Summary
- Nothing Chats, a service that brings iMessage to Android devices, may have a serious security problem. It was found to not use encryption when sending Apple login credentials, potentially making it vulnerable to a man-in-the-middle attack.
- Nothing claims that the plain text seen by a developer is a tokenized version of Apple ID credentials, rather than the actual password. The company states that the token is of no use to bad actors and assures that user data is encrypted and secure.
- Nothing also says that the usage of the term "BlueBubble" in Chats' coding is a coincidence and not related to the unencrypted chat backend of the same name.