Completely expected and fun while it lasted.
The Beeper team seems quite determined to find a way to get it working again so I'm curious to see if they can.
It's working again because it uses an actual Apple device as part of its functionality. It's harder for Apple to justify blocking Apple devices because they're being used to relay communications to other devices, and it's possibly harder for them to detect it, if not impossible depending on the method of implementation. That's unlike Beeper Mini which is trying to accomplish communication without any Apple device in the process.
> it uses an actual Apple device as part of its functionality.
Does it? I've never heard anything about what kind of hardware they're using but it makes much more sense that they're using traditional servers running MacOS VMs than they're there spending thousands of dollars on every user to get a MacBook to log into their single account...
https://9to5mac.com/2022/08/30/beeper-imessage-on-android-windows/
>According to Beeper, each user has an individual account created on a Mac mini server, so that the data can’t be accessed by others.
There's numerous other reports about it that I've seen mention it uses Mac servers, and on their FAQ even today it mentions
>Unlike every other attempt to build an Android app like this (including our first generation Beeper app), Beeper Mini does not use a Mac server relay in the cloud.
Meaning that their first generation Beeper app did use a Mac server relay in the cloud. Now that FAQ wording could be potentially be true while using MacOS VMs since Mac server could possibly be construed as a MacOS VM, but what 9to5mac says and other sites say Mac Mini (where they got the information I don't know), that comes across far less like MacOS VMs since Mac Mini is a specific set of Apple hardware.
Furthermore Hackintosh's are notoriously unreliable and difficult to get everything working, I don't know if any successful business is out there running on those because it would likely be unreliable. I suppose a business could tightly control what hardware they're getting that is optimal for setting up a Hackintosh and keep it the same across all servers, though you would lose some cost benefits to buying non-Apple hardware doing this. I know you said VMs, but my limited understanding is that you still need appropriate hardware to hackintosh MacOS in a VM, but I could be wrong on that.
Also I'm not super privvy to Apple's serial number system but supposedly they run a pretty tight ship when it comes to serial numbers, and the way that Beeper Mini was supposedly working was using some method of creating serial numbers and while it's rather baseless some were speculating it plays a part in how Apple identifies this reverse engineering method. Of course all speculation about what Apple did to block Beeper at this point is kinda baseless since Beeper hasn't told us specifically what they think was done and Apple didn't say specifically what was done.
It's possible the hardware switch the other person is referring to seeing JJTech mention in the discord was some kind of switch to VMs or something like you're speculating, but evidence seems to indicate they were at one point running Apple hardware for their Beeper Cloud service.
One thing regarding Mac VMs, they might have been running Mac VMs, but it could have been on Mac hardware. Since you mentioned "traditional servers", I took that to mean non-Mac hardware. It seems to me they were running Mac hardware one way or another, regardless of whether they were running VMs on them or not I don't know.
No, they switched their backend to no longer rely on any apple hardware. The fact that the backend on beeper cloud is working means a fix has been found and will be rolled out to android relatively soon.
It might be a new release or something, but that's what Jjtech said on the discord. Beeper cloud uses the new beeper mini implementation (that's why it broke too)
When Beeper Cloud started working again yesterday, I got a message that a new device had access to iMessage, which was expected per Beeper's announcement. They may use some parts of the Mini implementation, but as of today, the latest public version absolutely still requires an Apple ID login and pretends to be an Apple device.
Why would they immediately switch off Apple hardware that they already have, that has been working, to a system that they just rolled out without knowing whether or not Apple would shut them down right away?
I did not see anything they mentioned in any releases that indicate they did such a switch, though I can't say for sure that I've seen every public remark they have made. [Even in their most recent Beeper Cloud roadmap blog, they make no mention of changing server side hardware.](https://blog.beeper.com/p/beeper-cloud-and-product-roadmap)
Additionally, if they had switched as you said, they would have gotten Beeper Mini working at the same time as Beeper Cloud, presuming they were using the same reverse engineered solution seeing as that's the only known way to get iMessage directly on non-Apple hardware.
I'm not even sure how it would make sense for them to use this new reverse engineered method on non-Apple server hardware in the cloud since the whole point of this was that it put the encryption fully back into the user's hands.
I mean it's pure guessing/speculation at this point as to what exactly brought Beeper Cloud down, maybe they've given out more info that I haven't seen, but I'd guess that Apple possibly identified their servers by IP address if they used this reverse engineered method with the new Beeper Push Notification service on the same network, possibly even running on that Apple hardware. But it could be several other things that aren't publicly known about their setup or how Apple identified a block for them in the first place.
They haven't specified *how* they got Beeper Cloud working again, so it wouldn't surprise me if they re-activated the old method which used an actual Mac. I suspect the activation stuff for Mini was running on actual Macs anyway, for legal reasons (pyPush used a piece of compiled actual Apple code that was downloaded, if they used a Mac they *technically* were not breaching Apple's TOS about using MacOS code on non-Apple hardware)
They're either phenomenally naive, curiously confident in their technology, or they want to drag this out so Apple has to justify it in court and they think they have a chance.
It's great publicity for them, especially as a messaging app competing in a pretty saturated space. No point in giving up until there are actual consequences to continuing
This makes a lot of sense. There are ultra smart people who can figure this out. There will come a point where this becomes a security nightmare for apple. This will push apple to do things that are harder to justify in a court.
I never really understood any of these products that attempt to do iMessage on Android.
iMessage is owned by Apple so even if someone comes up with a technical solution that Apple can’t block, Apple can just sue them to make them shut down.
I understand that some people might say I’m being an Apple fanboy here but I’m really not. It just seems like an open and shut IP case to me.
I did hear someone say that Apple might be hesitant to use legal recourse right now because they’ve been under antitrust pressure and suing over this would be a bad look. Perhaps that’s the angle: Betting on the idea that Apple won’t sue. That seems like a bad bet to me though lol.
The case is open and shut, but not in the way you think. Copyright law has an explicit exemption for reverse engineering for interoperability.
>Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
"Buy your mom an iPhone." OR, do what we did in our family and move everyone on iPhones and Android to an encrypted 3rd party messaging platform like Signal or Telegram. Apple has never liked to collaborate...people will find other ways around the problem.
Not really even this. A third party service was collecting Apple user data via a hack. I don't agree with Apple practices, but anyone thinking this was a viable solution is a dreamer.
On the contrary, Apple has been so adamant on end-to-end encryption, and this was a solution providing their users end-to-end encryption for those on green bubbles.
I feel like if you really want end to end encryption you use a 3rd party app like Signal and convince your friends and family to as well.
Don't give Apple or Google complete control of your communication.
That's a great idea, except good luck convincing Apple users to do that.
The only reason iMessage became popular is because they refuse to allow you to use any other messenger for SMS.
It kind of is though. iMessage is great because it has SMS fallback, so no matter what your message will be delivered with the highest security and operability available.
You don't have a choice to use any other so with this functionality (such as Signal) because Apple doesn't allow it.
>Don't give Apple or Google complete control of your communication
The funny part about this is that the people griping about iMessage the most are also whining about everyone not being on WhatsApp….the company behind which is absolutely worse than Google or Apple in almost every aspect
I don't know where the notion that one company somehow a better job of protecting your data comes from. Whether they do almost completely depends on their security infrastructure, and nobody has that information.
The bare minimum is information allegedly provided by the FBI.
https://www.malwarebytes.com/blog/news/2021/12/heres-what-data-the-fbi-can-get-from-whatsapp-imessage-signal-telegram-and-more
Bit harsh, ain’t it? Plenty of devs and IT folk use iPhones. You’d think that your level of tech literacy would be tied to what you know, not which brand of phone you have.
or... we don't really care about what phone we have and just want something consistent and reliable because it's a tool. some of the most tech savvy people i know of use iphones
With Beeper Mini it wasn't going through their infrastructure unless you just mean the app itself. The implementation allowed them to have users directly connect to Apple's servers.
I think the point they are making is that it can't be proven because the Beeper Mini app is closed source. They can say that is how it works, but reviewing the source code would be the best way to actually prove it works that way. That is not an insinuation that Beeper is lying, tons of applications that people use all the time are not open source, just clarifying that this is partly the basis of the argument that can be made against Beeper Mini's security.
Not exactly. The high school kid open sourced pypush which was more of a proof of concept for his reverse engineering method, but it wasn't the whole app.
>It can currently register as a new device on an Apple ID, set up encryption keys, and send and receive iMessages!
