Sunbird, the pretty sketchy iMessage app for Android, has been exposed as having major privacy concerns, and has now opted to shut down the app for the time being.
Sunbird first announced its iMessage app for Android in late 2022 and has been offering the app in a closed alpha problem for a while now. But, more recently, the company caught further attention for partnering with Nothing for the “Nothing Chats” app that offered iMessage on the Nothing Phone (2). The app was ultimately only available for less than a day, though, as major privacy concerns came to light.
As we broke down over the weekend, Nothing Chats, and in turn Sunbird, failed to live up to the promise of end-to-end encryption for user messages and files, with that data relatively easy to access by other users. We found over 630,000 files accessible through this vulnerability, where Sunbird had claimed that data was not stored on its own servers – technically true, as the data was stored via Firebase.
You can read a full breakdown of the security issues in our previous coverage.
Nothing, in response to the problems, opted to block downloads of Nothing Chats almost immediately. Further, a notification was sent to users who had set up the app that usage of the app had been “paused.”
As it turns out, Sunbird has opted to do this not just for Nothing’s app, but for its own services. Users in the r/Sunbird subreddit showed a notification where Sunbird explains that it has paused usage of the app “for now” as it investigates concerns – the same phrasing was sent via Nothing Chats today, but to Sunbird users on November 18.
Dear Sunbird User. We have decided to pause Sunbird usage for now while we investigate security concerns. We will update you when we are ready to proceed.
Just hours prior to the full shutdown of the app’s functionality, Sunbird had sent another notification to users saying that it would only shut down the sharing of media on Sunbird.
Good afternoon everyone. We are investigating the security issues raised in the last 24 hours. In an abundance of caution and to protect your confidential data, we are shutting down Sunbird media temporarily. We will keep you posted. Thank you, & sincere apologies for the inconvenience.
So, “for now,” Sunbird has been shut down, and it’s unclear when service will return. Outside of the notification to users, Sunbird hasn’t made any public statement thus far.
Really, though, it feels as though the writing was on the wall for this. Back when Sunbird first showed off its product, the company held media briefings and, as ArsTechnica recently detailed, refused to answer basic technical questions, going as far as shutting down the briefing’s chat to avoid questions. Plus, a member of the Sunbird Discord chat claims that they attempted to bring up security concerns with the Sunbird team through that Discord server, only for the user to be banned. That user didn’t specify the security concerns that were discussed at that time.
On its website, Sunbird has yet to acknowledge the shutdown and still makes claims about end-to-end encryption and that it doesn’t store data. The app is no longer accessible at all via the Play Store, though, despite users being able to install it (and sit on a waitlist) as of the past few weeks as archives show.
Dylan Roussel contributed to this article.
FTC: We use income earning auto affiliate links. More.
Comments