Sunbird is coming back, but no one asked for it


What you need to know Sunbird, the messaging app that aimed to bring iMessage to Android users, announced Friday that it is relaunching in beta.
The original app quickly shut down after users exposed critical security and privacy flaws that left user messages susceptible to being intercepted.
Sunbird, the messaging app that infamously partnered with Nothing to bring iMessage to Android before being swiftly shut down, is now returning.
The first time around, Sunbird brought iMessage to Android through its own app and the Nothing Chats app.
Sunbird explained the technical changes to its iMessage architecture, intended to increase security and fix the original app’s privacy woes, on its website.
In the front-end app, messages are only stored in an encrypted state within the in-app database.
All communication from the Sunbird app to the Sunbird API is protected at the transport layer, either through HTTPS or the MQTTS protocol.
Ironically, Sunbird points out the “security and privacy concerns” related to Beeper Mini due to the app’s “unauthorized access to iMessage.”


What you should be aware of.

An announcement was made on Friday regarding the relaunch of Sunbird in beta, the messaging app that sought to bring iMessage to Android users.

User-discovered serious security and privacy vulnerabilities that allowed user messages to be intercepted led to the original app’s swift shutdown.

The business updated its website with a page that explains what went wrong the first time and what has been fixed.

Now making a comeback is Sunbird, the messaging app that gained notoriety for working with Nothing to bring iMessage to Android before being abruptly shut down. The business declared on Friday, April 5, that following modifications to its backend infrastructure, it would relaunch the app’s beta version. More than 165,000 people have signed up for the app’s waitlist, according to Sunbird, and invitations will start to go out in small batches.

When Sunbird first released iMessage for Android, it did so via the Nothing Chats app and its own app. Nothing, the company that made the Nothing Phone 2 and Phone 2a, wanted to enable iMessage on all of its Android phones by utilizing Nothing Chats. But as soon as users realized that the internal operations and messages were not encrypted, user files and messages were open to anybody.

On their website, Sunbird detailed the technical modifications made to their iMessage architecture in an effort to improve security and address privacy issues with the original app. These are for your perusal or skepticism:.

There is never any storage of unencrypted messages in a database or on disk. Messages exist only in memory for a short time after they are decrypted and passed to the iMessage and RCS/Google Messages network. Messages are only kept encrypted in the in-app database within the front-end application.

Static files sent over the service are encrypted both in transit and at rest and are kept in safe cloud storage buckets. Within 48 hours of sending or receiving them, they are fully removed from the Sunbird systems and safeguarded by permissioned URLs that prohibit unwanted access.

Using either the MQTTS protocol or HTTPS, all communication between the Sunbird app and the Sunbird API is secured at the transport layer.

To guarantee that users can only access broker topics that have been specifically assigned to them and not others, the MQTTS broker is protected by stringent access control lists.

AES encryption is also used at the application layer to encrypt the message payload’s contents. The encryption key is solely managed by the client and is only stored in memory on the Sunbird side. When messages are transferred to the native messaging platform, they are decrypted (in memory) only after passing through the Sunbird system.

In a press release, Sunbird also subtly brings up Beeper, which suspended support for its iMessage client, Beeper Mini, following repeated attempts by Apple to shut it down. According to the company, Sunbird is a workaround for the iMessage compatibility issue that doesn’t involve giving third parties access to Apple’s iMessage servers without authorization. Paradoxically, Sunbird draws attention to Beeper Mini’s “security and privacy concerns” because of the app’s “unauthorized access to iMessage.”. ****.

The choice of whether or not Sunbird is genuinely trustworthy rests with the end users. In any case, the business has already found itself embroiled in a disagreement once more. 9to5Google saw that Sunbird asserted that it appointed Google engineering director Jared Jordan as an official advisor. Jordan left the company months ago, though, according to his LinkedIn page. Without making any announcement or acknowledging the change, Sunbird subtly changed the text on its website to reflect Jordan’s prior experience.

According to Sunbird, the company’s “unwavering commitment to the privacy and security of our users” was the reason behind the app’s removal for several months. Rather than providing a hasty patch, Sunbird chose to completely reconstruct its internal architecture.

It will be interesting to see if users start to trust Sunbird again. The app is currently in a very limited beta, so it still has a long way to go.

In five minutes, become an authority.

Get the most recent news from Android Central, your reliable resource for everything Android-related.

Please send me emails from our dependable sponsors or partners with news and offers from other Future brands.


Brady works at Android Central as a tech journalist covering news. He has been covering and speculating on consumer technology for a variety of publications for the past two years. Brady completed his education at St. John’s University in 2023 after earning a journalism bachelor’s degree. Brady enjoys running and watching sports when he’s not tinkering with the newest technology.

scroll to top