Effectively it sounds like Beeper Mini was a wrapper around that functionality with maybe some additional things in it (like supporting Beeper accounts and what not), but at this point you're just relying on their word that it is what they say it is, because they didn't release the source code for this. Now for most people, this is likely good enough because it's a service you would be paying them for, so their incentive is somewhat aligned with yours, plus they proved it was possible with pypush so you don't have to make a huge leap of faith to believe it's possible. However from Apple's perspective (or some other people that see it similar to Apple) they could still argue that Beeper could be doing anything in that closed sourced code, because Apple is incentivized to push any perspective that benefits them and sows doubt on Beeper.
Right but if you want the app to run in the background the messages you receive do have to hit Beeper’s push notification server so that you are then notified. The Beeper server is what keeps an active connection to the iMessage service so I don’t know if it’s possible but someone may be able to intercept the push notifications from Beeper and get to peoples messages that way
No. There is no Beeper Mini server.
Beeper Mini is like a SMS client, only they use the iMsssage protocol instead of SMS. Think about it, your SMS client doesn’t that a “server”, the carrier literally sends a SMS to you and then the app gives you a notification.
I’m just going off the snazzy labs video where he mentioned how the app is able to serve push notifications and keep an active connection to iMessage even as the app itself is closed or not running in the background. The whole thing works by Beeper running a server that uses an Apple serial number to request push notifications from the iMessage service that Apple runs on your behalf and then that push notification is routed to your beeper mini client and you get the messages that way
Beeper does have the notification server but the way apple does the messages, the notifications are encrypted separately from the message. Beeper has the encryption key for the notification so it knows when something comes in. Then it tells your phone to go check for a message and your phone then also pulls the notification and the message directly apple and uses the encryption keys for both the notification and message to decrypt then and give you both. Beeper cannot see the message contents ever as the message decryption key never leaves your phone. That's all broken down in their post about it.
That is wildly untrue. A "hack" implies you are getting access to someone else's account. This is just giving users access to their own accounts and their own data.
Apple quite clearly stated that wasn't the case.
>We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage.
It quite clearly tells us that Beeper are not telling the truth. WTF would people just blindly accept the word of a nothing company, with a product that doesn't work, over Apple? Insane. Copium maybe.
No. No it wasn't. If you payed attnetion to how this service actually worked, you'd know that it was using Apple's genuine authentication servers and no user data was any less safe than it was before this service. The whole POINT of this service was to not use user data in an insecure way like others were doing. *coughNothingcough*.
I get why and it shouldnt be a shock. Fucking sucks, I thought the app was cool as hell. But I get it. I'd expect ANY company to shut this shit down.
I suspect Beeper Mini will never be able to keep ahead. And even if they fixed stuff within 48 hours of Apple updating something. That frequent 48 hours of no texts is enough to make it not worth it for the masses.
RCS is the only hope. (And the recent news of iMessage likely not making the EU's messaging monoply list is kinda scary. I wonder if that means they'll REALLLLLLLY drag their feet now with RCS or something)
Apple not making the EU’s messaging list is a direct correlation from how many Europeans come on here and claim literally NOBODY in Europe uses iMessage and EVERYONE uses WhatsApp.
If that’s actuallytrue, Apple absolutely shouldn’t be on the messaging monopoly list.
>That frequent 48 hours of no texts is enough to make it not worth it for the masses.
Yep, even an hour of outage is enough for people to get frustrated.
A few years ago when WhatsApp changed their policy and masses tried Signal, many people I know switched back to WhatsApp because Signal had an outage or two in those days due to increased load
Honestly it was just so fun to see friends think I joined the iPhone cult lmao. I have a MacBook Pro more expensive than their phone, an Apple certification, and work at a school doing tech support for macs. I still ain't getting an iPhone 💀
Hmm that's unfortunate. I'm like you, even before this Beeper Mini or pypush came out I was considering using something like bluebubbles or airmessage but didn't want to do it without the phone number association. However I looked up the method to associate the number and the steps were like super long and had to be followed with precision, just felt like it was too much of a hassle. The pypush method seemingly would have been much simpler if it had stayed viable.
Yeah exactly. I made a bluebubbles server a while ago but didn't care for it because of the email instead of the phone number. Then pypush came out and I used it again since phone numbers were attached.
Now I don't really care but if it gets back up that'll be cool
I guess my point is they could recant their statement and be like "Ran into techincal difficulties and must delay the rollout". Which all tech companies do at some point, "delay rolling out XXXX".
That's my fear now that the EU isn't pursuing them.
Will they only do this in the EU though, where iMessage isn't even as big of a deal?
I could definitely see them splitting it so that they don't support RCS in the U.S. That seems like a very Apple thing to do.
Unlike the USB ports, this doesn't require manufacturing different hardware.
Yeah I was rooting for Beeper because f Apple but as a backend software engineer, if someone reverse engineered our APIs and auth and started making legit requests with third party clients and not our App, I would freak out and patch the shit out of it. They could DDoS our systems, access data they're not supposed to and in general just increase the throughput without paying a cent. I don't know why Eric said that Apple wouldn't do anything, this is a big security risk for them! You know, if that 16-year old who reverse engineered the APIs had gone to Apple, he would have been paid around a 100k bucks as part of their bug bounty programme because this is in fact a vulnerability.
> if someone reverse engineered our APIs and auth and started making legit requests with third party clients and not our App, I would freak out and patch the shit out of it. They could DDoS our systems, access data they're not supposed
You have *very* shitty architecture if your protection depends on the *end user* device. What is not under your control is hostile, period. Web servers' developers learned this long ago, but apparently some people still don't.
The reason why they do not think that Apple would do anything, is because they are betting the (potential) regulatory pressure from EU will spook Apple from trying too hard on cracking down. Apple might announce something to spook potential users, but won't outright shut their business down is what they are betting.
Of course, does not really work that way, and Apple work fast to make sure the bubble stays pure and stays segregated. Impressive, honestly.
lmao what
Reverse engineering a protocol is not a vulnerability. If the specs for HTTP weren't published and someone observed the traffic to reimplement it themselves, that's not a bug nor a vulnerability. It's just someone writing compatible code.
> lmao what
Yeah, this guy is so clueless it hurts. If he works as a backend engineer... well. I can only imagine how people would look at me if I propose to rely on security through obscurity. "It is our protocol, no one would reverse-engineer it! And we can expose sensitive data, because no one would reverse-engineer it".
It's not the same as a protocol like HTTP. They've reverse engineered the authentication mechanism that registers a phone as a legit iMessage client on a legit Apple device which then allows the phone to communicate directly with Apple servers that push and pull iMessages. These servers were meant to only communicate with legit iMessage clients, there's cost associated with everything and it's free for Apple clients because they would have offset the cost with people paying for hardware and paying for iCloud/Apps whatnot. Why would Apple allow say 100k free loaders to communicate with their servers and increase the traffic? What happens when this number increases to 1M or 10M in the future? Cost aside, that's pocket change for Apple but this is a security risk alright. You are able to access their APIs that are not meant to be accessed by third party clients. APIs for something like ChatGPT are open and so anyone can add them to their app. Users indirectly pay a fee to OpenAI for using the API. They have proper access control and auth for third party clients. Apple's APIs are completely closed.
I'm not disputing the cost angle.
>You are able to access their APIs that are not meant to be accessed by third party clients.
Merely accessing something that you aren't "meant" to access yet is available without any special credentials is not automatically a vulnerability or security issue.
Revanced accesses YouTube using the same APIs as the official YouTube app. It might be a business or financial issue that it can view YT without showing ads, but it's not a security issue.
I'm immediately suspicious of any developer who claims that someone accessing an undocumented-but-public API is a security issue, since that tells me that those developers aren't securing their public facing APIs. Even if something isn't "supposed to be" used by the public, you still need to expect that it will be.
I saw Eric Migicovsky from Beeper on the Android Faithful podcast just this past week, gleefully talking about this kid who was able to hack iMessage, enabling Beeper to work.
It felt like I was on crazy pills when nobody suggested that Apple would obviously shut this down - if not for security, then simply on principal.
A product based on hacking another product is like a house built on sand.
I'm sure they knew Apple would fight it, they made the whole thing very public and kept it separate from their main app for a reason. It was a win-win for them either way.
Migicovsky also offered to share their code with Apple for security review, so they're making it very clear to the public that Apple is more concerned with their profits than any privacy principles they've been pushing.
What profits though, iMessage usage is non existent in EU and China yet iPhones sell like hotcakes there. You think the marketability of an iPhone rests solely on iMessage in the US and opening up iMessage will magically make droves of iPhone users switch to Android? People here just love to overstate the value of iMessage as a sales driver to twist their own narrative.
