Disgraced iMessage-on-Android app can’t take the hint, is back for more

Keep in mind the entire Nothing Chats debacle from final yr? It was an app constructed on high of Sunbird’s structure, which had so many safety flaws Nothing Chats and Sunbird’s personal messaging app had been taken down from the Google Play Retailer. Effectively, Sunbird is again, hoping customers will overlook the previous and can give it a second probability.

By a press launch, Sunbird introduced it plans to relaunch its beta iMessage for Android app. The corporate says it’s sending out invites to these on its waitlist in small phases beginning in the present day.

Sunbird was launched in 2022, promising to carry iMessage compatibility to Android. It claimed to supply end-to-end encryption and iMessage options whereas not accumulating customers’ information. Nevertheless, it was shortly found that the software program was woefully insecure and never as personal as marketed. The corporate subsequently introduced it could quickly shut the service down because it investigates the safety points that had been introduced up.

In a weblog submit, additionally revealed in the present day, Sunbird acknowledges the safety vulnerabilities it was known as out for. Nevertheless, it claims a few of the allegations had been incorrect and denies that it ever used the “BlueBubblesApp” as a part of its infrastructure.

The corporate provides that it has swapped out its outdated structure (AV1) “that leveraged Firestore for quickly storing messages” with a brand new structure (AV2). This new structure integrates RCS and is alleged to have “consumer privateness because the central tenet.”

Sunbird additional states that with AV2:

• Unencrypted messages are by no means saved wherever on disk or in a database. When messages are decrypted to be handed to the iMessage and RCS/Google Messages community, they exist in that state solely inside reminiscence for a restricted time period. Within the front-end app, messages are solely saved in an encrypted state throughout the in-app database.
• Static recordsdata transmitted via the service are saved in safe cloud storage buckets which are encrypted in transit and at relaxation. They’re protected via permissioned URLs that forestall unauthorized entry and are fully expunged from the Sunbird techniques no later than 48 hours after sending or receiving them.
• All communication from the Sunbird app to the Sunbird API is protected on the transport layer, both via HTTPS or the MQTTS protocol.
• The MQTTS dealer is secured by way of strict entry management lists to make sure that customers are solely capable of entry dealer matters particularly assigned to them and no others.
• Additional, the contents of the message payload itself is encrypted on the software layer utilizing AES encryption with an encryption key managed fully by the consumer and solely held in reminiscence on the Sunbird facet. Messages circulation via the Sunbird system in an encrypted state and are solely decrypted (in reminiscence) in the mean time of switch of messages to the native messaging platform.

One thing unusual that stands proud right here is that close to the tip of weblog, the corporate mentions it has introduced Jared Jordan on as a proper advisor. It says that Jordan is “at the moment Director of Engineering throughout the Gmail crew at Google.” Nevertheless, Jordan’s LinkedIn web page says he left Google in March and is at the moment working at Capital One.

It’s good to see that Sunbird has seemingly taken measures to enhance privateness and safety. However it’s nonetheless in all probability protected to say that you just shouldn’t belief any iMessage for Android app.