Well then they might as well “temporarily” close up shop, because Sunbird’s entire value proposition is a “bug”.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Sunbird Shuts Down iMessage App for Android Over Security Concerns
- Thread starter MacRumors
- Start date
- Sort by reaction score
You mean normal installs? Like have been the case on just about any computer for decades? If you want to only use the Mac App Store “walled garden” (it’s looking pretty parched right about now) then that’s your prerogative. iOS should not be limited to its App Store.Almost as secure as side loading. Why didn't anyone warn us?
Why?
Perhaps for the same reason Apple keeps advocating that they believe in strong privacy for their users. If they took this fight and PR’d it properly they could help fortify their walled garden. They are already paying their legal team to fight the “gatekeeper” status in the EU, plus other similar issues around the globe, and we know the legal fees would be chump change to the money they make on their platform.
Apple just needs to stand up for what they believe and allow their users who believe the same and in Apple to stand by those values to join them in the legal battle.
Your last line is confusing: I don’t remember ever making a statement about me wanted the freedom to sideload. I remember saying if people want it, then fine. Yet, I really wish, that if the government is going to stick their noses in to free market businesses, and force platforms to open up, they would at least have the foresight to make sure all companies follow a set of basic rights for all.
Last thing I want is someone I am friends with, is to use some compromising junk-ware (doesn’t matter if it is from the App Store or 3rd party) that data mines their phone and then uses my contact info from that person to try to take my stuff.
You’re correct. Apple won’t be able to decide where users have to go to download apps. Greedy developers with less resources will decide. Pay attention to who has been fighting for the choice of app distribution. The choice is for developers to decide where and how to distribute apps.
Get ready for a world in which large developers remove their apps from both iOS and android app stores now that it is economically advantageous to unify their distribution on their own storefronts for both major platforms. Digital storefronts, filled with online ads, run by Meta, Microsoft, Adobe, Epic, etc. to get mobile app downloads and updates. #future
I know, and this should be a boon for my son and me, since he has an Android and I'm tired of making videos for him and having to upload them to YouTube so I can send him a link.
The Nothing brand was so stupid/overly-ballsy with this. I say "the Nothing brand" because even the name is stupid - it's difficult to use in text or speech without confusing the reader or listener. Idk how the Nothing brand thought this was going to work. Good Lord, just buy a cheap iPhone if you're desperate to produce blue bubbles.
i enjoy my walled garden and properly supported products i buy within it.
I think my favorite part is they stored both texts and creds/auth tokens in cleartext, no encryption at all, in firebase. It seems like a HS science fair project, except I think that’s an insult to HS science fair projects
Definitely an amateur hour PoC hucked straight into production for marketing
Last edited:
Have you read how bad this implementation was? Apple didnt do anything, these guys failed because they didnt know the first thing about what they were doing
There are similar services out there that do the same kind of thing for a fee that have been around for a long time, these guys were just terrible at, well, everything.
Just see my previous post in this thread for how bad this was:
lol who didn’t call this when the article came out last week? these kinds of “services” are not tenable. Apple IDs control more than just App Store and iTunes purchases these days. Not something you should so readily give up.
Yup and more tech support hell for Apple when people start unwittingly installing malicious apps and getting their data stolen. Who are they going to call when that starts happening? I’m pretty sure Apple is going to update the AppleCare and limited warranty terms to exclude servicing any device that has a third party App Store and any apps installed from those stores. I would definitely do that. You want third party. Get support from them. But by doing that you void your warranty with Apple. Just like jailbreaking currently.
No time. Too busy enjoying our privacy while in America people’s life and privacy are nothing more than a commodity. You have no idea about the AI-driven tsunami that is coming your way. If you don’t regulate it, it will be abused for profit.
Green bubble friends are part of our group chats and they can participate just fine?
What you've done is taken 1+1, got 13 and trying to mash that with the small amount of knowledge you have on Apple devices and their platforms in an attempt to create unfound hysteria.
Your iMessages are freely accessible and unencrypted on MacOS within a SQLite database (look for chat.db if you want to test it yourself).
All Sunbird, BlueBubbles and co do, and have done for a few years, is expose that database and make it accessible via their infrastructure and an Android app - it's not magic, hacking, cracking, anything to do with the EU, sideloading or dodgy apps.
Anyone can do this with some software dev knowledge.
Where Sunbird went (particularly) wrong is not implementing E2E (and storing unencrypted data in their Firebase instance) even though they spouted their platform as having it. And unfortunately Nothing (phones) whiteboxed Sunbird's platform/solution, which is why they're caught up in it.
This had nothing to do with sideloading (within iOS) whatsoever.
Pretty much that.
You sent Sunbird your Apple ID, they then spun up a MacOS container/VM, log in with those details and then their software tunneled data between that container (iMessage app and SQLite DB), their platform (Firebase etc) and then the Android app.
Have a look at BlueBubbles as i suspect Sunbird used that, or at least forked off it.
Last edited:
Why it has something to do with the EU laws is that they want to open up Apple's stuff (EU). This company tried to do it themselves and failed badly at it. Which is exactly what I would expect of any 3rd party company trying to do the same within Apple's walled garden. Not care to do it right just to say they did at all. 1+1 is 2, and add 11 to get 13.
You've gone from "everything to do with the EU" to this has "something" to do with the EU; you don't sound overly confident with what you initially said.
However, this was originally more users/hobbyists wanting to open the iMessage platform to other devices than to do with the EU, especially as this relay solution existed pre the EU wanting to level the playing field (somewhat) between platforms and manufacturers.
And Apple could prevent, or certainly make it a lot lot harder for, third-parties to do this relay type solution if they wanted to.
I agree that Sunbird executed it poorly though and unfortunately, got caught with their pants down with something that could have been easily prevented.
Pretty confident still. As this is a cause and effect. They (EU) want Apple to open up, and 3rd parties will jump on it. This is an expected outcome for what the laws will enable to happen. And worse.
Before the EU rules Apple could work to shut this type of thing down if it became a problem. Now, the EU wants this type of thing to exist without Apple being able to prevent it or "fix" it. They want them to "make it work".
Of course they could. But, you're literally giving up your AppleID for this to work. That's the problem. If the database was encrypted on the VM/Container, by Apple by default. That only protects the data itself. Not the ability for this process to work. The means in which this works "should" be a deterrent as you (company) have to "pay" for this. So giving it away for free isn't really a good business model. They would have to charge you (customer) for it or, make up the cost in other ways to offset it. VM's aren't free, networks aren't free, storage isn't free, and security certainly isn't free. Perhaps they sell your data?
I wouldn't say unfortunately. If they didn't get caught. Others may have tried to use this method without any due diligence as well. Let's just trust these guys did their research and know what they are doing! It could have gotten more out of hand than it already was. More widely used, before we actually had a serious problem to deal with.
You can't regulate a tsunami. Once the cat is out of the bag, its going to "do what it do" faster than you can come up with laws to "prevent" it.
that’s quite a reach, lots of folks have wanted Apple to open iMessage to cross compatibility for a long time, including Apple (did everyone forget that when iMessage first got released Apple teased it eventually being available as an app on other platforms a la whatsapp?
The EU has nothing to do with this, and there are other companies other than sunbird that have offered this kind of relay service for a long time. The folks from sunbird were just abysmally incompetent.
That’s inaccurate, the problems here around giving someone else your icloud creds are not part of any form of EU regs. They may eventually force apple to create better cross compatibility with other services, or even release imessage for other platforms, but this is neither. Also there’s no way sunbird wouldnt have fallen afoul of EU data privacy and integrity rules had they survived long enough for anyone to get around to it given how crappy their data security was