This seems like it won't last, but it's AWESOME and I really hope you survive Apple's inevitable attempts to kill this. A universal chat application would be amazing, and will maybe help bring attention to the value of standards and interoperability (hopefully by governments/regulators).
This downloads from GitHub and ’executes’ specific code points in what looks like a proprietary Apple binary, ‘IMDAppleServices’. Where was that binary sourced? Could you provide more context for what is performed at the hard-coded call-in addresses in your code? Does this relate to how you’re presenting a unique device identifier to the network? Do all clients share one identifier, or is it generated per Apple ID? Have any Apple IDs been locked out of iMessage during your development and testing?
I am not the developer but I also looked at that binary to help the project at some point.
It's taken straight from OS X 10.8 (more precisely from an Update Combo on their download portal). It's calling NACInit, NACKeyEstablishment and NACSign functions from it (which have no entry points but with reverse engineering the offsets have been figured out). They are themselves relying on OS X system functions to get device information. The Python code is using Unicorn to emulate it and patch the calls to those functions to stubs returning pre computed values from a Mac machine (stored in a data.plist file). All clients are using the same machine identifier. IIRC, nobody did get its account locked but if the Apple ID has not been used at all it might fail (it depends on the donor device that generated data.plist, if it's a hackintosh for example it will likely not work).
That seems like a problem. Emulating the protocol is okayish-to-gray but having the binary there will just be a straight DMCA.
Wonder what the actual app is doing since this is just the PoC.
I don't think the finer legal points matter too much. If Apple wants to sue them, they'll sue them, regardless of legal merit. And I suspect Beeper is betting they can make their case from a more philosophical angle, such that it's irrelevant what grounds Apple cites when suing them. Beeper will fight it either way.
I'm an Apple user who has no need for this app. But I really appreciate that Beeper has the balls to reverse engineer the protocol and build a business around it while fully expecting a lawsuit. That's some old school hacker shit and I'm here for it.
Apple tried and failed to sue Corellium for emulating their hardware, and now Corellium has a viable business around it. I don't see why Beeper should fare any differently. They just need to be prepared for a fight, both legally (lawsuits) and technically (ongoing game of cat-and-mouse).
Beeper will fight it either way.
That sounds nice and all, but what happens when the first bill comes due from their legal team?
I’d donate to a legal fund on this personally. I think a lot of people and large corporations would like to see Apple have to make concessions here.
I think if it comes to it, Apple will wind up looking very bad in a trial. Their behavior here is deeply anticompetitive. iMessage is just too important to modern text communication to be as locked down as it is.
If Apple doesn’t want to make an Android app, they should at least make an API so other developers can.
iMessage is just too important to modern text communication to be as locked down as it is.
What do you mean; if a private company creates something, and enough people buy/use it, at some point it becomes a common good? I like the idea of iMessage being open, but I don't like the idea of forcing Apple under government threat to open it
I don’t know what you mean by “common good” in this context, but if a company has a dominant market position and uses its power to cripple competition, then it falls within antitrust laws.
iMessage is so important today, especially to young Americans, that its exclusivity to iOS has become a significant barrier to Android or other operating systems from being competitive.
It’s up to regulators and the court system to decide whether that is a violation of antitrust law. But if it is, then yes, the government should force them to open it. That’s what it means to enforce antitrust law.
I feel so old. What is it that I'm missing out in iMessage that is so important?
Honest question, I've been texting since t9 and have never owned an Apple device.
It provides a much better group messaging experience than SMS (you can see who’s in a group and add and remove people), delivery/read receipts, better image quality, is encrypted (although that gets somewhat negated by automatic iCloud backups), and is free as long as a data connection is available.
Of course many other messengers offer most of these features too, but for some reason, no alternative has been able to establish itself in the US.
iMessage was heavily integrated into the ios flow when sms was the dominant mobile text messaging system. It's not special, and that's the point. It just worked the way people want texting to work as smart phones gained momentum, and iPhones have so much of the market share that it's way more irritating to use a separate messaging app when you can't change the default integration on ios. I miss the convenience of heavily integrated iMessage comms at least twice per day.
