Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption

Beeper Mini is an iMessage-for-Android App That Doesn't Require Any Apple Device at All (liliputing.com) 122

An anonymous reader shares a report: Beeper has been offering a unified messaging platform for a few years, allowing users to open a single app to communicate with contacts via SMS, Google Chat, Facebook Messenger, Slack, Discord, WhatsApp, and perhaps most significantly, iMessage. Up until this week though, Android users that wanted to use Beeper to send "blue bubble" messages to iMessage users had their messages routed through a Mac or iOS device. Now Beeper has launched a new app called Beeper Mini that handles everything on-device, no iPhone or Mac bridge required.

Beeper Mini is available now from the Google Play Store, and offers a 7-day free trial. After that, it costs $2 per month to keep using. [...] previously the company had to rely on a Mac-in-the-cloud? The company explains the method it's using in a blog post, but in a nutshell, Beeper says a security researcher has reverse engineered "the iMessage protocol and encryption," so that "all messages are sent and received by Beeper Mini Android app directly to Apple's servers" and "the encryption keys needed to encrypt these messages never leave your phone." That security researcher, by the way, is a high school student that goes by jjtech, who was hired by Beeper after showing the company his code. A proof-of-concept Python script is also available on Github if you'd like to run it to send messages to iMessage from a PC.

This discussion has been archived. No new comments can be posted.

Beeper Mini is an iMessage-for-Android App That Doesn't Require Any Apple Device at All

Comments Filter:
  • by ls671 ( 1122017 ) on Tuesday December 05, 2023 @01:08PM (#64057259) Homepage

    The big question is: Do bubbles have the right color when sending a message to apple devices? /s

    • Re: (Score:2, Insightful)

      It's almost as if.... Apple users are trapped in their own fenced in dimension.
      Why are they trying to change this? Keep them in their place! LOL.

      • It's almost as if.... Apple users are trapped in their own fenced in dimension.

        Oh... "dimension." At first I thought you wrote "dementia". Either way... :-)

        [*cleans glasses*]

    • The big question is: Do bubbles have the right color when sending a message to apple devices? /s

      I think the BIGGER question is...

      Does anyone really give a flying fuck what color someone's bubble is on a chat?

      I have a few friends that use Android...we text all the time.

      About the only problem is, they can't seem to send high quality videos like I can.

      Not even amongst themselves (android only chats)...

      But aside from that, no big deal. If I really want them to see something in high quality video, I just q

      • For some people their tribalism must exist in others to justify their own tribalism. I see it in sports all the time. There is another state university which hates my state university whereas most people in my university simply do not care. But that other university needs a "rivalry" to justify their existence, I guess.
      • by ls671 ( 1122017 )

        I don't want videos in SMS (Short Message Service) !

        Videos in SMS are just links anyway so just send a link. Nobody has my cell phone number and my SMS forwarding service simply ignores videos/images and what not which is perfect for me.

        I have an iphone and only send SMS through my mail to SMS bridge, perfect for me as well.

  • by Anonymous Coward

    I thought iMessage required a valid Apple device guid (which can't be faked because it has to match on the list on Apple's side, and you can't reuse known guids because that'll be easily detectable.)

    • by vux984 ( 928602 )

      So can you get one from obsolete iphone 4 or 5 ? There must be millions dirt cheap...

    • I thought iMessage required a valid Apple device guid (which can't be faked because it has to match on the list on Apple's side, and you can't reuse known guids because that'll be easily detectable.)

      The app contains various keys/values extracted from a Mac that has registered itself with Apple. The example code changes those keys/values from time to time since if "everyone" uses the same values Apple slows the device (as having an excessive usage). As long as only a few individuals were playing with the code that probably worked well enough for experimentation purposes.

      The source code also documents a way to get a private set of values derived from your own Mac (or, presumably, an emulated Mac in

  • FTFA: The company explains the method it’s using in a blog post, but in a nutshell, Beeper says a security researcher has reverse engineered “the iMessage protocol and encryption,” so that “all messages are sent and received by Beeper Mini Android app directly to Apple’s servers” and “the encryption keys needed to encrypt these messages never leave your phone.”

    I'll bet that Apple officially considers that encryption and access a restricted practice of their bu

    • 'reverse engineered encryption' if it's as the article states is pure DMCA violation. I can't imagine Apple allowing this for very long.

      • Comment removed based on user account deletion
        • There's nothing to silence, it's already open source on GitHub. Also they might not even be able to DMCA it because reverse engineering for interoperability is allowed. They could of course improve iDevice detection to make it useless if they care enough.

          • Where exactly is this exemption to reverse engineer *encryption* for interoperability for a software vendor? That does not allow for breaking encryption and hijacking it. Breaking the encryption is the primary issue here, but also the terms of service disallow this as well. To touch imessage you have to agree with the terms of service and beeper either has to agree and be banned from reverse engineering it, or they would be violating a number of other laws including corporate espionage.

