Chat app that brings iMessage to Android turns out to be a privacy nightmare 
Thread time!
— Dylan Roussel (@evowizz) November 18, 2023
Summary:
- Sunbird has access to every message sent and received through the app on your device.
- All of the documents (images, videos, audios, pdfs, vCards...) sent through Nothing Chat AND Sunbird are public.
- Nothing Chats is not end-to-end encrypted.
tech/science swag. 
On-Topic: Anything that good slackers would find interesting. That includes more than /g/ memes and slacking off. If you had to reduce it to a sentence, the answer might be: anything that gratifies one's intellectual laziness.
Off-Topic: Most stories about politics, or crime, or sports, unless they're evidence of some interesting new phenomenon. Videos of pratfalls or disasters, or cute animal pictures. If they'd cover it on TV news, it's probably lame.
Help keep this hole healthy by keeping drama and non-drama balanced. If you see too much drama, post something that isn't dramatic. If there isn't enough drama and this hole has become too boring, POST DRAMA!
Please do things to make titles stand out, like using uppercase or exclamation points, or saying how great an article is. It should be explicit in submitting something that you think it's important.
Please don't submit the original source. If the article is behind a paywall, just post the text. If a video is behind a paywall, post a magnet link. Fuck journos.
Please don't ruin the hole with chudposts. It isn't funny and doesn't belong here. THEY WILL BE MOVED TO /H/CHUDRAMA
If the title includes the name of the site, please leave that in, because our users are too stupid to know the difference between a url and a search query.
If you submit a video or pdf, please don't warn us by appending [video] or [pdf] to the title. That would be r-slurred. We're not using text-based browsers. We know what videos and pdfs are.
Make sure the title contains a gratuitous number or number + adjective. Good clickbait titles are like "Top 10 Ways to do X" or "Don't do these 4 things if you want X"
Otherwise editorialize. Please don't use the original title, unless it is gay or r-slurred, or you're shits all fucked up.
If you're going to post old news (at least 1 year old), please flair it so we can mock you for living under a rock, or don't and we'll mock you anyway.
Please don't post on SN to ask or tell us something. Send it to [email protected] instead.
If your post doesn't get enough traction, try to delete and repost it.
Please don't use SN primarily for promotion. It's ok to post your own stuff occasionally, but the primary use of the site should be for curiosity. If you want to astroturf or advertise, post on news.ycombinator.com instead.
Please solicit upvotes, comments, and submissions. Users are stupid and need to reminded to vote and interact. Thanks for the gold, kind stranger, upvotes to the left.
Be snarky. Don't be kind. Have fun banter; don't be a dork. Please don't use big words like "fulminate". Please sneed at the rest of the community.
Comments should get more enlightened and centrist, not less, as a topic gets more divisive.
If disagreeing, please reply to the argument and call them names. "1 + 1 is 2, not 3" can be improved to "1 + 1 is 3, not 2, mathfaggot"
Please respond to the weakest plausible strawman of what someone says, not a stronger one that's harder to make fun of. Assume that they are bad faith actors.
Eschew jailbait. Paedophiles will be thrown in a wood chipper, as pertained by sitewide rules.
Please post shallow dismissals, especially of other people's work. All press is good press.
Please use Slacker News for political or ideological battle. It tramples weak ideologies.
Please comment on whether someone read an article. If you don't read the article, you are a cute twink.
Please pick the most provocative thing in an article or post to complain about in the thread. Don't nitpick stupid crap.
Please don't be an unfunny chud. Nobody cares about your opinion of X Unrelated Topic in Y Unrelated Thread. If you're the type of loser that belongs on /h/chudrama, we may exile you.
Sockpuppet accounts are encouraged, but please don't farm dramakarma.
Please use uppercase for emphasis.
Please post deranged conspiracy theories about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email [email protected] and dang will add you to their spam list.
