Cybersecurity

Published on November 24th, 2023 | by Mahbub Hasan

0

Nothing chat is a disaster, and why every similar approach is similarly sketchy

So the story is that Nothing Chats, a messaging app that enables iMessages in Android devices, was pulled from the Google Play Store after it was discovered to be storing user data in plain text. This means that anyone with access to the app’s servers could have read users’ messages, as well as seen their images, videos, and other attachments.

The app’s developer, Sunbird, has apologised for the security flaw and said that it is working to fix it. However, the company’s reputation has been tarnished by the incident, and it is unclear whether or not Nothing Chats will ever be relaunched. In the meantime, users are advised to avoid using Nothing Chats or Sunbird, and to be cautious about using any other app that claims to be able to send iMessages from Android devices.

So what do we learn from this incident? It’s a long lesson, so bear with me. The obvious takeaway from this situation is a thing of common sense. Don’t put your credentials on a service that is not the owner of that credential! But in the modern day, we have single sign-on, and single account logins for multiple websites. Many people see Nothing’s fault as a minor mistake. But did we manage to create a horrible reality where it’s easy to be fooled and give away info that easily?

Nothing’s attempt of solving things the wrong way

Nothing is a prominent company now, one of the major players if you will. How big that’s up for debate, but most tech business gurus believe in Nothing’s CEO Karl Pei. He was the one that made OnePlus a big player from a place where the brand was insignificant in the market. Now, it’s not about the success of this company, or Karl Pei, it’s about the same mistake all other tech leaders sometimes make. Try to play an unfair game, in an unfair manner.

So what’s the fault of Karl here? The idea of iMessage on Android is actually a big thing. And it’s a genius move. That’s the chapter of Nothing, but who’s the Goliath on the other side that Nothing is trying to conquer? It’s Apple. Apple is a big company. It’s the biggest, in fact. And on top, Apple is in the US. A market full of powerful corporate entities that does not want to pay fair, and tries to avoid any legal consequences by lobbying.

Apple has a big market in the US, and has a monopoly over iMessage, a messaging service exclusively offered by them. There is no iMessage for Android, and Apple does this to keep that exclusivity to themselves. There is a misconception we as a consumer always fall for, and that is “it’s for the users”. Which is not true. Companies cannot earn billions by simply favouring consumers. It’s by pretending to favour the consumer while extracting the most profits.

So what’s the wrong way?

Nothing is doing it all wrong, by trying to comply with Apple’s walled approach of business. You see, Apple only provides iMessage on their own hardwares. And you can technically have iMessage on Android by routing messages through Apple devices such as a mac mini. Sunbird, the provider Nothing partnered with, did that exactly. If we can’t beat them, we join them. And they did wrong in two ways. Apple still controls every aspect of their system, it’s not open at all. So if Apple wants to employ a security measure and block all this from happening, they legally can.

Secondly, by routing private information such as messages, a big hole in privacy is created. Even though Apple’s privacy goes as far as “We don’t send data to companies we don’t have ties with”, they do have quite a sweet relationship with Google, who gives them a significant amount of money in order to keep Google as everything default for the web in Apple’s ecosystem.

“Google pays billions of dollars to Apple, so they remain the default”

This enables Google to keep syphoning user data and continue their unfair share of monopoly. And by accepting that bribe, Apple violates their promise of keeping users data safe in their exclusive ecosystem. It’s just business. As I said earlier, companies cannot earn billions by simply favouring consumers. It’s by pretending to favour the consumer while extracting the most profits.

So what is the correct way?

Fortunately, the correct way is winning. Almost? Apple agreed to support RCS by 2024, which is just a month away at the time of writing, and it’s a good thing. Unless they find another shady way to ridicule secondary platform users (apart from still using green bubbles). I am hoping Apple will do the right thing, and it’s a hard thing to do. Especially how they still managed to make USB type C fall under MFi which will still make licensed USB C accessories pricier for no reason other than Apple getting a cut.

There is less to lose in terms of messaging though, because most of the world does not care about iMessage at all. Most if not all of the iOS users outside the US do not use iMessage as their primary messaging app. They use other instant messengers available on the market, bypassing the whole green vs blue bubble neo class struggle altogether. If Apple agrees to fully support iOS without any extra restriction, this will be almost the end of it.

Meanwhile

Stop using Nothing chat, or Sunbird. If you are the adventurous type who wants to see how it feels to be in a closed ecosystem and you are oblivious of personal data security and privacy, then you may try it. The Sunbird app is not available as of now, nor does Nothing chat. But soon Sunbird may release a beta (or not), and Nothing chat may come back to beta testing. It’s a good thing people will not be able to download it despite being ill informed. The beta program of Nothing chat already saw huge criticism with the messages being visible to human operators at the backend and also anyone getting hands on local network.

Most likely, your Apple ID, if you use it day to day, can be breached, and mishandled. There is no way you can trust a remote machine, unless it’s yours. Non standard firms like Sunbird do not follow the level of safety and security standards major data-centres follow. Realistically, they won’t be able to ever. Even if they promise highest security and privacy. Nothing may earn money by doing what Apple does, by making Nothing chat exclusive with the hardware, thus making the money back. But Sunbird possibly will go for a freemium route. Without any transparency or user audits, we can’t be sure about the aspect of privacy in Sunbird and how they will handle messaging data and account details. There are a million ways to legally extract personal information once you give consent to the primary service terms.

In conclusion

Wait for RCS. The Nothing Chat has been a disaster, and it will continue to be a big issue in terms of privacy. And if Apple does not play fair, the problem Nothing is trying to solve will persist, or even extend it. The once monopoly will remain a monopoly, while Nothing will be another monopoly that we will need to deal with later on down the line. Meanwhile, Nothing Chat is dangerous and should not be used.

Tags: , , , , ,


About the Author

is a creative professional from Bangladesh. In Technofaq, Mahbub writes articles about design, privacy, technology and life surrounding them.



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