4.4 C

Apple responds to the Beeper iMessage saga: ‘We took steps to protect our users’



A few days after the team at Beeper proudly announced a way for users to send blue-bubble iMessages directly from their Android devices without any weird relay servers, and about 24 hours after it became clear Apple had taken steps to shut that down, Apple has shared its take on the issue.

The company’s stance here is fairly predictable: it says it’s simply trying to do right by users, and protect the privacy and security of their iMessages. “We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage,” Apple senior PR manager Nadine Haija said in a statement.

Here’s the statement in full:

At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users. 

This statement suggests a few things. First, that Apple did in fact shut down Beeper Mini, which uses a custom-built service to connect to iMessage through Apple’s own push notification service — all iMessage messages travel over this protocol, which Beeper effectively intercepts and delivers to your device. To do so, Beeper had to convince Apple’s servers that it was pinging the notification protocols from a genuine Apple device, when it obviously wasn’t. (These are the “fake credentials” Apple is talking about. Quinn Nelson at Snazzy Labs made a good video about how it all works.)

Beeper says its process works with no compromise to your encryption or privacy; the company’s documentation says that no one can read the contents of your messages other than you. But Apple can’t verify that, and says it poses risks for users and the people they chat with.

“These techniques posed significant risks to user security and privacy”

Obviously there’s also a much bigger picture here, though. Apple has repeatedly made clear that it doesn’t want to bring iMessage to Android: “buy your mom an iPhone,” CEO Tim Cook told a questioner at the Code Conference who wanted a better way to message their Android-toting mother, and the company’s executives have debated Android versions in the past but decided it would cannibalize iPhone sales. Apple has recently said it will adopt the cross-platform RCS messaging protocol, but we don’t yet know exactly what that will look like — and you can bet that Apple will still seek to make life better for native iMessage users.

Apple’s statement comes at an interesting time. Beeper has been around for a couple of years, and its previous efforts to intercept iMessage were actually far more problematic, security-wise. Beeper and apps like Sunbird (which recently worked with Nothing on another way to bring iMessage to Android) were simply running your iMessage traffic through a Mac Mini in a server rack somewhere, which left your messages much more vulnerable. But Beeper Mini was exploiting the iMessage protocol directly, which clearly prompted Apple to tighten its security measures.

Since Apple cut off Beeper Mini, Beeper has been working feverishly to get it up and running again. On Saturday, the company said iMessage was working again in the original Beeper Cloud app, but Beeper Mini was still not functioning. Founder Eric Migicovsky said on Friday that he simply didn’t understand why Apple would block his app: “if Apple truly cares about the privacy and security of their own iPhone users, why would they stop a service that enables their own users to now send encrypted messages to Android users, rather than using unsecure SMS?”

If Beeper does ever get Beeper Mini working again, it seems destined for a never-ending game of cat and mouse trying to stay one step ahead of Apple’s security. And Apple has made clear it intends to win that game, no matter how badly you want to send iMessages from an Android phone.

Source link

Subscribe to our magazine

━ more like this

Marriott Bonvoy Business Amex review: Don’t sleep on multiple free night awards and status

Our take: With perks meant to attract business owners who make Marriott Bonvoy hotels their home away from home, and with a relatively...

Facing mounting debt, three quarters of U.S. workers want to get paid every day

On-demand streaming, delivery, and, next up, on-demand compensation. The biweekly paycheck is on the cusp of disruption, although expansion plans have hit a...

Signal will soon let you share a username instead of your phone number

Signal is rolling out support for usernames on its encrypted messaging service over the next few weeks. The feature, which is still in...

Israel’s economy sinks 20% as the war decimates consumer spending and real-estate investments

Israel’s war in Gaza has taken a toll on the country’s economy. In the fourth quarter of 2023, Israel’s economy contracted almost 20%...

40 Years of Gay Times: How the Publisher Continues to Grow

The year was 1984. Musicians like Queen and ’80s fashion were all about being free and embracing individuality, but those in LGBTQ+ communities...