Sunbird, the fairly sketchy iMessage app for Android, has been exposed as having major privacy issues and has now chosen to shut down the app for the time being.
Sunbird first announced its iMessage app for Android in late 2022 and has had the app in a closed alpha issue for some time now. But more recently, the company gained more attention by partnering with Nothing for the “Nothing Chats” app that offered iMessage on Nothing Phone (2). The app was ultimately only available for less than a day as major privacy issues were revealed.
While we were down this weekend, Nothing Chats, and in turn Sunbird, failed to deliver on the promise of end-to-end encryption for users’ messages and files, with such data being relatively easy to access. access for other users. We found over 630,000 files accessible through this vulnerability, where Sunbird had claimed that the data was not stored on its own servers – technically true, since the data was stored via Firebase.
You can read a full description of the security issues in our previous coverage.
Nothing, in response to the issues, chose to block downloads of Nothing Chats almost immediately. Additionally, a notification was sent to users who had set up the app that use of the app had been “suspended.”
It turns out that Sunbird chose to do this not only for the Nothing app, but also for its own services. Users on the r/Sunbird subreddit posted a notice in which Sunbird explains that it has suspended use of the app “for now” while it investigates the issues – the same wording was sent via Nothing Cats today, but to Sunbird users on November 18.
Dear Sunbird user. We have decided to suspend use of Sunbird at this time while we investigate security issues. We will let you know when we are ready to continue.
Just hours before the app’s functionality was completely shut down, Sunbird had sent another notification to users stating that it would only stop media sharing on Sunbird.
Hello everyone. We are investigating security concerns raised over the past 24 hours. Out of an abundance of caution and to protect your confidential data, we are temporarily closing Sunbird media. We will keep you posted. Thank you and sincere apologies for the inconvenience caused.
So, “for now,” Sunbird has been shut down and it’s unclear when service will return. Aside from notifying users, Sunbird has not made any public statements so far.
But in reality, it feels like the writing is on the wall. Back when Sunbird first introduced its product, the company held press briefings and, as ArsTechnica recently detailed, refused to answer basic technical questions, going so far as to close the briefing chat to avoid questions. Additionally, a Sunbird Discord chat member claims to have attempted to raise security concerns with the Sunbird team through this Discord server, only for the user to be banned. This user did not specify the security concerns mentioned at that time.
On its website, Sunbird has yet to acknowledge the shutdown and continues to claim end-to-end encryption and that it does not store data. The app is no longer accessible through the Play Store at all, although users have been able to install it (and get on a waiting list) in recent weeks, records show.
Dylan Roussel contributed to this article.
FTC: We use automatic, revenue-generating affiliate links. More.
Gn En tech