chip and New Apple Pencil With Haptic Feedback

Sunday April 28, 2024 6:19 am PDT by
In his Power On newsletter today, Bloomberg's Mark Gurman outlined some of the new products he expects Apple to announce at its "Let Loose" event on May 7. First, Gurman now believes there is a "strong possibility" that the upcoming iPad Pro models will be equipped with Apple's next-generation M4 chip, rather than the M3 chip that debuted in the MacBook Pro and iMac six months ago. He said a ...
Read Full Article230 comments
maxresdefault

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Tuesday April 23, 2024 7:11 am PDT by
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article280 comments