In the US, we have a chat bubble problem. For a number of reasons—namely, because Apple won’t play nice with RCS on Android—it’s frustrating texting between iPhones and Androids. The “green bubble” as so many of us iPhone users call it, is an indication that group chats are going to be a slog, and that things like photos and videos are going to send in low-quality.
The thing is, this just isn’t an issue in other parts of the world. Non-Americans tend to raise an eyebrow over the hullabaloo we make about which type of phone you have. It doesn’t matter whether you have an iPhone, Galaxy, Pixel, or OnePlus, when everyone uses WhatsApp anyway.
While third-party messaging apps obviously exist in the States, texting is still king, which means the iPhone/Android war will rage on for the foreseeable future. Some, however, have seen this situation as an opportunity: What if you could build a way to offer iMessage compatibility on Android?
Nothing, the London-based phone company, is the latest to attempt such a solution. The company announced a new app for Nothing Phone (2), Nothing Chats, on Tuesday, that allows Phone (2) users to connect their Apple IDs and access iMessage on their device. It’s not a gimmick, nor is it a scam: It actually works. But that doesn’t mean you should use it.
How Nothing Chat’s iMessage integration works
Nothing Chats is powered by Sunbird, an in-the-works unified messaging platform that aims to put all your different messaging needs in one app. While Sunbird is in closed beta, requiring interested parties to join a waitlist, Nothing will give all Nothing Phone (2) users access to the Nothing Chats beta starting Friday. Of course, you need a Phone (2) in order to try Nothing Chats out, so that in itself is a hurdle.
While Nothing Chats is still closed for the next couple days, Nothing gave Marques Brownlee an early peak at the new app. To set it up, you first launch the Nothing Chats app, create an account with the app, the connect your Apple ID from the options menu. Once you start a chat with an iPhone, Nothing Chats sends through a virtual contact card to sync everything together, and, once synced, your Android-powered Nothing Phone (2) shows up as a blue bubble to your iPhone friends.
Some iMessage features, like typing indicators and high-quality images, already work. Nothing says it’s still working on adding iMessage features, like reactions, while other features, like editing and unsending messages, are missing. However, on the surface, it seems amazing that an Android phone could be compatible with iMessage.
It’s not safe
Look, I want to bridge the gap between iPhones and Androids as much as the next person. I think it’d be great if we could have one unified messaging system that didn’t divide us into blue bubbles and green bubbles. But Nothing Chats, and other apps like it, just aren’t the solution at this point.
The reason is because these apps simply aren’t secure. They say they are: Nothing Chats, and, subsequently, Sunbird, advertise the end-to-end encryption of the service. They say your messages, as well as your user data, cannot be read by the company, and aren’t stored on their servers. Your messages instead live only on your device and the devices of the users you send them to. So far, so good.
However, the platforms are inherently insecure, as they require you to sign into a third-party Mac with your Apple ID. When you connect to Nothing Chats with your Apple ID, you’re really logging into a Mac Mini in a Sunbird server farm in the US or Europe. This Mac Mini is what routes your messages from Android to iOS. As a general security rule, you should never give a remote device access to something like your Apple ID. There are simply too make security vulnerabilities to justify the risk. It’s the same issue that prevents me from recommending other universal chat services, like Beeper: When you give control of an important digital account like your Apple ID to someone else on a device you do not have access to, you open yourself up to potential disaster.
To Sunbird’s credit, the company stores your login credentials as a token with encryption, so you shouldn’t necessarily worry about your username and password. In addition, the company will delete account information after two weeks of inactivity, so abandoned accounts won’t stay open in perpetuity. However, all it takes is one successful hack of Sunbirds servers to access your Apple ID login token, which puts your account, with all your connected devices and data, in jeopardy. I admire what Sunbird and Nothing are doing here, but I can’t recommend anyone hand over their Apple ID to any third-party, even those with the best of intentions (and encryption).
Counterpoints
Don’t worry: I’ve heard the arguments for why this security compromise isn’t so bad. For one, SMS is a pretty insecure messaging standard in its own right as it isn’t encrypted, so Android to iPhone texting is already vulnerable. Plus, some Android users might not have any stake in the Apple ecosystem going in, only creating an Apple ID for this specific purpose. If that gets compromised in a hack, hackers could gain access to the flow of messages, but it’s not the same as if the user relied on the Apple ID for all their digital needs.
Both valid points! But I think the security risks outweigh the benefits here. Sure, SMS isn’t end-to-end encrypted, but that doesn’t mean you should hand your Apple ID security to someone else, even if you don’t have multiple devices and a backlog of data connected to it.
If you understand the risks and still want to give this app a try, Nothing will make it easy for you. However, I’ll be over here, still using SMS when I have to, begging Apple to make it easier and more secure to message an Android user from my iPhone.