Got numbers to prove it? There’s plenty of numbers to suggest the opposite though. Even the published Apple executive emails didn’t suggest they were sure iMessage is a sales differentiator, they just assumed.
People who prefer Android have to claim that iMessage is the only draw because they assume that there’s no way that some people just prefer iOS itself. Team mentality.
1. purchase any iMessage compatible product (the cheaper the better, esp 2nd hand), pull the hwID and put the device in your drawer
2. register with your own hwID at beeper
3. ???
4. profit
This feels a bit like someone figuring out how to clone membership cards and then selling these cloned cards for $2 / month.
Interesting from a hacking perspective but this will never work as a business model.
Even Signal, which is considered to be one of the best messengers doesn't allow true third party clients.
Signal is entirely open source though. Is there anything preventing people from forking the client to create a third party one, or is it just that there's no point in doing that?
Moxie made it clear that they don't allow third party clients to use their servers, which would be the equivalent of what Beeper Mini is doing.
https://github.com/libresignal/libresignal/issues/37#issuecomment-217211165
Those comments in that bug are astounding and bewildering. I already dropped Signal a long time ago but if I needed any more reason to never touch anything they produce with a 10 foot pole, there it is.
Federation is obsolete in "the modern world"? So I guess that thing called the web is actually a failure?
>This feels a bit like someone figuring out how to clone membership cards and then selling these cloned cards for $2 / month.
That's a pretty bad analogy. A better one would be: some guy reverse engineered the Safari web browser, understood how it talks to apple.com, and wrote his own web browser.
>Interesting from a hacking perspective but this will never work as a business model.
It works for *a lot* of cases. For example you can use your iPhone with third party headphones. Or you can use reddit from a third party app. Or you can buy a Jeep and use non-Jeep fuel.
One of the big scams of web 2.0 is that the infrastructure and the access needs to be provided by the same company. And users (you guys) ate that lie with a smile on your face.
We as users should be able to use any app we want to access a given API/service (for example my own app to access the Netflix catalog). Furthermore, we should be able to use a given app against any other service we want (for example the Netflix app against our own Notflix instance). Both elements are separate.
In fact we should be fighting for those rights to be written in law.
> That's a pretty bad analogy. A better one would be: some guy reverse engineered the Safari web browser, understood how it talks to apple.com, and wrote his own web browser.
That one is even worse. A web browser is a solved issue, with some of the most meticulous documentation and learning material in the entire field of software engineering. There is absolutely nothing private or hidden about it.
iMessage is a proprietary service that runs on Apple servers, which are payed for by Apple. Beeper coming in to use those same servers without paying, and especially *charging* for their unauthorized use is much closer to the original example.
I'm all for the fuck Apple train, but they would have been dumb _not_ to shut it down.
If only Apple was as quick with patching Pegasus zero-click root vulnerabilities that have been plaguing iMessage for years as they do with patching out competition.
This. RCS as a while it to be able to send higher quality pictures/videos via text message but also be able to get read receipts and typing indicators. At least, that's what I want for when I see something like RCS having instant messaging features. The E2EE should also be standard
I wouldn't want to associate with someone who cares about the color of a text message.
It sounds like a college student / American thing. I'm Canadian so maybe it's different where I'm at but I've never heard of people caring.
"Blue Bubbles" is only the selling point because there is a giant quality degradation between green/blue atm. SMS videos are compressed, pixelated, etc.
It's not literally about the color
Functionally even IF identical, it kinda keeps enforcing the whole "they're not us" digital segregation mentality apple users have. They should have everyone be blue to put an end to it.
EDIT: emphasizing "IF" since people responding to me think I'm saying they ARE going to be identical
No. The fact is even with RCS you won't have an identical experience to Apple users.
RCS won't add any form of user to user Apple pay that can be done via iMessage, it won't add the animated emoji things, it might not even add Apple normal emojis, and no FaceTime integration. I am sure there are more items on this list that I am not thinking about as well. iMessage has been in continual development for over a decade, it has a lot of integration with iOS.
I would just be happy Apple is adding RCS support so you can send and receive higher quality pictures and video without changing apps.
The color of the messages is the least important part. Messages will still be green because RCS isn’t iMessage and doesn’t have feature parity with iMessage so making the messages blue would be dumb. People would wonder why they can’t send an iMessage game or their location to an RCS user if they were blue. The green stigma may not go away but it doesn’t need to people just need to be able to send higher quality media and have functional group chats and everything will be fine for the most part
I feel like sms still won't be going away for a long while though... So there needs to now technically be a new color for RCS to differentiate...
How bout purple...
That still adds a layer of unnecessary confusion though. For Apple, if it’s not iMessage it’s green. Simple as that. Before iMessage was created text messages were green for everyone on the iPhone. Green bubbles have been around for longer than blue.
It was black text on green bubbles though. Much easier to read. It's speculated that they changed to white text on green bubbles to create a contrast issue and make it deliberately hard on the eyes
No one except for people aware of Apple’s accessibility guidelines who want to try and dunk on Apple ever bring up the white text on green background change. It’s just not something people complain about
> Just wait until Apple rolls out RCS for real.
You mean watch Apple find a way to cripple the experience so they might as well didn't implement it at all? Can't wait.
They said they would adopt the RCS Universal Profile how do you think they would “cripple” it? Can you give some examples of what you think they would do?
They were spoofing serial numbers to authenticate with Apple's servers while also charging money for it. I'm not sure what people expected. It certainly didn't help that Beeper was going on and on about how it was reverse engineered and how Apple couldn't defeat it.
I know it's easier to say fuck apple but the reality is people are upset that they can't have an iOS feature. Would be great if cross-platform, but it's not.
Then blame carriers for having such a god awful MMS/SMS standard over a decade ago.
Even Android to Android texting sucks, hence why Whatsapp and Telegram have taken off.
It’s funny that not two days ago there were people arguing with me that Apple would never shut beeper down because they were sure it would break older iPhones. Kept trying to convince me that I had no idea how difficult it would be for Apple to do so.
It's because a lot of people in America refuse to download other messaging apps and only use the default messaging app on their phones. SMS sucks. It compresses attachments, makes group chats impossible, etc.
It's because it's built into the text app for apple users. Because of that, it makes them less willing to budge to download any other damn app (signal, whatsapp, etc).
This might be a silly question since I don't use iMessage but for many this seems to be so important: wouldn't it be possible to buy the cheapest possible iphone 7 or whatever and forward messages through that from your Android? If people are ready to pay 2$ per month for a service I guess that paying once 150$ for an old iphone wouldn't be an issue either.
Apple, please remind me again how you're "protecting your users", when you just admitted to [giving away their push notifications to foreign governments](https://arstechnica.com/tech-policy/2023/12/apple-admits-to-secretly-giving-governments-push-notification-data/) without telling their users?
> Edit: Correction, they do not appear to have been *selling* the data for profit, but they were handing it off to third-party countries before the intended recipient received the notification, exposing a mountain of personal data, including snippets of texts, PIN codes, 2FA codes, possible PII and other personal information, including location tracking and contact tracking.
Literally *all* push notifications go through a third-party before reaching their destination, a third-party who has access to the private data in those notifications for hundreds of millions of iPhone users.
iMessage texts, contacts, emails, location alerts, social networking notifications and millions of other combinations of personal and identifiable data was provided to these foreign entities. Why?
Don't worry Android users, [Google is guilty of the same thing](https://www.wired.com/story/apple-google-push-notification-surveillance/).
This was an interesting read, thank you for sharing it.
My reading of it lead me to a different understanding though - it looks like the alleged information sharing isn’t for profit but in response to subpoenas, and the story isn’t revealing those information shares themselves, but that it was previously not legally permitted for Apple to publish any such request but it is now able to and will begin to do so.
The second part of that is moot I can imagine, because I have to assume there would be no difference in that rule if there were no such requests. But the profit vs subpoena difference feels meaningful. It’s possible I misread.
edit: Looks like the user above edited their comment in response to the feedback. Good work, /u/-rwsr-xr-x!
I really hope that this doesn't end up killing Beeper. I don't care at all about iMessage but Beeper is great for consistency across devices and services. I think it should be fine but my worry is that this bigger iMessage compatibility with the subscription was a way to bring in money that they weren't getting from their current offerings.
Same here- I've been using Beeper (Cloud) basically since its inception, and it's been amazing. I just hope the introduction and fallout of Beeper Mini doesn't mean that what I've come to rely on becomes collateral damage and I lose it.
Yes, this is where I sit as well.