Interesting, I use both Messages and a few third-party messengers, and I wouldn't say that Messages is integrated more deeply with iOS, in the way that e.g. Safari and Mail were for a long time (before you could re-associate http and mailto URLs).
The share sheet just shows my most-frequently-used messengers, as well as direct contact names for my most important contacts, no matter what messenger they're actually on.
The only thing I can't yet do on my third-party messenger is initiate messages from my Apple Watch, but that's presumably due to a lack of a native watch app more than anything.
It’s really nothing special. I personally use WhatsApp with most of my friends.
The problem is when you have one person in a group that is on Android when everybody else is on Apple. This causes the iMessage conversation to use SMS instead. To signify this in the app, texts appear as green bubbles instead of blue, so it’s obvious when it happens.
This is bad because SMS is totally obsolete. It causes images and videos to be shared in extremely low resolution, along with problems of messages not getting delivered reliably and other missing features.
So effectively to the iPhone user, Android users very visibly cause group chats to be super crappy in iMessage.
This is not the fault of the Android user really, because it’d work way better if Apple supported RCS like Android phones do, but many people have a very strongly negative impression of Android due to this.
In fact, some iPhone users put social pressure on people with Android devices due to this in the form of excluding them from group chats or complaining about how they cause problems.
Apple has been perpetuating this problem because it suits them. People know this, but it’s Android and Android users that suffer regardless due to Apple’s dominant market position.
Yes, governments can require interoperability and can limit monopolies. That's how antitrust laws work, like it or not. But if you want to get all libertarian, why should companies be able to use government power (as in courts, DMCA and the like) to shut down smaller companies that reverse-engineer their protocols?
I'm a major libertarian, and you have a great point. Apple should maintain their competitive advantage via technical means or let more cooks in the kitchen.
Which is pretty much where "if you can't innovate, litigate" has its roots.
coughs in AT&T
I have a hard time believing that the folks who were smart enough to do all this work somehow forgot that lawyers cost money
i don't disagree, but nobody can compete with the money Apple can spend. not every David can find a Rainmaker when competing against Goliath. Goliath still wins a lot. He was a champion after all
I imagine they'd use some of the $16m+ they raised in VC money to pay the lawyers...
The Streisand effect will certainly boost enrollment if Apple sues.
Reverse-engineering and documenting protocol is OK. Implementing protocol according to the documentation is OK.
Copying and modifying binary with proprietary license is not OK.
How do you run the binary if that's not OK? In order to install it, The binary gets copied from the installer (dmg/zip/app store/CD install media), and then to run it, it gets copied from your hard drive to RAM, so that's clearly okay in some circumstances. Furthermore, once it's on my hard drive, I can copy it over and over again in random places on my hard drive for funsies and the operating system will gladly cooperate. Once it's on my drive, I can go in with a hex editor and randomly change bytes for funsies. It's on my hard drive. Am I then not allowed to delete the program from my system? If I use shred to delete it, which will set the bytes in the file to zero, or format the hard drive, am I breaking the law?
In my very limited understanding, distribution is the key.
It’s legal for Apple to distribute Apple binaries. It is not legal for someone else to distribute Apple binaries.
Copying a binary from installer to app folder: not distribution
Putting the binary on a USB and giving it to your buddy: gray area, not worth prosecuting, but maybe technically distribution
Uploading the binary to a GitHub repo titled “Apple binaries here”: obviously distribution
Which is weird if you think about it. If I buy a car, give it a paint job, mount some LEDs, and a new sound system, I'm totally within my rights to sell it. I can't say that I'm Ford or Honda when selling this modified car, but I'm totally allowed to sell it.
Yes, and this analogy is even more valid than usual, because unlike most software where each binary is an exact copy of all the others, in this case each binary is actually unique to a device.
