Phone startup Nothing recently launched its “Nothing Chats” app, which enables iMessage on its Android device Nothing Phone (2).
However, worrying security issues have already been discovered that could put users’ Apple ID credentials at risk.
Nothing Chats merges iMessage, RCS and SMS
Nothing Chats app aims to conveniently combine iMessage with existing SMS and RCS chats in one place on Nothing Phone (2). Users link their Google Messages app using a QR code for SMS/RCS functionality.
To enable iMessage, they must sign in with their Apple ID, essentially using remote Mac computers provided by Nothing partner Sunbird. This links the phone (2) to iMessage using the same method as web-based solutions.
Apple ID “destroyed” after signing in says nothing
Nada claims that users’ Apple IDs are tokenized in an encrypted database after signing in, and the real IDs are then “destroyed” so that the credentials remain secure.
Messages are also end-to-end encrypted, so the company insists that Apple IDs and chat contents remain protected and inaccessible.
But technical failures set off alarms
However, alarming technical deficiencies have already been discovered that contradict Nothing’s security claims. Most obviously, Apple ID credentials are transmitted unencrypted over HTTP connections, not secure HTTPS.
This means that Apple IDs could be exposed during login, completely defeating the supposed safeguards. Sunbird, which developed the backend system, has a troubling reputation for refusing to address security issues.
Previous attempts to offer buggy experiences
Other companies have tried to bring iMessage to Android before with similar buggy experiences. Just this week, Apple announced that RCS support will come natively to iPhones in 2024, reducing the appeal of alternative third-party solutions.
Experts urge caution with Apple ID security
Cybersecurity experts strongly recommend against entering Apple ID into any third-party services that lack strong protections. Nothing Chat security flaws mean exposing account credentials and private messages.
Until Nothing conclusively proves that Apple IDs remain end-to-end protected, experts recommend avoiding this app and similar offerings. The privacy risks outweigh any convenience benefits.
Can nothing deliver the promised security improvements?
Nothing says that the HTTP flaw will be fixed in a future update and maintains that Apple IDs and messages remain securely encrypted. However, it takes time to rebuild trust after such blatant oversights.
If Nothing can substantially improve the security protections around Apple IDs, it may eventually offer an attractive consolidated messaging option. But there are currently too many red flags to recommend Nothing Chats.
Messaging fragmentation remains a key mobile dilemma
The Android messaging landscape remains deeply fragmented between SMS, RCS, and proprietary options like iMessage. Bringing these networks together seamlessly could provide significant benefits to users.
But early entrants like Nothing Chat demonstrate challenges in centralizing diverse communications while ensuring privacy. Until security is a clear priority, consolidation efforts will fail.
For now, Nothing Chat offers a warning about the risks of exposing Apple IDs to unvetted third parties. Strong security protections should come first before convenience features. Otherwise, user data and privacy pay the price.
Subscribe to our latest newsletter
To read our exclusive content, register now. $5/Monthly, $50/Yearly
Categories: Technology
Source: vtt.edu.vn