Apple has plugged holes that allowed subscribers of the Android app Beeper Mini to chat with their iPhone friends over iMessage.
Beeper Mini allowed Android users to send messages to iPhone users as a blue bubble instead of a green one, but Apple has now blocked the app.
Moreover, the company issued a statement on the matter, making it clear it has no intention of allowing apps like Beeper Mini to exploit the iMessage system.
Beeper Mini: Apple blocks Android’s iMessage app
Here’s Apple’s statement in full:
At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage.
“Fake credentials” is precisely how Beeper Mini fools Apple’s servers into thinking they’re interacting with a legitimate iMessage client.
These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam and phishing attacks. We will continue to make updates in the future to protect our users.
Beeper CEO Eric Migicovsky reacted to Apple’s statement with the following comment to The Verge and other outlets:
If Apple truly cares about the privacy and security of their own iPhone users, why would they stop a service that enables their own users to now send encrypted messages to Android users, rather than using unsecure SMS? With their announcement of RCS support, it’s clear that Apple knows they have a gaping hole here. Beeper Mini is here today and works great. Why force iPhone users back to sending unencrypted SMS when they chat with friends on Android?
The very fact that Apple bothered to comment on Beeper Mini, which isn’t the first app to try to bring iMessage to Android, tells you all you need to know about the seriousness with which the company is treating this matter.
How Beeper Mini connected with iMessage
For $2/month, Beeper Mini permitted Android users to not only send and receive iMessages with end-to-end encryption but also take advantage of other iMessage features such as read receipts, typing indicators, sticker reactions, high-quality media attachments, and so on.
The app uses findings by a 16-year-old high school student who has managed to reverse-engineer the iMessage protocol. Beeper Mini takes advantage of this to register Android phone numbers with the iMessage service. The approach is much more secure than other solutions that simply route messages through Mac mini servers and require entrusting your Apple ID credential to a third-party
A game of cat and mouse
iMessage is the perfect gateway drug of the iOS ecosystem and the ultimate lock-in. Apple has considered porting iMessage over to Android, but executives shot down the idea because they thought doing so would cannibalize iPhone sales.
Apple dodged a crackdown over iMessage by European regulators who haven’t found iMessage popular enough with business users to justify government actions.
Increasing regulatory pressure is probably the cheaf reason Apple announced support for the Rich Communication Services (RCS) protocol sometime in 2024. RCS aims to replace SMS/MMS with modern messaging capabilities.
While RCS messages will appear as a green bubble, Apple’s support for RCS will improve the messaging experience between iPhone and Android users with features like read receipts, typing indicators, higher-quality media, etc.