But it's more like a ticket, or an NFT. It's a unique blob that was sold to you. You should be able to transfer it.
Apple's best argument here might be that the blob is meant for one person, and distributing it this way is like sharing a ticket to the cinema between multiple people. I can't enter the cinema, then come outside and pass you the ticket so you can enter it too.
In that case the easy way out (and what plenty of Hackintosh/console hacking/emulation/etc. communities have done since the beginning of time) is to just download the file directly from Apple when the app starts up the first time or have an “import BOOT.bin here” button you use to activate the app. If someone can source the binary you need to get the app to work I think that’s DMCA legal.
Those are all fine but it's not the context of the copying in the discussed scenario.
I dont believe Apple would sue. I think they would just change the protocol to block this from happening.
I think you might be right, especially with the heat on them from the EU right now. It's faster to play the technical cat-and-mouse game for as long as possible.
There's also a very small chance that the EU would sit idly by and watch Apple wreck compatibility.
There are reverse engineering/interoperability exemptions to the DMCA so it may not be that simple.
So would be curious if they have already sought legal advice which says they are in the clear.
they raised $16mm. I assure you they've talked with a lawyer or two.
If they actually just took a binary from OSX and stuck it into their app it probably wasn't the best lawyer
I believe it's server-side: not distributed.
Sam Bankman-Fried raised $1.8B, yet we know how that ended even with lawyers available, so... We'll see.
I hope we get to a place where people like this simply generate an OpenPGP key/OpenSSL certificate for a pseudonym and just throw this stuff up on .onion and .i2p domains. A place where DMCA and copyright literally cannot be enforced because it's impossible to.
This reminds me of the near-ish-future "Rainbow's End" by Vernor Vinge, wherein instead of giving out phone numbers or email addresses or screen names (identifiers), people give out opaque GUIDs [0] that act as communication handles with capabilities baked in. So, you could give out one to friends that allows people to open a synchronous voice channel to you, but give out one on your business card that just allows people to send text messages to you.
The book doesn't talk about it too much, but presumably these handles could be limited-use (time-based or only granting a capability to send a certain number of messages) and could be revoked.
I know it would probably be off-putting to give each person I meet a different GUID for contacting me (kind of like telling them your email address is <their_name>@<my_vanity_domain>), but it might reduce the spam I receive.
[0] if you're searching the ebook, they're called "golden enums" in the text
It's not impossible, just currently not worth the tradeoffs of enforcing. There's nothing stopping governments from passing laws holding IP address owners responsible for the traffic they originate. At that point VPNs and Tor exit nodes will stop allowing illegal activity. VPNs are already moving this direction, no longer supporting port forwarding ie hosting content on bittorent.
Not sure how likely is that considering that Beeper is an actual/company startup which seems to have received funding from YC?
However, considering that I'd except they'd know better than to just outright take a binary from MacOS and use it in their app (assuming that's actually the case..).
There’s no need for Apple to react to this project at all.
Eventually, someone will send spam using this app, at which point automated systems at Apple will “console ban” the hardware identifier shared by all of the app’s customers. The project presumably has a library of valid hardware identifiers collected and ready to go, and eventually that’ll be drained by spammers faster than revenue versus device purchasing allows for. Apple can just wait silently as the app exhausts their pool of hardware identifiers, each banned by pre-existing anti-spam automation, without ever acknowledging their existence.
Apple may not buy WhatsApp will. If there's ever a commercial or OSS third party WhatsApp voice client I would expect they will try to send their Perkins Coie dogs after the project. They've already done it to many oss projects, terrifying Devs from continuing their work
The app is not redistributing it, it just requests a server to get validation data (since anyway the actual library loading involves patching every system function, making the function independent from the host device, see [0] if you want to see how it's stubbed to run on Linux using a data.plist file), and thus there is no need to emulate it on device.