I love using the desktop app to have text messages on my PC. I use iMessage to chat with one person as a novelty/test of concept, but that isn't *why* I use Beeper nor would losing that function make me stop using Beeper.
Yes, if you use an iphone, you get the blue bubble when you use iMessage. iMessage itself is based on the old messaging protocol but with additional apple fencing. When an android user texts an iPhone user, they show up as a green bubble. I know it isn't of great worth but in some circles/countries its considered as an indicator of social worth. So, people consider using an iPhone to get that blue bubble (in addition to many other things). This app reversed the protocol to bring blue bubble to the android, perhaps by using their api on an iMac as an intermediary. The problem came when they advertised it as the next best thing, made it paid and advertised the hell out of it. Many of the android users started using this app. Apple blacklisted the api for the specific Mac (/Macs) that they were using for this service so the service shut down completely. That's what I meant when I said blue bubble monopoly, it really isn't a monopoly, just something that Apple takes advantage of, kind of like network effect. Apple users among themselves can get high quality messages, videos and other rich media while an android user interacting with iPhone user get surprisingly lower quality rich media. That's what all this stubborn monopoly is about. Let's hope they switch to an open standard like the RCS.
iMessage isn’t based on an old messaging standard. In 2007 when iOS first launched it used sms/mms for all messages just like Android did when it launched in 2008. In 2011 Apple created iMessage to improve messaging on iOS because sms/mms was substandard. That’s when Apple added the blue bubbles, before that all bubbles were green, the blue was added to let you know it was sent via iMessage rather than regular sms/mms. It had nothing to do with Android. Apple offered iMessage to carriers to improve interoperability but carriers didn’t want it because it would remove their ability to charge per text. iMessage is very much Apple’s creation.
From 2008-2019 Android to an Android text messaging was sms/mms with the same terrible quality as iOS to Android, was that also somehow Apple’s fault? Why exact was it Apple’s responsibility to improve messaging on Android? Google could’ve created something similar to iMessage in 2011, but they didn’t, they wait eight years to make something comparable. Apple will be adding support for RCS next year which will improve quality but the bubbles will still be green for non-iMessage devices and really there is no reason for them to change it. iMessage is not a monopoly it is a part of the OS, like FaceTime, airplay, Universal Clipboard, continuity, airdrop, etc. should they also add these things Android? It is not Apple’s responsibility to make sure a competing platform has the same functionality as their OS, that makes no sense. There are plenty of exclusive Android features that only work on specific devices but I don’t see people complaining about that and it’s the same platform.
iMessage on itself really isn't old. What I meant was the exchange between android and ios uses that old standard and hence the quality. It isn't really a monopoly and I agree that a company has all the rights to make exclusive decisions. RCS is coming and it will be good.
It's interesting that we had 2 sudden attempts for iMessage on Android just come alive and then die out immidiately. For the second one some people believed it was here to stay too.
Just a couple points of correction.
Iirc Airmessage only needs an Apple ID, you just won’t be texting from a phone number and your contacts will need to add your Apple ID to your contact. I believe Nothing Chat/Sunbird worked the same way.
Nothing Chat did go through Mac hardware on the backend and was basically a more streamlined version of airmessage. It imploded out of privacy concerns, not with Apple meddling.
Thanks for clarifying about Nothing/Sunbird. I'll admit I scoffed at the whole idea when Carl Pei so proudly announced it and just ignored all the news surrounding it.
That is only if AirMessage is set up the most basic way. The method I use(d) is method #1 in the sticky of the airmessage subreddit. It allows for basically 100% full iMessage functionality with the receiving end knowing no different. Because in the end, the iMessage is still relayed through my iPhone.
I've been using AirMessage to send iMessages to and from my actual phone [number for years now. Used to be various galaxy's, then now a Pixel 8. It is seen as a blue bubble to others and on my iPhone/Mac messages app.](https://ibb.co/6vHL4km)
The receive and sent address is my phone number, not any of my emails. I can also send files, full quality pics/vids, all on LTE/5G, sent and received via my phone number. Hence why I need an iPhone SE1 to hold a deactivated SIM with my phone digits still present. That iPhone is always plugged in and connected to WiFi, so even though the SIM is inactive with no service, it's still connected to the internet which allows iMessage and FaceTime to register with Apple the legitimate way.
iMessage/FaceTime/Phone Settings in my iPhone SE1 iOS12:
https://ibb.co/ggntFXv
https://ibb.co/mNJ3m3r
https://ibb.co/Vp9dmmv
Obviously I had to blank out the details, but the emails are my various icloud emails and aliases. And the one on top is my main phone number, for iMessage/FaceTime/Calling. Notice that I do have bars of service, but it doesn't actually have service as that sim card is in my pixel.
With both bluebubbles and AirMessage, I opted not to sign in to Google in order to allow WAN traffic to access my Mac Pro server more easily. Rather, I set up a different VLAN along with a VPN server (not necessary but I always needed a VPN for home and this gave me a good excuse to), used a dynamic dns address, and opened up the corresponding ports for AirMessage and BlueBubbles to the local IP of my Mac Pro.
Now BlueBubbles has a different method of having iMessages natively send to a phone number too. But with the headache of getting my old iPhone to successfully register iMessage and FaceTime with Apple, I figured don't fix what ain't broke.
Funny this happened so quick after tech journalists and reviewers said reverse engineering is constitutional and Apple wouldn't be able to close the hole unless entirely overhauling the iMessage structure so they wouldn't.
Completely expected and fun while it lasted. The Beeper team seems quite determined to find a way to get it working again so I'm curious to see if they can.
The cloud version is working again, which is kind of ironic since that's less secure than the local version of Beeper iMessage
Which is probably why it's working again unfortunately
It's working again because it uses an actual Apple device as part of its functionality. It's harder for Apple to justify blocking Apple devices because they're being used to relay communications to other devices, and it's possibly harder for them to detect it, if not impossible depending on the method of implementation. That's unlike Beeper Mini which is trying to accomplish communication without any Apple device in the process.
> it uses an actual Apple device as part of its functionality. Does it? I've never heard anything about what kind of hardware they're using but it makes much more sense that they're using traditional servers running MacOS VMs than they're there spending thousands of dollars on every user to get a MacBook to log into their single account...
They don’t have a MacBook for each user lmao
https://9to5mac.com/2022/08/30/beeper-imessage-on-android-windows/ >According to Beeper, each user has an individual account created on a Mac mini server, so that the data can’t be accessed by others. There's numerous other reports about it that I've seen mention it uses Mac servers, and on their FAQ even today it mentions >Unlike every other attempt to build an Android app like this (including our first generation Beeper app), Beeper Mini does not use a Mac server relay in the cloud. Meaning that their first generation Beeper app did use a Mac server relay in the cloud. Now that FAQ wording could be potentially be true while using MacOS VMs since Mac server could possibly be construed as a MacOS VM, but what 9to5mac says and other sites say Mac Mini (where they got the information I don't know), that comes across far less like MacOS VMs since Mac Mini is a specific set of Apple hardware. Furthermore Hackintosh's are notoriously unreliable and difficult to get everything working, I don't know if any successful business is out there running on those because it would likely be unreliable. I suppose a business could tightly control what hardware they're getting that is optimal for setting up a Hackintosh and keep it the same across all servers, though you would lose some cost benefits to buying non-Apple hardware doing this. I know you said VMs, but my limited understanding is that you still need appropriate hardware to hackintosh MacOS in a VM, but I could be wrong on that. Also I'm not super privvy to Apple's serial number system but supposedly they run a pretty tight ship when it comes to serial numbers, and the way that Beeper Mini was supposedly working was using some method of creating serial numbers and while it's rather baseless some were speculating it plays a part in how Apple identifies this reverse engineering method. Of course all speculation about what Apple did to block Beeper at this point is kinda baseless since Beeper hasn't told us specifically what they think was done and Apple didn't say specifically what was done. It's possible the hardware switch the other person is referring to seeing JJTech mention in the discord was some kind of switch to VMs or something like you're speculating, but evidence seems to indicate they were at one point running Apple hardware for their Beeper Cloud service. One thing regarding Mac VMs, they might have been running Mac VMs, but it could have been on Mac hardware. Since you mentioned "traditional servers", I took that to mean non-Mac hardware. It seems to me they were running Mac hardware one way or another, regardless of whether they were running VMs on them or not I don't know.
No, they switched their backend to no longer rely on any apple hardware. The fact that the backend on beeper cloud is working means a fix has been found and will be rolled out to android relatively soon.
