Apple is locked in a game of cat-and-mouse with a company that claims to have reverse-engineered iMessage and allows Android users chat to their friends using the coveted Apple blue text message bubble.
The team behind Beeper – an app that seeks to centralise messages from disperate services like WhatsApp, Facebook Messenger, and Telegram – created a stir last week when it launched Beeper Mini on the Google Play store.
“Finally, get blue bubbles on Android!” the app’s description reads. “Beeper Mini is a full featured chat app designed for chatting with iPhone friends. Your phone number is no longer a green bubble!”
The developers are trying to capitalise – it originally cost $2 a month – on the known social divide between the green bubbles sent by Android users and the blue bubbles that Apple users see.
Apple is aware of the ‘green bubble shame’ phenomenon; CEO Tim Cook famously told someone to “buy your mum an iPhone” when he was talking about how he couldn’t send his mother certain messages due to the divide.
While Apple has belatedly agreed to adopt the Rich Communications Services (RCS) standard to allow rich text messages between Android and Apple phones, the company may still put its own twist on its implementation to uphold the social status of the blue bubble.
So when Beeper co-founder Eric Migicovsky got a message from a 16-year-old developer named James Gill saying he’d cracked iMessage, Migicovsky paid attention.
For an app that was trying to be the one-stop-shop for messaging, reverse-engineering iMessage was something of a holy grail.
Gill was able to use Apple’s handling of push notifications to create a Python program that would securely transact iMessage's encryption keys between the device and the Apple ID server.
It was a form of ‘adversarial interoperability’ that, as activist and author Cory Doctorow noted, Apple itself once used to let Mac customers use Microsoft Office files.
Other companies had tried workarounds, including the poorly executed Nothing Chats app which ran servers full of Mac Minis that logged into users’ iCloud accounts in what turned out to be a tremendous security risk (the app was quickly removed from the Google Play store).
Last week, Beeper Mini arrived complete with Gill’s code.
Within three days, it suddenly stopped working.
In a statement to the Verge, Apple confirmed it was the culprit.
“We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage,” the company said.
“These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks.”
This morning, Beeper said Mini was back after the developers fixed “an issue that caused messages not to be sent or received”.
Phone number registration is broken, according to a Beeper blog post, requiring people to sign in with AppleID but the company said it’s working on it.
Beeper Mini is also free while the developers try to guarantee a stable service.
The company was scathing in its response to Apple, saying the tech giant was guilty of spreading fear, uncertainty, and doubt about iMessage interoperability.
“Beeper Mini made communication between Android and iPhone users more secure. That is a fact,” Beeper said.
“Make no mistake, the changes Apple made on Friday were designed to protect the lock-in effect of iMessage.”
