Sunbird’s Second Act: Revamping iMessage for Android
In an intriguing turn of events, Sunbird, the company that once attempted to integrate iMessage with Android, is staging a comeback. Despite the initial launch being marred by significant security concerns, the company has announced a relaunch of its services, promising enhanced connectivity and fortified security measures.
The journey of Sunbird began in 2022, with an ambitious goal to bridge the communication gap between Android and Apple users. The service was initially available in a private beta with a waitlist, and it wasn’t until a partnership with Nothing to launch “Nothing Chats” that Sunbird’s solution gained broader exposure.
However, the initial excitement was short-lived as Sunbird’s foray into the messaging space was quickly overshadowed by alarming security flaws. Reports surfaced detailing how user-shared media and real-time messages were susceptible to unauthorized access, casting a shadow over the app’s reliability.
Reacting to the security debacle, Sunbird took a step back, halting its operations to reassess and rebuild. Now, with a renewed sense of purpose, Sunbird is extending invitations to those on the waitlist to experience the revamped service, starting with small phases from April 5.
Amidst the competitive messaging landscape, Sunbird is positioning itself as a secure bridge for communication between Android and Apple users. The company has been tight-lipped about the specifics of the changes made but has expressed a commitment to delivering a secure and unified messaging experience.
Diving deeper into the technical enhancements, Sunbird has shed its previous architecture in favor of the new “AV2” system. This system employs a MQTTS message broker, aligning with OASIS standards for secure messaging. Additionally, the app is set to integrate with RCS via Google Messages, following in the footsteps of the intended Nothing Chats integration.
Sunbird has outlined several security measures, including:
- Ensuring unencrypted messages are not stored on disk or databases, existing only temporarily in memory when decrypted.
- Securing static files in encrypted cloud storage buckets with permissioned URLs to prevent unauthorized access and expunging them within 48 hours post-transmission.
- Protecting all communication from the app to the API with HTTPS or MQTTS protocols.
- Implementing strict access control lists on the MQTTS broker to restrict user access to assigned topics.
- Encrypting message payloads at the application layer with AES encryption, controlled by the client and temporarily held in memory on the Sunbird side for message transfer.
On the organizational front, Sunbird has enlisted the expertise of an independent security consultancy, CIPHER, and welcomed Jared Jordan, a former Google Engineering Director for Gmail, as a formal advisor. Despite Sunbird’s claim that Jordan is currently with Google, his LinkedIn profile indicates a recent move to CapitalOne.
The relaunch of Sunbird has been met with skepticism, especially considering the company’s previous missteps. The discrepancy regarding their new advisor’s current employment has also raised concerns. Nonetheless, Sunbird’s efforts to rectify past issues and enhance their platform are noteworthy, though it remains to be seen if they can regain user trust.
As the messaging app landscape continues to evolve, Sunbird’s attempt to reintegrate iMessage for Android users will be closely watched by industry observers and consumers alike.
Follow Ben: blank” rel=”noreferrer noopener”>Twitter/X, blank” rel=”noreferrer noopener”>Threads, and Instagram
FTC: We use income earning auto affiliate links. More.
