A few days after the team at Beeper proudly announced a way for users to send blue-bubble iMessages directly from their Android devices without any weird relay servers, and about 24 hours after it became clear Apple had taken steps to shut that down, Apple has shared its take on the issue. <\/p>\n<\/div>\n
The company\u2019s stance here is fairly predictable: it says it\u2019s simply trying to do right by users, and protect the privacy and security of their iMessages. \u201cWe took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage,\u201d Apple senior PR manager Nadine Haija said in a statement.<\/p>\n<\/div>\n
Here\u2019s the statement in full:<\/p>\n<\/div>\n
\nAt Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users.\u00a0<\/p>\n<\/blockquote>\n<\/div>\n
\nThis statement suggests a few things. First, that Apple did in fact shut down Beeper Mini, which uses a custom-built service to connect to iMessage through Apple\u2019s own push notification service \u2014\u00a0all iMessage messages travel over this protocol, which Beeper effectively intercepts and delivers to your device. To do so, Beeper had to convince Apple\u2019s servers that it was pinging the notification protocols from a genuine Apple device, when it obviously wasn\u2019t. (These are the \u201cfake credentials\u201d Apple is talking about. Quinn Nelson at Snazzy Labs made a good video about how it all works.)<\/p>\n<\/div>\n
\nBeeper says its process works with no compromise to your encryption or privacy; the company\u2019s documentation says that no one can read the contents of your messages other than you. But Apple can\u2019t verify that, and says it poses risks for users and the people they chat with.<\/p>\n<\/div>\n
\n\n\u201cThese techniques posed significant risks to user security and privacy\u201d<\/p>\n<\/div>\n<\/div>\n
\nObviously there\u2019s also a much bigger picture here, though. Apple has repeatedly made clear that it doesn\u2019t want to bring iMessage to Android:\u00a0\u201cbuy your mom an iPhone,\u201d CEO Tim Cook told a questioner at the Code Conference who wanted a better way to message their Android-toting mother, and the company\u2019s executives have debated Android versions in the past but decided it would cannibalize iPhone sales. Apple has recently said it will adopt the cross-platform RCS messaging protocol, but we don\u2019t yet know exactly what that will look like \u2014 and you can bet that Apple will still seek to make life better for native iMessage users.<\/p>\n<\/div>\n
\nApple\u2019s statement comes at an interesting time. Beeper has been around for a couple of years, and its previous efforts to intercept iMessage were actually far more problematic, security-wise. Beeper and apps like Sunbird (which recently worked with Nothing on another way to bring iMessage to Android) were simply running your iMessage traffic through a Mac Mini in a server rack somewhere, which left your messages much more vulnerable. But Beeper Mini was exploiting the iMessage protocol directly, which clearly prompted Apple to tighten its security measures.<\/p>\n<\/div>\n