2024 - Nothing removes its iMessage app from Android due to serious data security concerns

Corentin Béchade

November 20, 2023 at 10:06 a.m.

Tweaking iMessage is definitely a bad idea © Nothing

It won’t take long. Barely 24 hours after its launch, Nothing’s DIY iMessage app was removed from the Google Play Store due to security concerns.

Predictably, bypassing Apple’s restrictions to try to launch an iMessage client on Android is a bad idea. The London company Nothing, which markets the Phone (2), caused a stir last week by announcing that it was going to officially make its mobile compatible with Apple’s messaging thanks to a dedicated application. The day after its launch, the software had disappeared from the Play Store and Nothing indicated “delay the launch […] to fix bugs“.

A privacy nightmare

As the community notes under Nothing’s tweet indicate, the term “bug” is a nice understatement here. In a long explanatory thread, developer Dylan Roussel pilloried the Nothing Chats application because of its very (very) lax conception of data security.

Twitter tweet

Sunbird, Nothing’s partner for the launch of the application, has access to all messages sent and received from the application. The company, which relays messages thanks to the virtualization of macOS machines on its servers, abuses its logging policy (designed to identify potential bugs) to record the content of messages passing through its platform. This is not just limited to text content, photos, videos and other multimedia content are also saved on Sunbird’s servers.

GDPR in ambush

To make matters worse, the media of all users was actually accessible publicly and in real time, for anyone who knew where to look. Yes, yes, you read correctly, all the content of messages passing through Sunbird (even those from third parties) was publicly available. This also concerns vCards, personal data exchanged when initiating a conversation and which contain the telephone number and iCloud address of the sender and recipient of the messages.

Contrary to what Sunbird and Nothing asserted, the content of the messages is absolutely not encrypted and the application therefore leaked personal information in all directions (using, among other things, HTTP requests), in addition to keeping a copy of messages sent and received. Deleting the application was therefore the least that could be done and there is no doubt that the two companies will quickly become familiar with the sanctions provided for by the GDPR for this type of practice.

Source : AppleInsider, Dylan Roussel – Twitter

Corentin Béchade

A journalist for almost 10 years, I have been in the tech and digital sector since my very first jobs. Tinkerer (a lot), librarian (a little), I developed a specialization in...

Read other articles

A journalist for almost 10 years, I have been in the tech and digital sector since my very first jobs. Tinkerer (a lot), librarian (a little), I have developed a specialization in the themes of ecology and digital technology as well as the protection of private life. On weekends I torture Raspberry Pis with lots of 'sudo' commands to relax.

Read other articles

Instant messaging

Source link -99

you thought you deleted these nudes? Be careful, this new bug makes them return to the photo gallery!

bad news for those who are impatiently waiting for it

Stolen cryptocurrency – 25 million in seconds: A crypto theft makes headlines – News

Fighting between Israel and Hamas rages north and south of Gaza

Valeo: Harris Associates falls below 5% of capital

Nothing removes its iMessage app from Android due to serious data security concerns

A privacy nightmare

GDPR in ambush