Nothing pulls its iMessage app from the Play Store following privacy disaster

AnActOfCreation@programming.dev to Technology@lemmy.world – 656 points –
androidpolice.com
  • Nothing Chats, a rival to apps like Beeper and AirMessage, advertised itself as a secure platform for sending messages to iMessage users.
  • However, less than 24 hours after its launch, investigations into the app revealed that Nothing Chats logged every message in plain text and stored unencrypted data, including text messages, images, videos, and more, making it a significant privacy and security risk.
  • The company removed the app from the Play Store following these complaints, citing "several bugs" that need fixing.
97

You are viewing a single comment
View all commentsShow the parent comment

I used to use Privacy.com and Mint until I did some looking into Plaid. They present a login screen that looks like your bank and you assume they're doing some kind of OAuth. Nope they're just taking your full banking credentials and you have to hope they're safe. I think Plaid is a ticking time bomb. When it gets hacked a lot of people will be in trouble.

Are you sure about Plaid? Because jesus I've signed in through Plaid many times.

Yep (and I had the same reaction).

From their privacy policy.

Data you provide to us. When you use Plaid’s products or services, like when you connect your financial accounts (like your bank accounts) to a developer’s app through Plaid, we may collect the following data from you:

  • identifiers like name, email address, and phone number;
  • login data when required by the provider of your account, like your username and password, account and routing number, or a security token.
  • when needed, data to help verify your identity and/or connect your accounts, including your Social Security number, date of birth, security questions and answers, documentary ID and one-time password (OTP).

https://plaid.com/legal/#consumers

Additional reading: https://security.stackexchange.com/questions/198005/is-plaid-a-service-which-collects-user-s-banking-login-information-safe-to-use

EDIT: And a lawsuit: https://www.ctvnews.ca/mobile/business/td-bank-files-lawsuit-against-plaid-accusing-it-of-trying-to-dupe-consumers-1.5145326

Oh Lord. I have all my money in one account and have used Plaid on it. If it were to get hacked, I would be ruined lol. Not a lot of money but that's all I have.

Thanks so much for telling me this!