The Nothing Phone (1) and (2) have been praised in the past for having clean — almost stock Android-ish — software with great home screen customization, and that has been the case since the company’s first foray into the smartphone OEM arena. However, as promising as that has been, the company hasn’t had a great month when it comes to security.
![Source - Dylan Roussel | X - The Nothing CMF watch app was also discovered to have security flaws](https://m-cdn.phonearena.com/images/articles/408566-image/Dylan-Roussel-on-X-Lets-talk-about-Nothing...-again.jpg)
![Source - Dylan Roussel | X - The Nothing CMF watch app was also discovered to have security flaws](https://m-cdn.phonearena.com/images/articles/408566-image/Dylan-Roussel-on-X-Lets-talk-about-Nothing...-again.jpg)
Source – Dylan Roussel | X
The CMF Watch app required users to create an account with an email address and password, and the app then encrypted that data. However, the app also left the decryption method for that data available within the app itself. This meant that a malicious actor could easily access that sensitive information.
CMF takes privacy issues very seriously and the team is investigating security concerns regarding the Watch app. We rectified initial credential concerns earlier in the year and are currently working to resolve the issues raised. As soon as this next fix is complete, we will roll out an OTA update to all CMF Watch Pro users. Security reports can now be more easily submitted via https://intl.cmf.tech/pages/vulnerability-report.
While it is great news that Nothing has acknowledged the issue and is taking the necessary steps to correct it, it is somewhat worrying that the company keeps finding itself in this position. As a relatively new OEM, and especially one that is trying to get a new sub-brand off the ground, having lapses in their security is not a good look. Hopefully, Carl Pei and his team have learned from this experience and do a better job of making sure their apps are secure, especially when a third party company is involved in the process.
Header image credit: https://intl.cmf.tech/