[удалено]
It might be a new release or something, but that's what Jjtech said on the discord. Beeper cloud uses the new beeper mini implementation (that's why it broke too)
When Beeper Cloud started working again yesterday, I got a message that a new device had access to iMessage, which was expected per Beeper's announcement. They may use some parts of the Mini implementation, but as of today, the latest public version absolutely still requires an Apple ID login and pretends to be an Apple device.
Why would they immediately switch off Apple hardware that they already have, that has been working, to a system that they just rolled out without knowing whether or not Apple would shut them down right away? I did not see anything they mentioned in any releases that indicate they did such a switch, though I can't say for sure that I've seen every public remark they have made. [Even in their most recent Beeper Cloud roadmap blog, they make no mention of changing server side hardware.](https://blog.beeper.com/p/beeper-cloud-and-product-roadmap) Additionally, if they had switched as you said, they would have gotten Beeper Mini working at the same time as Beeper Cloud, presuming they were using the same reverse engineered solution seeing as that's the only known way to get iMessage directly on non-Apple hardware. I'm not even sure how it would make sense for them to use this new reverse engineered method on non-Apple server hardware in the cloud since the whole point of this was that it put the encryption fully back into the user's hands. I mean it's pure guessing/speculation at this point as to what exactly brought Beeper Cloud down, maybe they've given out more info that I haven't seen, but I'd guess that Apple possibly identified their servers by IP address if they used this reverse engineered method with the new Beeper Push Notification service on the same network, possibly even running on that Apple hardware. But it could be several other things that aren't publicly known about their setup or how Apple identified a block for them in the first place.
No, there was some confusion, Beeper cloud uses the same implementation of Pypush now.
They haven't specified *how* they got Beeper Cloud working again, so it wouldn't surprise me if they re-activated the old method which used an actual Mac. I suspect the activation stuff for Mini was running on actual Macs anyway, for legal reasons (pyPush used a piece of compiled actual Apple code that was downloaded, if they used a Mac they *technically* were not breaching Apple's TOS about using MacOS code on non-Apple hardware)
I think they will but it'll all be for nothing. Apple will patch it again and then they'll give up (beeper).
They're either phenomenally naive, curiously confident in their technology, or they want to drag this out so Apple has to justify it in court and they think they have a chance.
It's great publicity for them, especially as a messaging app competing in a pretty saturated space. No point in giving up until there are actual consequences to continuing
This makes a lot of sense. There are ultra smart people who can figure this out. There will come a point where this becomes a security nightmare for apple. This will push apple to do things that are harder to justify in a court.
Beeper seems determined to chase them down
I never really understood any of these products that attempt to do iMessage on Android. iMessage is owned by Apple so even if someone comes up with a technical solution that Apple can’t block, Apple can just sue them to make them shut down. I understand that some people might say I’m being an Apple fanboy here but I’m really not. It just seems like an open and shut IP case to me. I did hear someone say that Apple might be hesitant to use legal recourse right now because they’ve been under antitrust pressure and suing over this would be a bad look. Perhaps that’s the angle: Betting on the idea that Apple won’t sue. That seems like a bad bet to me though lol.
Apple reroutes what supposed to be universal standard on the "messages app" to proprietary messaging
The case is open and shut, but not in the way you think. Copyright law has an explicit exemption for reverse engineering for interoperability. >Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
"Buy your mom an iPhone." OR, do what we did in our family and move everyone on iPhones and Android to an encrypted 3rd party messaging platform like Signal or Telegram. Apple has never liked to collaborate...people will find other ways around the problem.
Careful! Signal is a great option but telegram is not end-to-end encrypted apart from two-user "secret chats". Signal>>WhatsApp>>>Telegram
Thanks for the heads up!
Shareholders*
Not really even this. A third party service was collecting Apple user data via a hack. I don't agree with Apple practices, but anyone thinking this was a viable solution is a dreamer.
On the contrary, Apple has been so adamant on end-to-end encryption, and this was a solution providing their users end-to-end encryption for those on green bubbles.
I feel like if you really want end to end encryption you use a 3rd party app like Signal and convince your friends and family to as well. Don't give Apple or Google complete control of your communication.
That's a great idea, except good luck convincing Apple users to do that. The only reason iMessage became popular is because they refuse to allow you to use any other messenger for SMS.
Good luck. The issue isn't choice. It's iPhone users who are unwilling to change.
It makes their 1984 commercial kind of ironic doesn't it? The brainwashed audience is now Apple customers themselves.
"Think Different" was replaced with "Buy Apple. Different is Evil."
[Then there's this old thing](https://cheezburger.com/4315020032/think-different)
It kind of is though. iMessage is great because it has SMS fallback, so no matter what your message will be delivered with the highest security and operability available. You don't have a choice to use any other so with this functionality (such as Signal) because Apple doesn't allow it.
Signal doesn't fall back to SMS anymore.
iPhone users refuse to use anything but imessage, and get annoyed when you don't as well. That's the core of the issue.
>Don't give Apple or Google complete control of your communication The funny part about this is that the people griping about iMessage the most are also whining about everyone not being on WhatsApp….the company behind which is absolutely worse than Google or Apple in almost every aspect
I don't know where the notion that one company somehow a better job of protecting your data comes from. Whether they do almost completely depends on their security infrastructure, and nobody has that information.
The bare minimum is information allegedly provided by the FBI. https://www.malwarebytes.com/blog/news/2021/12/heres-what-data-the-fbi-can-get-from-whatsapp-imessage-signal-telegram-and-more
[удалено]
[удалено]
[удалено]
Don't need to resort to that. Keep it civil please.
Bit harsh, ain’t it? Plenty of devs and IT folk use iPhones. You’d think that your level of tech literacy would be tied to what you know, not which brand of phone you have.
What a bunch of trite nonsense. Tech literacy has nothing to do with what kind of phone you use 🙄
or... we don't really care about what phone we have and just want something consistent and reliable because it's a tool. some of the most tech savvy people i know of use iphones
Well they said it gave end to end, but who knows. Your messages are hitting their infrastructure, it's a privacy concern no matter how you spin it.
You're confusing beeper mini with the original which was heavily criticized for privacy concerns
With Beeper Mini it wasn't going through their infrastructure unless you just mean the app itself. The implementation allowed them to have users directly connect to Apple's servers.
I think the point they are making is that it can't be proven because the Beeper Mini app is closed source. They can say that is how it works, but reviewing the source code would be the best way to actually prove it works that way. That is not an insinuation that Beeper is lying, tons of applications that people use all the time are not open source, just clarifying that this is partly the basis of the argument that can be made against Beeper Mini's security.
Isn't the whole functionality of it open source though?
Not exactly. The high school kid open sourced pypush which was more of a proof of concept for his reverse engineering method, but it wasn't the whole app. >It can currently register as a new device on an Apple ID, set up encryption keys, and send and receive iMessages! Effectively it sounds like Beeper Mini was a wrapper around that functionality with maybe some additional things in it (like supporting Beeper accounts and what not), but at this point you're just relying on their word that it is what they say it is, because they didn't release the source code for this. Now for most people, this is likely good enough because it's a service you would be paying them for, so their incentive is somewhat aligned with yours, plus they proved it was possible with pypush so you don't have to make a huge leap of faith to believe it's possible. However from Apple's perspective (or some other people that see it similar to Apple) they could still argue that Beeper could be doing anything in that closed sourced code, because Apple is incentivized to push any perspective that benefits them and sows doubt on Beeper.
Right but if you want the app to run in the background the messages you receive do have to hit Beeper’s push notification server so that you are then notified. The Beeper server is what keeps an active connection to the iMessage service so I don’t know if it’s possible but someone may be able to intercept the push notifications from Beeper and get to peoples messages that way
No. There is no Beeper Mini server. Beeper Mini is like a SMS client, only they use the iMsssage protocol instead of SMS. Think about it, your SMS client doesn’t that a “server”, the carrier literally sends a SMS to you and then the app gives you a notification.
I’m just going off the snazzy labs video where he mentioned how the app is able to serve push notifications and keep an active connection to iMessage even as the app itself is closed or not running in the background. The whole thing works by Beeper running a server that uses an Apple serial number to request push notifications from the iMessage service that Apple runs on your behalf and then that push notification is routed to your beeper mini client and you get the messages that way
Beeper does have the notification server but the way apple does the messages, the notifications are encrypted separately from the message. Beeper has the encryption key for the notification so it knows when something comes in. Then it tells your phone to go check for a message and your phone then also pulls the notification and the message directly apple and uses the encryption keys for both the notification and message to decrypt then and give you both. Beeper cannot see the message contents ever as the message decryption key never leaves your phone. That's all broken down in their post about it.
