Beeper is also responding to Apple’s initial statement that its app, which is based on a reverse engineering of the iMessage protocol, comes with potential risks to user privacy and security. “We deeply object to the allegation,” the company wrote, and it’s willing to share Beeper Mini’s entire codebase “with a mutually agreed upon third-party security research firm” to analyze the app for any issues.
Beeper is kind of missing the point here. Apple is not shutting it down because Beeper could do anything bad to its users — these are Android users that might not even own an Apple device. Rather, Apple is shutting it down because other people could use similar exploit (the POC appears to use an unsigned device certificate for device authentication) to send phishing / spam messages to the Apple iOS/macOS users at large. With the exploit taken away, it is harder for bad actors to leverage the same channel to attack regular users because without third party means to do this, bad actors would have to find other ways to automate attacks on a much more restricted device.
Exactly.
If you want to be mad about Apple not opening iMessage up, be mad that they don’t have an SDK, API, etc for non-Apple developers.
Don’t be mad that they’re plugging exploits that people decided to turn into a product.
If you want to be mad about Apple not opening iMessage up, be mad that they don’t have an SDK, API, etc for non-Apple developers.
There might have been anger in the beginning but after 10+ years it’s just kinda disappointment.
The only reason anybody is trying to make it a product is because there is demand and they think people will pay if they can deliver.
I don’t understand why they continue to do this? Apple’s already working on adding E2EE to the RCS Universal Profile and implementing it into iMessage, so the need for a “blue bubble” in Android is going to become moot.
I get the whole thing about interoperability, but when your app’s business model revolves around charging people money to access a glorified exploit (Apple themselves stated this was the case, but you can easily verify this by looking at the source code of Beeper’s own PoC), to then follow up with more hacks and workarounds that will inevitably get patched, the sustainability of such an operation becomes dubious.
Where did you see about adding E2EE to RCS?
Various Apple statements on the matter,
I’ll link to the r/UniversalProfile post celebrating it.(As it turns out, the post did not actually say anything about E2EE. It’s a statement that’s been shared on several different tabloids though.)It’s the most logical approach to achieve interoperability because, while Google RCS already supports E2EE, it is pretty much the antipode of interoperability: only Google and Samsung are allowed true access to gRCS’s APIs. Apple being additionally granted access would effectively establish a messaging duopoly, as there would be no reason to use anything other than Google Messages and iMessage. There’s a reason why these APIs don’t exist in the AOSP.
Yeah, I didn’t think they said E2EE. Just RCS to be able to say, “we did it!”
I couldn’t find a non-tabloid source or a direct link to an Apple statement in the moment, but that doesn’t mean they’re not going to do it. It’s already been reported by the media as “stated-by-Apple”, and if that’s not the case I’m sure Apple will gladly rectify things themselves.
deleted by creator
Apple publicly announced that RCS is coming. I don’t get why they would need pressure to do something they have already announced.
Pressure shortens that timeline significantly IMO, similar to what happened with USB-C
deleted by creator
deleted by creator
I use beeper so that I am able to respond to messages from my pc while I work. I have iPhone because it is what my company uses, but I absolutely need a pc for the software I use.
I wish apple would just open up a web-based messenger, but then they wouldn’t be able to force people to buy Macs for everything to play nicely together.
I think you can purchase a Mac mini to handle your iMessages for you if your need them for work.
“Solve a software moat issue with a hardware purchase that rewards corporate bad behavior”
Lost you after solves issue. The rest doesn’t matter.
If I was Apple I’d wait until beeper collects a bunch of subscription fees then I’d yank the rug out and force refunds.
