A few days after Beeper’s team proudly unveiled a method allowing users to send blue-bubble iMessages directly from their Android devices, circumventing the need for relay servers, and approximately 24 hours after Apple took actions to counter this, Apple has responded, outlining its perspective on the matter.
Apple’s stance is somewhat expected, emphasizing its commitment to user protection, privacy, and iMessage security. Nadine Haija, Apple’s senior PR manager, stated, “We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users.”
This statement suggests that Apple indeed intervened to shut down Beeper Mini, a service connecting to iMessage through Apple’s push notification service. Beeper effectively intercepted iMessage messages by convincing Apple’s servers that it was using genuine Apple device credentials, a process Apple identifies as involving “fake credentials.”
Despite Beeper’s assurance of maintaining encryption and privacy during this process, Apple asserts potential risks for users and their communication partners, prompting the company to take security measures.
Beeper founder Eric Migicovsky, in response to Apple’s statement, maintains his position, expressing willingness to share Beeper’s code for a security review while rejecting the premise that iPhone users can only communicate with Android users through unencrypted messages.
Migicovsky contends that Beeper’s approach improves upon the fundamental insecurity of SMS, suggesting that even Apple’s concern about users sending blue-bubble messages via Beeper is addressable, proposing the addition of a pager emoji before each message to clarify the platform.
While Beeper Cloud continues to function, Migicovsky believes Apple cannot or will not keep Beeper out permanently. However, the likelihood of Apple relaxing its control over iMessage and security appears slim, setting the stage for a potential ongoing struggle between Beeper and Apple’s security measures.