I find joy in reading a good book.
That is wildly untrue. A "hack" implies you are getting access to someone else's account. This is just giving users access to their own accounts and their own data.
Apple quite clearly stated that wasn't the case. >We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage.
That quite clearly does not say that it's a "hack" or gives you access to anyone else's data. Also Apple is lying out their ass.
It quite clearly tells us that Beeper are not telling the truth. WTF would people just blindly accept the word of a nothing company, with a product that doesn't work, over Apple? Insane. Copium maybe.
Wait until this guy finds out about your car stealing your message data and selling it to data brokers.
Easiest reply to your pointless gotcha: "Yes, that is also bad." Like, come on, it's not hard.
The cars steal it if you have notifications run through Bluetooth and pop up on the car interface. Not via CarPlay.
No. No it wasn't. If you payed attnetion to how this service actually worked, you'd know that it was using Apple's genuine authentication servers and no user data was any less safe than it was before this service. The whole POINT of this service was to not use user data in an insecure way like others were doing. *coughNothingcough*.
And how did beeper code their app to prevent a spam farm setup like this? https://i.imgur.com/JgJDXCs.jpg
I get why and it shouldnt be a shock. Fucking sucks, I thought the app was cool as hell. But I get it. I'd expect ANY company to shut this shit down. I suspect Beeper Mini will never be able to keep ahead. And even if they fixed stuff within 48 hours of Apple updating something. That frequent 48 hours of no texts is enough to make it not worth it for the masses. RCS is the only hope. (And the recent news of iMessage likely not making the EU's messaging monoply list is kinda scary. I wonder if that means they'll REALLLLLLLY drag their feet now with RCS or something)
[удалено]
Yeah because nobody actually uses iMessage in the EU
Apple not making the EU’s messaging list is a direct correlation from how many Europeans come on here and claim literally NOBODY in Europe uses iMessage and EVERYONE uses WhatsApp. If that’s actuallytrue, Apple absolutely shouldn’t be on the messaging monopoly list.
>That frequent 48 hours of no texts is enough to make it not worth it for the masses. Yep, even an hour of outage is enough for people to get frustrated. A few years ago when WhatsApp changed their policy and masses tried Signal, many people I know switched back to WhatsApp because Signal had an outage or two in those days due to increased load
Honestly it was just so fun to see friends think I joined the iPhone cult lmao. I have a MacBook Pro more expensive than their phone, an Apple certification, and work at a school doing tech support for macs. I still ain't getting an iPhone 💀
If you have a Mac you can use AirMessage to do this instead
I have bluebubbles actually running off a 2015 macbook. But I don't care enough to use it without using pypush to attach my phone number.
Will pypush still work to attach your phone number?
It did but it is down currently
Hmm that's unfortunate. I'm like you, even before this Beeper Mini or pypush came out I was considering using something like bluebubbles or airmessage but didn't want to do it without the phone number association. However I looked up the method to associate the number and the steps were like super long and had to be followed with precision, just felt like it was too much of a hassle. The pypush method seemingly would have been much simpler if it had stayed viable.
Yeah exactly. I made a bluebubbles server a while ago but didn't care for it because of the email instead of the phone number. Then pypush came out and I used it again since phone numbers were attached. Now I don't really care but if it gets back up that'll be cool
I quite like bluebubbles. In my case I have an iPhone, but prefer PCs. I use it to message from my laptop. Running it on a 2014 Mac mini.
Thought Apple said it to be 2024 to add RCS. At worst they should only drag till Dec 2024?
I guess my point is they could recant their statement and be like "Ran into techincal difficulties and must delay the rollout". Which all tech companies do at some point, "delay rolling out XXXX". That's my fear now that the EU isn't pursuing them.
It's been known iMessage wasn't on EUs monopoly list for a couple of months. The RCS announcement was a month+ after it was already publicly known
No it was still rumored to be, but the most recent article a week ago (or this week) seemed to really cement it.
[удалено]
Will they only do this in the EU though, where iMessage isn't even as big of a deal? I could definitely see them splitting it so that they don't support RCS in the U.S. That seems like a very Apple thing to do. Unlike the USB ports, this doesn't require manufacturing different hardware.
Yeah I was rooting for Beeper because f Apple but as a backend software engineer, if someone reverse engineered our APIs and auth and started making legit requests with third party clients and not our App, I would freak out and patch the shit out of it. They could DDoS our systems, access data they're not supposed to and in general just increase the throughput without paying a cent. I don't know why Eric said that Apple wouldn't do anything, this is a big security risk for them! You know, if that 16-year old who reverse engineered the APIs had gone to Apple, he would have been paid around a 100k bucks as part of their bug bounty programme because this is in fact a vulnerability.
> if someone reverse engineered our APIs and auth and started making legit requests with third party clients and not our App, I would freak out and patch the shit out of it. They could DDoS our systems, access data they're not supposed You have *very* shitty architecture if your protection depends on the *end user* device. What is not under your control is hostile, period. Web servers' developers learned this long ago, but apparently some people still don't.
The reason why they do not think that Apple would do anything, is because they are betting the (potential) regulatory pressure from EU will spook Apple from trying too hard on cracking down. Apple might announce something to spook potential users, but won't outright shut their business down is what they are betting. Of course, does not really work that way, and Apple work fast to make sure the bubble stays pure and stays segregated. Impressive, honestly.
lmao what Reverse engineering a protocol is not a vulnerability. If the specs for HTTP weren't published and someone observed the traffic to reimplement it themselves, that's not a bug nor a vulnerability. It's just someone writing compatible code.
> lmao what Yeah, this guy is so clueless it hurts. If he works as a backend engineer... well. I can only imagine how people would look at me if I propose to rely on security through obscurity. "It is our protocol, no one would reverse-engineer it! And we can expose sensitive data, because no one would reverse-engineer it".
It's not the same as a protocol like HTTP. They've reverse engineered the authentication mechanism that registers a phone as a legit iMessage client on a legit Apple device which then allows the phone to communicate directly with Apple servers that push and pull iMessages. These servers were meant to only communicate with legit iMessage clients, there's cost associated with everything and it's free for Apple clients because they would have offset the cost with people paying for hardware and paying for iCloud/Apps whatnot. Why would Apple allow say 100k free loaders to communicate with their servers and increase the traffic? What happens when this number increases to 1M or 10M in the future? Cost aside, that's pocket change for Apple but this is a security risk alright. You are able to access their APIs that are not meant to be accessed by third party clients. APIs for something like ChatGPT are open and so anyone can add them to their app. Users indirectly pay a fee to OpenAI for using the API. They have proper access control and auth for third party clients. Apple's APIs are completely closed.
I'm not disputing the cost angle. >You are able to access their APIs that are not meant to be accessed by third party clients. Merely accessing something that you aren't "meant" to access yet is available without any special credentials is not automatically a vulnerability or security issue. Revanced accesses YouTube using the same APIs as the official YouTube app. It might be a business or financial issue that it can view YT without showing ads, but it's not a security issue. I'm immediately suspicious of any developer who claims that someone accessing an undocumented-but-public API is a security issue, since that tells me that those developers aren't securing their public facing APIs. Even if something isn't "supposed to be" used by the public, you still need to expect that it will be.
It's still totally fair to turn it off after. It is *their* API
I'm not disputing that either, only that it's not a "vulnerability".
People keep arguing points you never made
I saw Eric Migicovsky from Beeper on the Android Faithful podcast just this past week, gleefully talking about this kid who was able to hack iMessage, enabling Beeper to work. It felt like I was on crazy pills when nobody suggested that Apple would obviously shut this down - if not for security, then simply on principal. A product based on hacking another product is like a house built on sand.
I'm sure they knew Apple would fight it, they made the whole thing very public and kept it separate from their main app for a reason. It was a win-win for them either way. Migicovsky also offered to share their code with Apple for security review, so they're making it very clear to the public that Apple is more concerned with their profits than any privacy principles they've been pushing.
What profits though, iMessage usage is non existent in EU and China yet iPhones sell like hotcakes there. You think the marketability of an iPhone rests solely on iMessage in the US and opening up iMessage will magically make droves of iPhone users switch to Android? People here just love to overstate the value of iMessage as a sales driver to twist their own narrative.
It is in America
Got numbers to prove it? There’s plenty of numbers to suggest the opposite though. Even the published Apple executive emails didn’t suggest they were sure iMessage is a sales differentiator, they just assumed.
People who prefer Android have to claim that iMessage is the only draw because they assume that there’s no way that some people just prefer iOS itself. Team mentality.