            Look forword to an

      • Section 103(f) of the Digital Millennium Copyright Act (DMCA), states that there is no cross-questioning on the legality of reverse engineering and circumvention of protection to achieve interoperability between computer programs.

        Does this not apply, somehow, to what is happening here?

    • Would probably be easier to buy Beeper and rebrand it as iMessage for Android and just keep the $2/user/month. Would definitely be more user friendly, but I don't think Apple cares about that for this particular user set.

    • Considering Apple's track record on unauthorized third party access to their services, anyone who buys this app would do better to just take the same amount of money out in their back yard and light it on fire.

      • well, it's a 7-day free trial and then $2/mo.

        So if Apple starts issuing takedowns, it will cost potential users a maximum of $2. Oh no.

        On the other hand, many people could be paying that $2 to alleviate some engineered pain, while at the same time demonstrating that there is an addressable market for actually fixing this stupid fucking problem.

        • It's not so much that losing $2 is a big deal, it's the time and effort spent setting this up and then explaining to all your iPhone-using contacts that they can text you via the e-mail address associated with your Apple ID (since this hack still does not result in your phone number being registered as iMessage capable). Then Apple kills this, and you've gotta go back and tell all your contacts "uh, never mind, just go back to texting me the way you used to."

          RCS support finally fixes the problem. I'm not

          • 1. it takes like 20 seconds to set up. Seriously.
            2. it actually registers you as a native iMessage device and registers your phone number with iMessage, so you don't have to tell anyone anything - iMessage will automatically "upgrade" you to a "blue bubble"
            3. Should Apple kill it, you de-register your phone number from iMessage the exact same way you would if you switched to an Android phone, and the iMessage service starts sending anything bound for your phone number back through the SMS gateway. This al

  • As an android user I've been using 1) whatsapp and 2) sms/mms since ~2010 which is when I got rid of my blackberry and it's BBM service. I've never had a need to use it. Apparently my chat bubble shows up as white/blue/green? Nobody IRL has ever mentioned this, but also I'm older than 25

    • Clearly you've never tried to send a video in a group chat that involves an iOS user.

      It's a fucking shit show that only Apple can fix, or allow to be fixed via reverse engineering such as what TFA is about.

      • by jjmcwill ( 3739 )

        Clearly you've never tried to send a video in a group chat that involves an iOS user.

        It's a fucking shit show that only Apple can fix, or allow to be fixed via reverse engineering such as what TFA is about.

        This 100%. My brother, wife & daughter use iPhones but I'm on Android. They've tried to send me photos and family videos over SMS/MMS and it's horrible. And they hate it when I say, "Send those to me over FB Messenger" or whatever. They just don't want to be bothered to have to think about it and take alternative actions accordingly.

    • I as an apple user have no clue what phones my friends use. We all communicate on signal, telegram, sms, iMessage, slack, discord, and occasionally a phone call. If I could get everyone to use one method of chat, I'd pick signal.

    • It mostly only matters for large multimedia. You'll see a similar thing happen if you have a group using Google Messages with RCP vs sending stuff to an iPhone from Android.
  • Shall I start a pool on when Apple will do a takedown of this app?
  • by jours ( 663228 ) on Tuesday December 05, 2023 @01:56PM (#64057425)
    Anyone else surprised that iMessage is still using WebObjects? WebObjects makes me nostalgic.
    • > Anyone else surprised that iMessage is still using WebObjects?

      Yeah - I was in Cupertino in '98 talking to some folks about moving an East Coast health system over to WebObjects.

      I couldn't find anyone less interested in WebObjects than Apple (as a whole - some great developers there at the time).

      We had a small prototype of having WO render to XUL in addition to HTML and Carbon and 'streaming' the app to Firefox.

      That would have been neat but it wasn't open source and they were interested in anything else

    • by dgatwood ( 11270 )

      Anyone else surprised that iMessage is still using WebObjects? WebObjects makes me nostalgic.

      Nope. Not even slightly. Unless they have changed it recently, so is their App Store/Music Store/Movie and Video Store/Book Store, and probably their hardware store website as well. That's why there are limits to the number of items that can appear in each subcategory, so new books and apps and music in popular categories are completely impossible to discover unless you specifically search for them by name.

      It wouldn't surprise me if everything Apple does has WO under the hood somewhere, if you dig down f

  • Who cares what color the bubble is isn't worth wasting your time talking to.

    • I just want to stop receiving potato-quality photos, and especially videos, from iPhone users. It's pathetic. Why are they so allergic to anything but iMessage, I don't know.

  • iMessage is universally on all apple phones which in Australia is 50 percent of phones meaning old hopeless people have it installed and can therefore send you high quality images that havenâ(TM)t been downsized or has metadata stripped out. Dealing with iMessage customers is so much easier than dealing with android customers when you want to get them to collect photos
  • Per the POC pypush currently uses the Unicorn CPU emulator and a custom MachO loader to load a framework from an old version of macOS, in order to call some obfuscated functions. i.e. uses proprietary binaries? That won't last... But still great advancement!
    • So, you have to run an old MacOS image in an emulator within your phone? Sounds like a lot of BS to get those green bubbles (or whatever color is the bad one).

