Last week, Nothing announced Nothing Chats, a brand new chat application. This eliminates the need to send messages and files over old, insecure SMS and MMS systems. Unfortunately, Nothing has removed this app from Google Play.

NothingChats works, and the process requires Sunbird to log into an iCloud account from its servers, which are supposed to work on a Mac Mini. That's sketchy enough, but it gets worse: Texts.com reports that Songbird's messages are not encrypted end-to-end. Apparently, it is not that difficult to compromise the system.

9to5Google found that the site's owner, Dylan Roussel, went into more detail in a Twitter/X thread.

Roussel claims that Sunbird works by sending decrypted messages via HTTP to Firebase's cloud synchronization server and storing them in unencrypted plain text. He notes that Sunbird also has access to these messages because they are logged as errors by the debugging service Sentry.

Sunbird claims that sending via HTTP is not a problem because it is only used as part of the initial request, according to Roussel, who notes that this still leaks the user's email address. Sunbird's messages are then sent to Firebase's The fact remains that Sunbird's messages are publicly available through Firebase's real-time database and are not encrypted.

Nothing's FAQ claims that Sunbird's system is secure and encrypted end-to-end, while simultaneously stating that messages and Apple credentials are not stored at any point in their journey. Roussel states that the exact opposite seems to be happening.

One of the biggest advantages of iMessage is that it is encrypted end-to-end by default. Apple also cites additional security as one of the reasons it will adopt the RCS messaging standard next year. In both cases, your messages are secure and inaccessible to third parties, including Apple.

Therefore, if you are going to be communicating in a ludicrously insecure manner, you might as well stick with the traditional SMS option. At least you don't have to use Apple's credentials to log into a third-party server.

According to the official Nothing Chats page, the beta app has now been removed from the Play Store and its release will be delayed until Nothing and Sunbird fix "some bugs." This is putting it lightly.

When reached for comment, a spokesperson for Nothing said, "We have removed the beta version of Nothing Chats from the Play Store. We apologize for this delay and do our best to accommodate our users."

He commented.

In the meantime, the dream of hiding as a blue bubble Apple user without buying an iPhone is not going to come true anytime soon. And given all that has been revealed, that is probably something you should try to avoid in the future.