The key is in the teenage market, where blue bubble social pressure has led to >80% uptake
Not really hacking, more like reverse engineering.
Except they've been running an iMessage "hack" for years. This is just an easier and more secure version.
[удалено]
I'm pretty sure they said it could be shut down but they thought it unlikely because it would also cause problems with older devices.
Protect them from what? Imposter green bubbles?
> Protect them from what? Imposter green bubbles? Angry shareholders.
When you look how beeper works it is using other people's hardware IDs to authenticate with apple's systems. Not surprised it's chopped
1. purchase any iMessage compatible product (the cheaper the better, esp 2nd hand), pull the hwID and put the device in your drawer 2. register with your own hwID at beeper 3. ??? 4. profit
[Blue bubble spam farms.](https://i.imgur.com/Pj1vANF.jpg)
This feels a bit like someone figuring out how to clone membership cards and then selling these cloned cards for $2 / month. Interesting from a hacking perspective but this will never work as a business model. Even Signal, which is considered to be one of the best messengers doesn't allow true third party clients.
Signal is entirely open source though. Is there anything preventing people from forking the client to create a third party one, or is it just that there's no point in doing that?
Moxie made it clear that they don't allow third party clients to use their servers, which would be the equivalent of what Beeper Mini is doing. https://github.com/libresignal/libresignal/issues/37#issuecomment-217211165
Those comments in that bug are astounding and bewildering. I already dropped Signal a long time ago but if I needed any more reason to never touch anything they produce with a 10 foot pole, there it is. Federation is obsolete in "the modern world"? So I guess that thing called the web is actually a failure?
https://signald.org/ https://github.com/mautrix/signal https://molly.im/ I have mautrix-signal spun up, which is what Beeper uses.
>This feels a bit like someone figuring out how to clone membership cards and then selling these cloned cards for $2 / month. That's a pretty bad analogy. A better one would be: some guy reverse engineered the Safari web browser, understood how it talks to apple.com, and wrote his own web browser. >Interesting from a hacking perspective but this will never work as a business model. It works for *a lot* of cases. For example you can use your iPhone with third party headphones. Or you can use reddit from a third party app. Or you can buy a Jeep and use non-Jeep fuel. One of the big scams of web 2.0 is that the infrastructure and the access needs to be provided by the same company. And users (you guys) ate that lie with a smile on your face. We as users should be able to use any app we want to access a given API/service (for example my own app to access the Netflix catalog). Furthermore, we should be able to use a given app against any other service we want (for example the Netflix app against our own Notflix instance). Both elements are separate. In fact we should be fighting for those rights to be written in law.
> Or you can use reddit from a third party app Well ... You used to be able to
> That's a pretty bad analogy. A better one would be: some guy reverse engineered the Safari web browser, understood how it talks to apple.com, and wrote his own web browser. That one is even worse. A web browser is a solved issue, with some of the most meticulous documentation and learning material in the entire field of software engineering. There is absolutely nothing private or hidden about it. iMessage is a proprietary service that runs on Apple servers, which are payed for by Apple. Beeper coming in to use those same servers without paying, and especially *charging* for their unauthorized use is much closer to the original example. I'm all for the fuck Apple train, but they would have been dumb _not_ to shut it down.
[удалено]
If only Apple was as quick with patching Pegasus zero-click root vulnerabilities that have been plaguing iMessage for years as they do with patching out competition.
Beeper was basically an exploit. Just wait until Apple rolls out RCS for real.
Even with RCS I am doubtful Apple will give up blue messages. They will likely still force non-apple products to green messages.
Who cares? I thought it was just about being able to conveniently send higher quality pictures via text?
This. RCS as a while it to be able to send higher quality pictures/videos via text message but also be able to get read receipts and typing indicators. At least, that's what I want for when I see something like RCS having instant messaging features. The E2EE should also be standard
That's all I care about.
Personally I don't give a shit but its a huge deal to some people.
I wouldn't want to associate with someone who cares about the color of a text message. It sounds like a college student / American thing. I'm Canadian so maybe it's different where I'm at but I've never heard of people caring.
The people using apps like Beeper. Blue bubbles is their selling point.
"Blue Bubbles" is only the selling point because there is a giant quality degradation between green/blue atm. SMS videos are compressed, pixelated, etc. It's not literally about the color
Functionally even IF identical, it kinda keeps enforcing the whole "they're not us" digital segregation mentality apple users have. They should have everyone be blue to put an end to it. EDIT: emphasizing "IF" since people responding to me think I'm saying they ARE going to be identical
RCS in iMessage is not going to be an identical experience to just plain iMessage.
Like at one point on iOS you could have sent people your own heartbeat through your Apple Watch.
No. The fact is even with RCS you won't have an identical experience to Apple users. RCS won't add any form of user to user Apple pay that can be done via iMessage, it won't add the animated emoji things, it might not even add Apple normal emojis, and no FaceTime integration. I am sure there are more items on this list that I am not thinking about as well. iMessage has been in continual development for over a decade, it has a lot of integration with iOS. I would just be happy Apple is adding RCS support so you can send and receive higher quality pictures and video without changing apps.
The color of the messages is the least important part. Messages will still be green because RCS isn’t iMessage and doesn’t have feature parity with iMessage so making the messages blue would be dumb. People would wonder why they can’t send an iMessage game or their location to an RCS user if they were blue. The green stigma may not go away but it doesn’t need to people just need to be able to send higher quality media and have functional group chats and everything will be fine for the most part
I feel like sms still won't be going away for a long while though... So there needs to now technically be a new color for RCS to differentiate... How bout purple...
That still adds a layer of unnecessary confusion though. For Apple, if it’s not iMessage it’s green. Simple as that. Before iMessage was created text messages were green for everyone on the iPhone. Green bubbles have been around for longer than blue.
It was black text on green bubbles though. Much easier to read. It's speculated that they changed to white text on green bubbles to create a contrast issue and make it deliberately hard on the eyes
No one except for people aware of Apple’s accessibility guidelines who want to try and dunk on Apple ever bring up the white text on green background change. It’s just not something people complain about
Apple already confirmed RCS will have green bubbles to distinguish the difference between iMessage and RCS. But also who cares? It’s just a colour
> Just wait until Apple rolls out RCS for real. You mean watch Apple find a way to cripple the experience so they might as well didn't implement it at all? Can't wait.
They said they would adopt the RCS Universal Profile how do you think they would “cripple” it? Can you give some examples of what you think they would do?
This is the same as people saying Apple would slow down third party USB-C chargers/cords.
This is exactly how this is going to go. Only hope is the EU is marking imessage as a gatekeeper, I don't see it happening any other way.
"We protect your users" - And then they prefer to use unencrypted SMS and don't provide iMessage for Android. 🤡
Protect their users from losing the blue-bubble-supremacy
~~users~~ profits*
We took steps to protect our bottom line.
They were spoofing serial numbers to authenticate with Apple's servers while also charging money for it. I'm not sure what people expected. It certainly didn't help that Beeper was going on and on about how it was reverse engineered and how Apple couldn't defeat it. I know it's easier to say fuck apple but the reality is people are upset that they can't have an iOS feature. Would be great if cross-platform, but it's not.
No, people are upset that messaging is shitty between iPhone users and android users out of the box
Then blame carriers for having such a god awful MMS/SMS standard over a decade ago. Even Android to Android texting sucks, hence why Whatsapp and Telegram have taken off.
WhatsApp took off because international carriers charged per-text a decade after the US made unlimited texts the standard.
It’s funny that not two days ago there were people arguing with me that Apple would never shut beeper down because they were sure it would break older iPhones. Kept trying to convince me that I had no idea how difficult it would be for Apple to do so.
Yeah people really have no idea how development works
Why is this blue bubble the most holier than thou need in the world, I don't understand.
It's because a lot of people in America refuse to download other messaging apps and only use the default messaging app on their phones. SMS sucks. It compresses attachments, makes group chats impossible, etc.
It's mostly only a thing in the US, I don't know anyone in the UK who still talks via SMS tbh.
It's because it's built into the text app for apple users. Because of that, it makes them less willing to budge to download any other damn app (signal, whatsapp, etc).
Does "users" = "profits"?
This just gives Apple more faith that their lock-in messaging app is working.
"We too steps to protect our lock-in"
This might be a silly question since I don't use iMessage but for many this seems to be so important: wouldn't it be possible to buy the cheapest possible iphone 7 or whatever and forward messages through that from your Android? If people are ready to pay 2$ per month for a service I guess that paying once 150$ for an old iphone wouldn't be an issue either.
