Nothing and Sunbird pulled the shockingly insecure iMessage bridge, but only after it was discovered that not only did Sunbird log and retain messages, vCards, and more, but that retained user data could also be downloaded by others.
The thing is, even if the Sunbird app was properly implemented, it would still be a security nightmare because you are relaying people’s iMessage messages on random Mac minis. The messages have to exist in plain text on the server before it’s re-encrypted to be sent to the user. An attacker or malicious admin could easily find a way to log those messages. So no amount of due diligence by Nothing is really necessary here. The entire idea is bad.
But then, if Nothing or the Sunbird developers were actually competent to begin with they would probably have realized that this was a terrible idea and wouldn’t have gone down this path.
The thing is, even if the Sunbird app was properly implemented, it would still be a security nightmare because you are relaying people’s iMessage messages on random Mac minis. The messages have to exist in plain text on the server before it’s re-encrypted to be sent to the user. An attacker or malicious admin could easily find a way to log those messages. So no amount of due diligence by Nothing is really necessary here. The entire idea is bad.
But then, if Nothing or the Sunbird developers were actually competent to begin with they would probably have realized that this was a terrible idea and wouldn’t have gone down this path.