Nothing Chats iMessage bridge was astoundingly insecure
appleinsider.com
Nothing and Sunbird pulled the shockingly insecure iMessage bridge, but only after it was discovered that not only did Sunbird log and retain messages, vCards, and more, but that retained user data could also be downloaded by others.
  • DvnEm@alien.topBEnglish
    2·
    1 year ago

    Sorry, so the privacy concerns turned out to be WORSE than YouTubers had mentioned.

    Jfc wow.

  • Will0w536@alien.topBEnglish
    2·
    1 year ago

    Jeez, what a week of headlines. I swear it started as Nothing will unveil iMessage for Android. Then shifted to Apple with adopt RCS. The Nothings BlueMessage getting taken down from the play store…to today it is getting killed entirely. This has got to be the shortest lifespan of a product for Android from initial public announcement to death blow.

    • Leather_Dragonfly529@alien.topBEnglish
      1·
      1 year ago

      I have to share this every time I see Nothing Phone posted. Reddit’s Spez is the biggest investor. Do you trust him with your cell phone? He’s second to only Google Ventures. I’m not interested in giving that man any more money than the ad revenue I generate on Reddit.

    • dramafan1@alien.topBEnglish
      1·
      1 year ago

      My hindsight bias was like someone would have developed something like this earlier and failed so this new initiative may have the same fate…and it did.

  • pk-pk-pk@alien.topBEnglish
    1·
    1 year ago

    I just don’t get the fascination from android users wanting iMessage. Use whatsapp or signal etc to get through to your apple friends or sms failing that. If you really want that blue bubble just save up for an iPhone.

    • Un111KnoWn@alien.topBEnglish
      1·
      1 year ago

      that’s the neat part. you can’t.

      i thought nothing was a regular word and not the phone company at first lol

  • CleverNameTheSecond@alien.topBEnglish
    1·
    1 year ago

    Profoundly is right. it’s not that it had weak encryption or some niche exploit. It sent all your data, every last bit of it over unencrypted http. Plain text data transfer. It’s nuts.

  • peduxe@alien.topBEnglish
    1·
    1 year ago

    Nothing just did this to look like they were responsible for Apple changing their stance on RCS. They moved according to the deadline the Digital Markets Act imposed.

    End of the day be it bad or good publicity they got what they wanted.

    • texxelate@alien.topBEnglish
      1·
      1 year ago

      I’m a software eng, and nah, no way. Sheer incompetence. Don’t give them credit where none is due

    • PeaceBull@alien.topBEnglish
      1·
      1 year ago

      If that’s what they were going for than their marketing should’ve been “but we wouldn’t have to do this if you’d just support RCS…”

  • nethingelse@alien.topBEnglish
    1·
    1 year ago

    The lack of due diligence on Nothing’s part here is ridiculous and I don’t know how any users can trust Nothing with their data again after this. I guess the privacy and security nightmare pre-empted the need for Apple to take any action, which is a win on Apple’s part.

    • y-c-c@alien.topBEnglish
      1·
      1 year ago

      The thing is, even if the Sunbird app was properly implemented, it would still be a security nightmare because you are relaying people’s iMessage messages on random Mac minis. The messages have to exist in plain text on the server before it’s re-encrypted to be sent to the user. An attacker or malicious admin could easily find a way to log those messages. So no amount of due diligence by Nothing is really necessary here. The entire idea is bad.

      But then, if Nothing or the Sunbird developers were actually competent to begin with they would probably have realized that this was a terrible idea and wouldn’t have gone down this path.

    • sicklyslick@alien.topBEnglish
      1·
      1 year ago

      Digital privacy is just not something people (and thus corporations) care about in China. And this is not an insult to China, the Chinese, or CCP. People in China just simple don’t care.

      • nethingelse@alien.topBEnglish
        1·
        1 year ago

        Nothing has products targeted to the US market and this isn’t even a standard privacy/security nightmare - this is literally just publicizing people’s private messages for anyone with a little know how to harvest. China may not care but the western market probably would have an issue with their private messages being literally fair game to anyone.

  • MasterofOreos@alien.topBEnglish
    1·
    1 year ago

    Goes to show, say what you will about Apple keeping a lock on iMessage. However at lease iMessage hasn’t been blatantly exposed to the internet by careless actions from Apple.

    iCloud/AppleId has never been “hacked”. Only users with shitty passwords that someone guessed.

    • impulse_thoughts@alien.topBEnglish
      1·
      1 year ago

      Also any time you hear about malware in an App Store, it’s on Android, and not the Apple App Store. I, for one, don’t look forward to the time when they’re forced to open up that “walled garden”.

      • SilkSteel7@alien.topBEnglish
        1·
        1 year ago

        Sideloading Will never be that easy on iOS like the app store. Even on Android, you have to enable developer options and jump through hoops to sideload. If you don’t want to sideload, don’t.