What you want to know
- Sunbird, the messaging app that aimed to deliver iMessage to Android customers, introduced Friday that it’s relaunching in beta.
- The unique app rapidly shut down after customers uncovered crucial safety and privateness flaws that left consumer messages vulnerable to being intercepted.
- The corporate added a web page to its web site detailing what went fallacious the primary time round and what has been modified since.
Sunbird, the messaging app that infamously partnered with Nothing to deliver iMessage to Android earlier than being swiftly shut down, is now returning. The corporate announced Friday, April 5, that it might relaunch the beta model of its app after making modifications to its backend infrastructure. Sunbird says that over 165,000 customers have registered for the app’s waitlist and that invites will turn into accessible in small phases.
The primary time round, Sunbird introduced iMessage to Android by means of its personal app and the Nothing Chats app. Nothing, the Android telephone producer behind the Nothing Telephone 2 and Telephone 2a, wished to make all of its gadgets appropriate with iMessage by means of Nothing Chats. Nonetheless, customers rapidly found that the messages and inner processes have been unencrypted, leaving consumer messages and shared information accessible for anybody to entry.Â
Sunbird defined the technical modifications to its iMessage structure, meant to extend safety and repair the unique app’s privateness woes, on its website. In the event you’re curious or skeptical, right here they’re:Â
- Unencrypted messages are by no means saved wherever on disk or in a database. When messages are decrypted to be handed to the iMessage and RCS/Google Messages community, they exist in that state solely inside reminiscence for a restricted time period. Within the front-end app, messages are solely saved in an encrypted state inside the in-app database.
- Static information transmitted by means of the service are saved in safe cloud storage buckets which are encrypted in transit and at relaxation. They’re protected by means of permissioned URLs that forestall unauthorized entry and are utterly expunged from the Sunbird methods no later than 48 hours after sending or receiving them.
- All communication from the Sunbird app to the Sunbird API is protected on the transport layer, both by means of HTTPS or the MQTTS protocol.
- The MQTTS dealer is secured by way of strict entry management lists to make sure that customers are solely in a position to entry dealer matters particularly assigned to them and no others.
- Additional, the contents of the message payload itself is encrypted on the software layer utilizing AES encryption with an encryption key managed utterly by the shopper and solely held in reminiscence on the Sunbird aspect. Messages movement by means of the Sunbird system in an encrypted state and are solely decrypted (in reminiscence) in the mean time of switch of messages to the native messaging platform.
Sunbird additionally not directly mentions Beeper in its press launch, which discontinued assist for its iMessage shopper — known as Beeper Mini — after repeated strikes by Apple to close it down. The corporate claims that Sunbird is an answer to the iMessage compatibility drawback that does not take steps to offer unauthorized entry to Apple’s iMessage servers. Paradoxically, Sunbird factors out the “safety and privateness issues” associated to Beeper Mini because of the app’s “unauthorized entry to iMessage.”
Nonetheless, it is as much as finish customers to determine whether or not Sunbird is definitely value trusting. For what it is value, the corporate has already been caught in the course of a discrepancy once more. 9to5Google  seen that Sunbird claimed that it introduced on Jared Jordan, a Google engineering director, as a proper advisor. Nonetheless, Jordan’s LinkedIn web page reveals that he left the corporate months in the past. Sunbird quietly up to date its web site to vary the wording round Jordan’s previous expertise, with no point out or acknowledgment of the change.Â
Sunbird says that the explanation the corporate pulled the app for months was as a consequence of its “unwavering dedication to the privateness and safety of our customers.” As a substitute of transport a fast repair, Sunbird opted to rebuild its inner structure completely.
Nonetheless, it stays to be seen whether or not customers belief Sunbird once more. The app nonetheless has a protracted solution to go, as it’s now beginning over from scratch in a really restricted beta.