A few days ago, Nothing Chats dropped and surprised the world. At that time, many people speculated that it would end the fight between Apple and Android users over blue and green bubbles. However, at the same time, some people assumed this might not be all that secure, and it turns out that people who had doubts were right.

Nothing Chats is not the most secure app for messaging, but you might need it by next year

At the time of its launch, the company claimed that the Nothing chats were end-to-end encrypted and that the device was private and secure. However, things are not looking good.

Nothing Chats uses Sunbird's app architecture, which is designed by Nothing. It was supposed to allow the Nothing Phone 2 to have compatibility with the iMessage app. Users can just download the app on their phone and sign into it using an Apple ID. Doing so gives you a virtual instance of one of Sunbird's Mac Minis. When you communicate with an iPhone, it basically thinks that you are communicating with another Apple device.

It has now become public knowledge that Nothing Chats has a lot of flaws and security issues. Kishan Bagaria, founder of Texts.com, had his team look into the app, and it appears that the app is sending all the information over HTTP instead of the more secure HTTPS.

texts team took a quick look at the tech behind nothing chats and found out it's extremely insecure

it's not even using HTTPS, credentials are sent over plaintext HTTP

backend is running an instance of BlueBubbles, which doesn't support end-to-end encryption yet pic.twitter.com/IcWyIbKE86

— Kishan Bagaria (@KishanBagaria) November 17, 2023

Going through the Twitter thread, you will see that Nothing Chats also uses the technology developed by BlueBubbles, another rival app that allows similar functionality. However, Nothing was quick to issue a statement to Nothing Chats.

While the protocol is HTTP, all data is encrypted and the key used to encrypt that data is provided via HTTPS so Apple credentials or messages sent via that HTTP request are secure and not open to the public. All sensitive user data such as Apple ID credentials and messages are encrypted at all times. The HTTP is only used as part of the one-off initial request from the app notifying the back-end of the upcoming iMessage connection iteration that will follow via a stand alone communication channel.

Regarding the other part of his tweet, years ago when the servers were being built Sunbird’s co-founder named them Blue Bubbles. Sunbird/Chats is not using an instance of anyone else’s technology – the naming is strictly coincidence.

Additionally, I want to add that from the start, that Sunbird has been focused on security and its ISO27001 certification (Certificate Number: IA-2023-09-21-01), an internationally recognized specification for an information security management system, is a reflection of its commitment to user privacy.

There is no denying that Nothing still claims that Nothing Chats is safe to use, but considering how Apple has announced RCS support for the iPhone, which will be released next year, it makes one wonder whether or not this app is going to be around for that long. If you want to use it, the choice is entirely yours.

News Source: Kishan Bagaria