Apple may be working on adding RCS support to the iPhone later this year, but for those who really, really want to use iMessage on an Android phone, things remain complicated. Over the years, there have been multiple attempts to try to get into Apple’s iMessage service and workarounds to allow it to be used via a third-party Android app, some proving more successful than others. Sunbird is one company that tried and failed. But now he’s trying again.
However, to say that Sunbird failed may not be accurate. The Sunbird Messaging app did indeed work and people were able to send and receive iMessages using their Android phones. There was even a deal to build its service into Nothing phones via Nothing Chats. And yes, there was a gruesome video to back up the news. But ultimately, the whole thing was a security and privacy farce, and Sunbird’s product was put on hiatus while the issues were ironed out.
Whether you expected it to happen or not, Sunbird is back. And this time he promises that it means work. “The past few months have been very sobering for the Sunbird team,” the company said. So what has changed?
Solving “green bubble bullying”
Sunbird announced its return via a press release confirming the arrival of a new beta app. “The relaunch is the culmination of comprehensive improvements to Sunbird’s backend infrastructure following an exhaustive evaluation,” the statement begins. And what a grade it must have been.
Shortly after the launch of Sunbird’s Nothing Chats, it emerged that the messages were not end-to-end encrypted as first claimed. And then 9to5Google discovered that more than 630,000 files sent through Nothing Chats were just waiting to be viewed. But don’t worry, Sunbird has changed.
In a lengthy explanation of the situation on its website, Sunbird detailed what it has been up to for the past few months. It also confirmed vulnerabilities that need to be addressed, including:
- Use of unencrypted HTTP protocol for API call.
- Store messages in an unencrypted state in Firebase real-time storage.
- Possible availability of over 600,000 files, some of which were vCards, within a Firebase static file host.
- Logging of messages by the front-end to the Sentry log.
What follows is an explanation of what was done to ensure that these issues were resolved, including the launch of a new architecture, called AV2.
“By adopting AV2, we believe we have not only addressed the security vulnerabilities previously identified, but also provided a secure and privacy-oriented foundation for Sunbird’s iMessage integration moving forward,” Sunbird said. Time will tell if that claim is founded.
For now, Sunbird says it started offering its services to people on August 5 and will continue to do so in small phases “as part of the company’s strategy to ensure a smooth and scalable customer onboarding process.” The company can be sure that security researchers will study its work to see if all their problems are solved.
Sunbird will be hoping they are, if only for what it seems to see as its call to address the prevailing problem of “green bubble bullying”. It says it will do this by “allowing Android users to seamlessly participate in iMessage conversations” and help “reduce the social stigma associated with messaging platform differences.”
Let’s hope people don’t have to choose between the blue bubble and privacy.