Nothing removes iMessage Android app from Play Store amid security concerns

Nothing Chats was an app intended to give Android users a method of messaging others through Apple’s iMessage app, but the method in which they used to work around Apple’s security raised some eyebrows. And, just a short time after launch, Nothing removed their app from the Play Store to “fix several bugs”.

With how large of a company Apple is, it’s no surprise that they’ve got an iron grip when it comes to their exclusive hardware and software capabilities.

One of the biggest barriers between Android and Apple users is the prominence of iMessage, the main messaging app for iPhones. The Apple-exclusive messaging app has some concessions when it comes to messaging non-Apple phones like making Android users’ media lower quality when sent via messages.

So, Nothing sought to create a method of bypassing Apple’s hold in the area that’d give Android users access it. However, the way in which they went about getting around Apple’s identification raised some security concerns. Though Nothing has yet to address those concerns, they have removed the app from the store a short time after launch.

We've removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs.

We apologise for the delay and will do right by our users.

— Nothing (@nothing) November 18, 2023

Nothing pulls iMessage app amid ongoing security concerns

MKBHD explained these security concerns in detail, but the gist is that Nothing and Sunbird’s workaround involves Sunbird storing data on a Firebase server. As a result, the data could be up for grabs if someone is able to get ahold of the token to log into the Mac connected to the server that makes the app’s workaround function.

Users have discovered a short line of code that can be used to download user data en masse from the Firebase server managing all data sent between the app. With the token for accessing the proxy Mac being fairly easy to intercept, there’s not much of a barrier between user data and someone trying to access it.

Sunbird has access to every message sent and received through the app. They do this by abusing @getsentry, which is used to monitor errors.

But Sunbird logs messages, pretending they are errors.

Here are part of the requests (img 1, 3) and their entire "message" (img 2, 4) pic.twitter.com/pzwwQVWfOb

— Dylan Roussel (@evowizz) November 18, 2023

MKBHD had this to say when hearing about how Nothing was making iMessage work: “I cannot stress this enough, this could lead to enormous security issues. Signing in with your Apple ID onto a device that you don’t own is an enormous security issue.”

Nothing has yet to comment on the security concerns themselves, but they have quickly pulled the app from the store and promised to “fix several bugs“. It isn’t yet clear if Nothing has removed the app to try and fix security concerns many have raised.

Ultimately, it seems as if the best way to access iMessage is still likely to just buy an iPhone. With the iPhone 16 leaks looking pretty promising as of now with the heating issues the iPhone 15 had hopefully being resolved, there’s a chance that picking up their next phone is a solid option that keeps your data encrypted.