The much-anticipated launch of Nothing Chats this week turned into a privacy debacle that was over almost as soon as it began. The app promised seamless messaging between Nothing Phone users and iPhone owners via iMessage integration. But within 24 hours, serious security flaws came to light — leading Nothing to abruptly yank the app from the Google Play Store.

Nothing Chats relied on a platform called Sunbird to enable cross-platform messaging. The problems arose from how Sunbird handled user data behind the scenes. Unbeknownst to users, activating Nothing Chats required giving Sunbird login access to iCloud accounts on external servers the company controlled. From there, Sunbird would fetch and transmit iMessages unencrypted over HTTP to Firebase databases. Alarmingly, this meant plaintext messages were stored on insecure cloud infrastructure.

Cryptography expert Dylan Roussel published damning findings about these glaring privacy risks on Texts.com. He determined messages were not actually end-to-end encrypted as Nothing claimed. Worse still, Sunbird engineers could view users’ private conversations via their Sentry error logging dashboard.

“An attacker subscribed to the Firebase database will always be able to access the messages before or at the moment they are read by the user,” Roussel wrote.

Sunbird disputed aspects of the reports, unconvincingly claiming HTTP was only used for “one-off” notifications. Nonetheless, the scrutiny dealt a devastating blow to Nothing’s credibility. The startup aims to compete with Apple on privacy, but Nothing Chats revealed troubling hypocrisy between its marketing and product reality.

Within a day, Nothing Chats was gone. Nothing CEO Carl Pei announced its removal from the Play Store, sheepishly admitting the need to resolve “several bugs” before any relaunch. But the damage may already be done. Nothing Chats abused user trust from the very start — and suffered the consequences at lightning speed. For Nothing’s lofty ambitions, this privacy disaster is a troubling setback it may struggle to recover from.