Disgraced iMessage-on-Android app cannot take the trace, is again for extra

Bear in mind the entire Nothing Chats debacle from final 12 months? It was an app constructed on high of Sunbird’s structure, which had so many safety flaws Nothing Chats and Sunbird’s personal messaging app had been taken down from the Google Play Retailer. Nicely, Sunbird is again, hoping customers will overlook the previous and can give it a second probability.

By a press launch, Sunbird introduced it plans to relaunch its beta iMessage for Android app. The corporate says it’s sending out invites to these on its waitlist in small phases beginning at this time.

Sunbird was launched in 2022, promising to carry iMessage compatibility to Android. It claimed to offer end-to-end encryption and iMessage options whereas not accumulating customers’ knowledge. Nonetheless, it was shortly found that the software program was woefully insecure and never as non-public as marketed. The corporate subsequently introduced it will briefly shut the service down because it investigates the safety points that had been introduced up.

In a weblog submit, additionally printed at this time, Sunbird acknowledges the safety vulnerabilities it was referred to as out for. Nonetheless, it claims a number of the allegations had been incorrect and denies that it ever used the “BlueBubblesApp” as a part of its infrastructure.

The corporate provides that it has swapped out its outdated structure (AV1) “that leveraged Firestore for briefly storing messages” with a brand new structure (AV2). This new structure integrates RCS and is alleged to have “consumer privateness because the central tenet.”

Sunbird additional states that with AV2:

• Unencrypted messages are by no means saved wherever on disk or in a database. When messages are decrypted to be handed to the iMessage and RCS/Google Messages community, they exist in that state solely inside reminiscence for a restricted time period. Within the front-end app, messages are solely saved in an encrypted state throughout the in-app database.
• Static recordsdata transmitted by way of the service are saved in safe cloud storage buckets which are encrypted in transit and at relaxation. They’re protected by way of permissioned URLs that stop unauthorized entry and are utterly expunged from the Sunbird techniques no later than 48 hours after sending or receiving them.
• All communication from the Sunbird app to the Sunbird API is protected on the transport layer, both by way of HTTPS or the MQTTS protocol.
• The MQTTS dealer is secured by way of strict entry management lists to make sure that customers are solely in a position to entry dealer matters particularly assigned to them and no others.
• Additional, the contents of the message payload itself is encrypted on the utility layer utilizing AES encryption with an encryption key managed utterly by the shopper and solely held in reminiscence on the Sunbird facet. Messages circulation by way of the Sunbird system in an encrypted state and are solely decrypted (in reminiscence) in the meanwhile of switch of messages to the native messaging platform.

One thing unusual that stands proud right here is that close to the top of weblog, the corporate mentions it has introduced Jared Jordan on as a proper advisor. It says that Jordan is “at the moment Director of Engineering throughout the Gmail staff at Google.” Nonetheless, Jordan’s LinkedIn web page says he left Google in March and is at the moment working at Capital One.

It’s good to see that Sunbird has seemingly taken measures to enhance privateness and safety. Nevertheless it’s nonetheless most likely protected to say that you simply shouldn’t belief any iMessage for Android app.