Sunbird Shuts Down iMessage App for Android Over Security Concerns

by

Sunbird, an app that is designed to deliver iMessages to Android devices, has been temporarily shut down due to security concerns. Sunbird this week sent out a notification to users letting them know about the shutdown (via 9to5Google).

sunbird app
Sunbird said that it was investigating security issues that had been raised by the Nothing Chats iMessage app, and shortly after, told users that Sunbird usage had been paused. "We will update you when we are ready to proceed," read the notification.

The Sunbird app was first introduced in late 2022, and it has been limited to customers that signed up for the waitlist. The Sunbird website describes the app as unifying "the world's most popular messaging apps" into a single app, with support for iMessage, SMS/MMS, Facebook Messenger, and WhatsApp.

Using Sunbird on an Android device allowed Android users to send messages to iPhone users that were delivered as iMessage "blue bubbles" rather than green text messages. The app claimed to have end-to-end encryption and confidential messaging for these Android to ‌iPhone‌ conversations, but those claims have been in question, leading to the pause in service.

Last week, Sunbird teamed up with smartphone manufacturer Nothing to launch "Nothing Chats," a messaging app that promised iMessage compatibility. The high-profile announcement led to a deep dive into how Nothing Chats worked and how Sunbird, as the backbone for the feature, functioned.

The Nothing Chats app required users to log in with their Apple ID, one of many red flags raised over Sunbird's security. Text.com looked into how Sunbird works, and found that it is sending a user's ‌Apple ID‌ credentials to a Sunbird server, where those credentials are authenticated using a virtual machine running macOS. ‌Apple ID‌ credentials were being sent over HTTP, which is unencrypted.

Nothing ended up pulling the Nothing Chats app from the Google Play Store less than 24 hours after it was announced, but Sunbird insisted that its service was secure and that ‌Apple ID‌ credentials and messages were "encrypted at all times." This turned out to be inaccurate, and there are vulnerabilities that could allow an attacker to intercept all Sunbird messages and media attachments. Sunbird employees also had direct access to a platform that stored message contents, contact information, and attachment URLs. 9to5Google discovered that Sunbird is storing more than 630,000 media files like images, videos, and PDFs from its users.

Texts.com ended up releasing a proof-of-concept app demonstrating how easy it was for iMessage conversations sent through Sunbird and Nothing Chats to be intercepted and viewed because the content was being sent in plain text.

Nothing said that the Nothing Chats app has been pulled "until further notice" as it works with Sunbird to "fix several bugs," but Sunbird has been quiet about the situation aside from the notification sent out to users. As Ars Technica points out, Sunbird's initial response to the security concerns does not seem to have come from "a competent developer," raising questions about Sunbird's ability to address the security problems.

Existing Sunbird and Nothing Chats users are advised to change their ‌Apple ID‌ passwords, remove the apps, and follow additional steps to remove their data. If the apps are reinstated, it is recommended that users do not download them.

Tags: Android, iMessage, Nothing

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Production Will Reportedly Begin Ramping Up in October

Tuesday July 23, 2024 2:00 pm PDT by
Following nearly two years of rumors about a fourth-generation iPhone SE, The Information today reported that Apple suppliers are finally planning to begin ramping up mass production of the device in October of this year. If accurate, that timeframe would mean that the next iPhone SE would not be announced alongside the iPhone 16 series in September, as expected. Instead, the report...
Read Full Article68 comments
iPhone 17 Plus Feature

iPhone 17 Lineup Specs Detail Display Upgrade and New High-End Model

Monday July 22, 2024 4:33 am PDT by
Key details about the overall specifications of the iPhone 17 lineup have been shared by the leaker known as "Ice Universe," clarifying several important aspects of next year's devices. Reports in recent months have converged in agreement that Apple will discontinue the "Plus" iPhone model in 2025 while introducing an all-new iPhone 17 "Slim" model as an even more high-end option sitting...
Read Full Article160 comments
Generic iPhone 17 Feature With Full Width Dynamic Island

Kuo: Ultra-Thin iPhone 17 to Feature A19 Chip, Single Rear Camera, Semi-Titanium Frame, and More

Wednesday July 24, 2024 9:06 am PDT by
Apple supply chain analyst Ming-Chi Kuo today shared alleged specifications for a new ultra-thin iPhone 17 model rumored to launch next year. Kuo expects the device to be equipped with a 6.6-inch display with a current-size Dynamic Island, a standard A19 chip rather than an A19 Pro chip, a single rear camera, and an Apple-designed 5G chip. He also expects the device to have a...
Read Full Article162 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Less Than Two Months Away: Everything We Know

Thursday July 25, 2024 5:43 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article130 comments
icloud private relay outage

iCloud Private Relay Experiencing Outage

Thursday July 25, 2024 3:18 pm PDT by
Apple’s iCloud Private Relay service is down for some users, according to Apple’s System Status page. Apple says that the iCloud Private Relay service may be slow or unavailable. The outage started at 2:34 p.m. Eastern Time, but it does not appear to be affecting all iCloud users. Some impacted users are unable to browse the web without turning iCloud Private Relay off, while others are...
Read Full Article80 comments
iPhone 17 Plus Feature Purple

iPhone 17 Rumored to Feature Mechanical Aperture

Tuesday July 23, 2024 9:32 am PDT by
Apple is planning to release at least one iPhone 17 model next year with mechanical aperture, according to a report published today by The Information. The mechanical system would allow users to adjust the size of the iPhone 17's aperture, which refers to the opening of the camera lens through which light enters. All existing iPhone camera lenses have fixed apertures, but some Android...
Read Full Article60 comments

Top Rated Comments

gatorvet96 Avatar
gatorvet96
9 months ago
Wow. So very surprised that an app that has you give them you Apple-id and password to a unknown entity in an unknown location with unknown level of trust could have a security issue.

Sarcasm
Score: 33 Votes (Like | Disagree)
DMG35 Avatar
DMG35
9 months ago
Well that was over before it even started.

Nothing needs a rag to wipe all of that egg off their face.
Score: 29 Votes (Like | Disagree)
JanoschR Avatar
JanoschR
9 months ago
That aged like a glass of milk ?
Score: 23 Votes (Like | Disagree)
breenmask Avatar
breenmask
9 months ago
lol who thought this was a good idea
Score: 16 Votes (Like | Disagree)
GMShadow Avatar
GMShadow
9 months ago

Enjoy your new freedoms Europe. There will be more of this in due time coming your way in 2024.
"I loaded a bunch of sketchy apps, my credentials were stolen, and my bank account cleaned out! This is Apple's fault!"
Score: 14 Votes (Like | Disagree)
alexandr Avatar
alexandr
9 months ago

Wild that anyone may have bought the Nothing phone based on the promise that it could send / receive iMessages
"Wild that anyone may have bought the Nothing phone." Fixed it for ya :)
Score: 13 Votes (Like | Disagree)
Read All Comments