      • That's not at all what he wrote. It briefly instantiates a lifted framework from an old OS on an emulated CPU in order to generate various values needed for creating an iMessage endpoint and encryption keyset. Once.

        After you are registered, you have those things and don't need to do it again.

        • I can only hope they start breaking iMessage in new and exciting ways for their own users trying to stamp this out. Something to encourage iPhone users to install a frigging second messaging app.

  • by xpiotr ( 521809 ) on Tuesday December 05, 2023 @02:55PM (#64057599) Homepage
    iMessage uses your dataplan, SMS costs $$$. So Apple indicated this with two different colors, so you know if you are paying for SMS or using data.
    Please educate your friends!

    Verizone [verizon.com].
    "Standard text messaging charge of $0.20/message applies to messages sent and received in the Nationwide Rate and Coverage Area, except for International Text Messages, which cost $0.25/message sent and $0.20/message received, and which do not use messaging bundle allowances, unless you are on a MORE Everything plan"

    Google is more than welcome to try to sell their new "standard" to the 3GPP organ to incorporate into the 6G standard.
    • Wow....I've had Verizon for well over a decade (sometime after Katrina I think)...

      I've pretty much always had unlimited data, text and voice....???

      • All plans are not equal.

        There are many people that are on WiFi a lot, and don't want to pay through the nose for data and messaging they don't use. For a long time I was on the pay-per-GB GoogleFi plan, and I was paying far less for my phone than others.

        Now there are unlimited MVNO plans on the Verizon network that charge the same that GoogleFi did, so we switched up.

        • I've been on Cricket for around 8 years. 4 phones for $100/mo unlimited and that includes taxes, etc. They've never raised prices includes 5G+ on my iPhone 14.

          • Unfortunately, my house is in "challenging terrain" for LTE / 5G service, so I have to stick to a particular network that sited a tower a half-mile down the hill, which I pointed a directional antenna tied to a cell booster or I get no service at home. I either have to pay out the ass for Verizon, or use a Verizon MVNO for cheaper.

            Yay!

    • by Calydor ( 739835 )

      As a European this whole "Pay for SMS received" boggles my mind, and that's from someone who was already in his late teens when SMS started to become a common thing. It was always paid by the sender here, and only the sender. The ability to rack up a bill for someone else should be illegal.

      • More than that, they're potentially billing two different people for the same data bits transiting the network if it's two Verizon subscribers on this shitty plan communicating with each other.

        Fucking greedy cunts. And they wonder why everyone hates telcos.

    • by AmiMoJo ( 196126 )

      It never ceases to amaze me how shitty US cellular plans are. For £5/month I get unlimited SMS messages. Receiving is always free. I get 500 minutes of voice calls included, so never pay for those. Companies aren't allowed to use premium rate numbers for customer services.

      Apple is adding RCS, which isn't a Google standard. It's an open standard. Google did add E2E encryption, but it's optional and uses the open source Signal protocol, if Apple wants to join in.

      RCS uses data.

      Apple has little choi

      • It never ceases to amaze me how shitty US cellular plans are. For £5/month I get unlimited SMS messages. Receiving is always free. I get 500 minutes of voice calls included, so never pay for those.

        AFAIK there are no US cellular plans that charge for SMS at all. It's included in the plan, and unlimited. Same with voice minutes. Maybe some prepaid services have limits? I just spent a few minutes searching and couldn't find even a dirt cheap prepaid plan that limited texts or voice minutes. For most of them you have to dig into the details to find any information about SMS or voice minutes at all; they don't bother advertising because everyone has unlimited.

        Many US carriers do charge for data, and it'

        • by AmiMoJo ( 196126 )

          So what is xpiotr talking about? They seem to be quoting a website.

          • This key info is at the bottom of the wall of text on that page: "© 2014 Verizon Wireless"

            xpiotr managed to dig around in searches to find an ancient support page that references plans that you can no longer get.

            • by AmiMoJo ( 196126 )

              Ah, that explains it, and is also quite damning of the quality of moderation around here.

          • That would be the price if you could manage to find a plan without unlimited texting included. I'd guess some old, grandfathered-in ultra cheap plans?

    • How long did it take you to find a support page from 2014 that references plans Verizon no longer offers?

  • Is this a "report" or an ad? It's an add/shameless promotion. The last thing I want is for more interconnectedness between these platforms. This is not an app for anyone who needs to regularly ghost people.
  • How many days do you think it will take before Apple releases point releases that renders the Beeper hack useless?
  • And it's up to Apple whether they let you create it. All I'm getting is: > Your request could not be completed at this time. > Your account cannot be created at this time.

Hackers are just a migratory lifeform with a tropism for computers.

Working...