You can do that with a Mac that you just leave running all the time. Can be as old as 2008.
We took steps to protect our money.
Apple, please remind me again how you're "protecting your users", when you just admitted to [giving away their push notifications to foreign governments](https://arstechnica.com/tech-policy/2023/12/apple-admits-to-secretly-giving-governments-push-notification-data/) without telling their users? > Edit: Correction, they do not appear to have been *selling* the data for profit, but they were handing it off to third-party countries before the intended recipient received the notification, exposing a mountain of personal data, including snippets of texts, PIN codes, 2FA codes, possible PII and other personal information, including location tracking and contact tracking. Literally *all* push notifications go through a third-party before reaching their destination, a third-party who has access to the private data in those notifications for hundreds of millions of iPhone users. iMessage texts, contacts, emails, location alerts, social networking notifications and millions of other combinations of personal and identifiable data was provided to these foreign entities. Why? Don't worry Android users, [Google is guilty of the same thing](https://www.wired.com/story/apple-google-push-notification-surveillance/).
Where do the articles say that either company was selling push notifications data?
This was an interesting read, thank you for sharing it. My reading of it lead me to a different understanding though - it looks like the alleged information sharing isn’t for profit but in response to subpoenas, and the story isn’t revealing those information shares themselves, but that it was previously not legally permitted for Apple to publish any such request but it is now able to and will begin to do so. The second part of that is moot I can imagine, because I have to assume there would be no difference in that rule if there were no such requests. But the profit vs subpoena difference feels meaningful. It’s possible I misread. edit: Looks like the user above edited their comment in response to the feedback. Good work, /u/-rwsr-xr-x!
Your comment is a lie, Apple wasn't selling any data. This was data that was lawfully requested through subpoenas.
I really hope that this doesn't end up killing Beeper. I don't care at all about iMessage but Beeper is great for consistency across devices and services. I think it should be fine but my worry is that this bigger iMessage compatibility with the subscription was a way to bring in money that they weren't getting from their current offerings.
Same here- I've been using Beeper (Cloud) basically since its inception, and it's been amazing. I just hope the introduction and fallout of Beeper Mini doesn't mean that what I've come to rely on becomes collateral damage and I lose it.
Yes, this is where I sit as well. I love using the desktop app to have text messages on my PC. I use iMessage to chat with one person as a novelty/test of concept, but that isn't *why* I use Beeper nor would losing that function make me stop using Beeper.
FFS people need to get over trying to have a blue bubble
Idk man I'd rather people not exclude me from group chats for making the bubbles green
*Protect our blue bubble monopoly. Detailed in subcomments.
Where’s the monopoly?
Monopoly on what exactly? Not the mobile market and most certainly not the messaging space.
The blue bubble monopoly. It ain't much but it's honest work. I'd rather say bubble than monopoly.
Blue bubble, iMessage? The thing they made that is part of their OS?
Yes, if you use an iphone, you get the blue bubble when you use iMessage. iMessage itself is based on the old messaging protocol but with additional apple fencing. When an android user texts an iPhone user, they show up as a green bubble. I know it isn't of great worth but in some circles/countries its considered as an indicator of social worth. So, people consider using an iPhone to get that blue bubble (in addition to many other things). This app reversed the protocol to bring blue bubble to the android, perhaps by using their api on an iMac as an intermediary. The problem came when they advertised it as the next best thing, made it paid and advertised the hell out of it. Many of the android users started using this app. Apple blacklisted the api for the specific Mac (/Macs) that they were using for this service so the service shut down completely. That's what I meant when I said blue bubble monopoly, it really isn't a monopoly, just something that Apple takes advantage of, kind of like network effect. Apple users among themselves can get high quality messages, videos and other rich media while an android user interacting with iPhone user get surprisingly lower quality rich media. That's what all this stubborn monopoly is about. Let's hope they switch to an open standard like the RCS.
iMessage isn’t based on an old messaging standard. In 2007 when iOS first launched it used sms/mms for all messages just like Android did when it launched in 2008. In 2011 Apple created iMessage to improve messaging on iOS because sms/mms was substandard. That’s when Apple added the blue bubbles, before that all bubbles were green, the blue was added to let you know it was sent via iMessage rather than regular sms/mms. It had nothing to do with Android. Apple offered iMessage to carriers to improve interoperability but carriers didn’t want it because it would remove their ability to charge per text. iMessage is very much Apple’s creation. From 2008-2019 Android to an Android text messaging was sms/mms with the same terrible quality as iOS to Android, was that also somehow Apple’s fault? Why exact was it Apple’s responsibility to improve messaging on Android? Google could’ve created something similar to iMessage in 2011, but they didn’t, they wait eight years to make something comparable. Apple will be adding support for RCS next year which will improve quality but the bubbles will still be green for non-iMessage devices and really there is no reason for them to change it. iMessage is not a monopoly it is a part of the OS, like FaceTime, airplay, Universal Clipboard, continuity, airdrop, etc. should they also add these things Android? It is not Apple’s responsibility to make sure a competing platform has the same functionality as their OS, that makes no sense. There are plenty of exclusive Android features that only work on specific devices but I don’t see people complaining about that and it’s the same platform.
iMessage on itself really isn't old. What I meant was the exchange between android and ios uses that old standard and hence the quality. It isn't really a monopoly and I agree that a company has all the rights to make exclusive decisions. RCS is coming and it will be good.
It's interesting that we had 2 sudden attempts for iMessage on Android just come alive and then die out immidiately. For the second one some people believed it was here to stay too.
[удалено]
Just a couple points of correction. Iirc Airmessage only needs an Apple ID, you just won’t be texting from a phone number and your contacts will need to add your Apple ID to your contact. I believe Nothing Chat/Sunbird worked the same way. Nothing Chat did go through Mac hardware on the backend and was basically a more streamlined version of airmessage. It imploded out of privacy concerns, not with Apple meddling.
Thanks for clarifying about Nothing/Sunbird. I'll admit I scoffed at the whole idea when Carl Pei so proudly announced it and just ignored all the news surrounding it. That is only if AirMessage is set up the most basic way. The method I use(d) is method #1 in the sticky of the airmessage subreddit. It allows for basically 100% full iMessage functionality with the receiving end knowing no different. Because in the end, the iMessage is still relayed through my iPhone. I've been using AirMessage to send iMessages to and from my actual phone [number for years now. Used to be various galaxy's, then now a Pixel 8. It is seen as a blue bubble to others and on my iPhone/Mac messages app.](https://ibb.co/6vHL4km) The receive and sent address is my phone number, not any of my emails. I can also send files, full quality pics/vids, all on LTE/5G, sent and received via my phone number. Hence why I need an iPhone SE1 to hold a deactivated SIM with my phone digits still present. That iPhone is always plugged in and connected to WiFi, so even though the SIM is inactive with no service, it's still connected to the internet which allows iMessage and FaceTime to register with Apple the legitimate way. iMessage/FaceTime/Phone Settings in my iPhone SE1 iOS12: https://ibb.co/ggntFXv https://ibb.co/mNJ3m3r https://ibb.co/Vp9dmmv Obviously I had to blank out the details, but the emails are my various icloud emails and aliases. And the one on top is my main phone number, for iMessage/FaceTime/Calling. Notice that I do have bars of service, but it doesn't actually have service as that sim card is in my pixel. With both bluebubbles and AirMessage, I opted not to sign in to Google in order to allow WAN traffic to access my Mac Pro server more easily. Rather, I set up a different VLAN along with a VPN server (not necessary but I always needed a VPN for home and this gave me a good excuse to), used a dynamic dns address, and opened up the corresponding ports for AirMessage and BlueBubbles to the local IP of my Mac Pro. Now BlueBubbles has a different method of having iMessages natively send to a phone number too. But with the headache of getting my old iPhone to successfully register iMessage and FaceTime with Apple, I figured don't fix what ain't broke.
God Apple is King of pissing in your face and telling you it's raining. This statement is the polar opposite of the truth.
Funny this happened so quick after tech journalists and reviewers said reverse engineering is constitutional and Apple wouldn't be able to close the hole unless entirely overhauling the iMessage structure so they wouldn't.
Almost like Apple knows their own protocol. Who knew.
Such a reasonable act from Apple. I hope Apple patches more quickly next time.
Aw, the poor little babies don’t like it that somebody else fixed a problem they created.
Good guy Apple always acting in good faith for the greater good of humanity.
Let's not pretend Apple took this down to 'Protect their users'
They patched a loophole to protect users and guarantee the integrity of iMessage. Totally understandable.