Sunbird Shuts Down iMessage App for Android Over Security Concerns

[pugxiwawa]

How anyone trusts using a phone where its CEO thought hacking iMessage is a good idea?

If you still use Nothing, dont complain later.

 

[zach-coleman]

It's weird how multiple ways to do iMessage on android were shut down in such a short period of time. I wonder if Apple had something to do with it behind the scenes.

I think a spotlight just got shined on them by Nothing and it made people catch how insecure they are. This app went down over it sending messages completely unencrypted, Apple didn't have a thing to do with that.

 

[Nick_P]

You’d have to be “insert choice word here” to give a 3rd party your Apple ID credentials.

 

[xxFoxtail]

 

[TinyMito]

I guess nothing really to lose for end users, Apple is bringing RCS in.

 

[zach-coleman]

I guess nothing really to lose for end users, Apple is bringing RCS in.

Well, for the short term it's a loss. RCS probably isn't coming until iOS 18.

 

[Infinitewisdom]

This really changes my perception of Nothing. How could they not have seen this coming? Or is the publicity somehow a good thing that they were after?

 

[JohannesO]

Sounds like a case of:

1. IT guy told CEO its bad because security issues.
2. CEO said only because obscure security issues, we don't hold back! Do it anyway.
3. Security issues blow up in CEO's face!
4. CEO blames IT guy.

 

[ams1117]

Apps have no access to iMessages tho

If you grant something full disk access on macOS, then it does.
iMessages are stored in a SQLite database in `~/Library/Messages/chat.db` without any extra encryption (besides the full disk encryption).
So apparently it's not that big of a deal anyways even after you enable sideloading on iOS.

 

[votdfak]

Standing ovation. LOL

 

[Verified Whiskey]

Text.com looked into how Sunbird works, and found that it is sending a user's Apple ID credentials to a Sunbird server, where those credentials are authenticated using a virtual machine running macOS. Apple ID credentials were being sent over HTTP, which is unencrypted.

YIKES

 

[Robert.Walter]

Sounds more like $hitbird.

But seriously, this could have been a small budget for low hanging fruit state actor, or simple theft or extortion setup.

This kind of stuff will explode like fruit flies on an overripe apple once sideloading comes in.

 

[Verified Whiskey]

Sunbird's initial response to the security concerns does not seem to have come from "a competent developer," raising questions about Sunbird's ability to address the security problems.

Oof, haha. I’d hate to be that developer.

 

[adrianlondon]

Well, Nothing Chats turned into a nothing burger.

(Yes, making that joke was the only reason I read this thread.)

 

[Mikeske]

Yep another reason to keep you don’t give out your credentials to a 3rd party

 

[CoachRocks]

Reads like a Silicon Valley episode.

 

[MuppetGate]

Personally, I think this is the point where should Apple sue these companies on the grounds of causing or potentially causing harm to consumers with Apple IDs. That this negligence in security not only can and will lead to harm to the users who willing have their info, but also their friends and family once that person’s info is leak/hacked and used improperly

Why should Apple have fork out millions in legal costs, fighting the hundreds of companies who’ll fill the third party app stores with compromised software?

You wanted the freedom to load what you wanted on your iPhone … so have at it.

 

[MuppetGate]

Tim Cook must be laughing his face off.

Nope.

Tim Cook isn’t laughing.

He’s worrying about what’s going to happen when third-party App stores show up chock full of dodgy apps demanding users hand over their card details and PIN numbers.

 

[MuppetGate]

Well I guess you’ll just have to get rid of any Android-using friends in your life.

There are apps in the App Store that are doing shady things right now. There will always be security concerns. This has been the case the moment data from one computer was first loaded into another.

Yes, there are apps doing dodgy things right now. Next year, when third party stores land, that number will increase ten fold, and no one will remove them.

 

[luxlavender]

So Nothing knows absolutely Nothing about security. Nothing will do Nothing to make their own chat system.

 

[totom_]

OnePlus needs a rag to wipe all of that egg off their face.

That had nothing to do with OnePlus. Nothing Phone wanted to implement it. The founder of OnePlus, Carl Pei, started Nothing Phone, but has left OnePlus since a few years.

 

[trusso]

I'd say this is a "Preview of Coming Attractions" once sideloading is rolled out...

Nope. This is because Apple has been selfish with iMessage and people (unwisely) cut corners trying to incorporate it into Android.

Apple permitting sideloading will still enforce security protections for users; it's just that Apple won't arbitrarily decide what users can install on their phones and from where. Difference.

 

[DogHouseDub]

Could someone explain how this app worked? Was there a Mac sitting somewhere acting as the middle-man to shuttle messages in and out of iMessage?

 

[coffeemilktea]

Sunbird was such a hilariously bad idea that I'm not sure how it even kind of got off the ground... I mean, seriously, handing your Apple ID details to a third-party company? Especially one that most people had never heard of? That's just wild.

 

[Mr. Dee]

Nope.

Tim Cook isn’t laughing.

He’s worrying about what’s going to happen when third-party App stores show up chock full of dodgy apps demanding users hand over their card details and PIN numbers.

His point will be proven and he will just tell the EU, no, go to hell, we are going back to the App Store as the only option and you can stick it where the sun don't shine. Or we will just lobby politicians to do what we request and ban Androids in the EU with a cherry on top.