Please don't complain that a submission is inappropriate. If a story is spam or off-topic, report it and our moderators will probably do nothing about it. Feed egregious comments by replying instead of flagging them like a pussy. Remember: If you flag, you're a cute twink.
Please don't complain about tangential annoyances—things like article or website formats, name collisions, or back-button breakage. That's too boring, even for HN users.
Please seethe about how your posts don't get enough upvotes.
Please don't post comments saying that rdrama is turning into ruqqus. It's a nazi dogwhistle, as old as the hills.
We reserve the right to exile you for whatever reason we want, even for no reason at all! We also reserve the right to change the guidelines at any time, so be sure to real them at least once a month. We also reserve the right to ignore enforcement of the guidelines at the discretion of the janitorial staff. Be funny, or at least compelling, and pretty much anything legal is welcome provided it's on-topic, and even then.
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
Jump in the discussion.
No email address required.
I'm pretty sure unless apple creates the app it should not be possible (at the very least not possible as a public scaled app) to implement iMsg on another OS. iMsg system uses Apple's encryption keys and therefore the device would have to at least have its own trusted key ... wtf did this dev do just frickin route all texts to a 3rd party ios instance or something? I'm intrigued.
Either way Apple would have to have a hand in it since iMessages aren't even texts it's just an apple branded whatsapp/signal/telegram/element no?
Jump in the discussion.
No email address required.
I think it was actually to a Mac that then used the Mac version of the messages app, but yeah. Pretty much that.
Jump in the discussion.
No email address required.
More options
Context
afaik that's exactly how this works, unless im thinking of another version of the same thing
Jump in the discussion.
No email address required.
More options
Context
There are existing, working methods of doing exactly what this app does without the security problems, but they require the user to have a MacOS instance running at all times for the phone to funnel the texts through (VMs are sufficient so no apple hardware required)
https://bluebubbles.app
Current hyperfixation:
Jump in the discussion.
No email address required.
Yea that's what I was thinking of, I almost did that because it was getting annoying transfering files between my iphone and android. I ended up going with another solution ..I really didn't feel like having a mac instance running at all times with internet just to xfer files.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
I'm so happy in the Congo89wc 8mo ago #5408755 spent 0 currency on pingsWhat the frick, Apple has access to your keys on imessage? That's a terrible system
Jump in the discussion.
No email address required.
Not necessarily. I am pretty sure they do not need to know what your private key is in order to verify that it is you.
Just because they facilitate the creation of the key, doesn't mean they need to know what the resulting key is. If I am remembering right, the generation happens on the phone itself and doesn't ever leave the phone (and to take it a step further I am pretty sure the ~newer iphones have a separate chip dedicated to doing only that, which separates it even further from the files in the phone and improves security substantially).
There's obviously no way to know for sure whether that key is sent to apple, but I'd argue that past jailbreakers would have been able to see if that were the case and would have called apple out on it causing gigadrama.
Anyway, as much as I despise apple, this is a legitimate reason as to why android does not have imessages and is the actual reason for the bubble colors. SMS is extremely insecure.
But with that said, since apple will finally be switching from SMS texts to the RCS protocol, Everyone gets to have encryption + the benefits of any typical messenger app (bigger file size, different file types like pdf, location sharing or whatever, etc.)
Literally no reason to try and bootleg an iMessages (even if apple wasn't switching to RCS, anyone can just use a universal messenger app)
Jump in the discussion.
No email address required.
Have you owned the libs yet?
Jump in the discussion.
No email address required.
2021 called, it wants your comment back
fricking owned
Jump in the discussion.
No email address required.
More options
Context
More options
Context
you're correct, they have a robust key management system and use a "secure enclave"
Follower of Christ
Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
nope, they're end-to-end encrypted: https://support.apple.com/guide/security/imessage-security-overview-secd9764312f/web
key syncing between devices: https://support.apple.com/guide/security/secure-keychain-syncing-sec0a319b35f/web
Follower of Christ
Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context