Doesn’t this already have precedent? Nintendo used to check for the existence of their logo in cartridges before loading them so that anybody who wanted to create an unauthorised cartridge for a Nintendo system would have to reproduce their logo and infringe on their copyright. I’m pretty sure the court ruled that reproducing the logo for the purpose of interoperability was fair use.
If that becomes a problem and they get enough funding, I'm sure they can spend a few days / weeks reverse engineering the functions they need. At this point it just needs some effort, not some crazy research capabilities.
Given that these are cryptography-related functions, I feel like symbolic execution could yield the actual algorithm they use.
It's probably not even that hard. If some block looks like a crypto section, you can likely match the relevant constants to the algorithm. It's not like Apple will use some super custom solution there. "Where is the AES and how is the IV generated" is more likely question.
It’s already in the works, someone has already made a lot of progress on this front on pypush’ Discord server.
Its awesome to reverse engineer this... but..
At the end of the day, this product is taking money for using Apple Services with no recompense to Apple. It won't last.
Apple should have added an iMessage client to Android (and charged for it) long, long, long ago, but it doesn't change the ethics problem here.
(This is the downside to the "just pay for it with hardware" model people always love rather than paying subscription fees.)
iMessage is offered as a free service. If they would like to 'receive recompense', then they should simply charge people.
Do we provide recompense to YCombinator for using hackernews?
iMessage is not free though?
Apple's "free" services are all dependent on you having bought apple products. When you buy a device, the "profit" on the hardware (the oft reference BoM only cost) also pays for the software development, the services, etc.
Claiming that anyone should be able to use those services because they're "free" is like saying anyone should be able to get free service at Toyota garages because Toyota does free service for people who bought a Toyota vehicle.
I think it's a lot more nuanced than that. Should we, as a society, allow companies to lock people into platforms, and discriminate against those who have decided not to fall prey to that lock-in? Especially when avoiding that lock-in (which is often a passive financial/economic choice, not an active rights/freedom one) actually causes social and emotional harm (the whole "green bubble bullying" is a real thing; yes, I think it's dumb too, but what we think is irrelevant).
Personally, I think the answer is "no", we should not allow that sort of thing. Profit is not the most important thing in the world, by far.
Your car analogy falls flat, as is the case with most car analogies. No one would expect to get free service at any garage, and that is unrelated to the topic at hand. You can go to any garage, and they're mostly not model specific; even when they are, there are plenty of third-party alternatives. (And this is why locking down car hardware/software such that only the manufacturer can provide service is a garbage practice that we should legally disallow.)
No it's not.
Running a service costs money.
That money has to come from somewhere.
Google makes that money by spying on people and using that for ads.
Apple makes that money by selling hardware.
You're saying that both companies should be required to provide the services they render, but apple's model of paying for it by selling hardware should be banned.
Also, go talk to someone who has bought a new car, and ask them how much their servicing costs. If they go to their manufacturer's service centers the regular services are free for the first few years, but if they go to an unrelated mechanic it costs money.
I do have a spare iPhone in a drawer, still works and can message on iMessage. There, I have purchased Apple hardware, now can I use iMessage on my Android phone?
No.
For the same reason that if you buy a game for xbox, and then when you later buy a playstation you can't turn around and demand that MS port the various xbox services to the playstation, or a publisher port an xbox game to playstation.
I see your point, but please steer clear of personal attacks - you can make your substantive points without that.
sorry, it wasn't meant to be a personal attack. I'll edit it so that it reads less hostile.
Appreciated!
Correction: iMessage is offered as a value-add to people who purchase supported Apple hardware (iPhones, Macs, iPads, Apple Watches).
That’s a positive way to formulate it. The more cynical formulation is that it is a way to lock people into the Apple ecosystem and (especially in the US) to apply social pressure to people to buy an iPhone.
Apple isn’t in the business of offering anything to Android users without getting anything in return. A value-add is something you offer only your existing or prospective customers, and that can have a lock-in effect, but only if you value it a lot. Keep in mind when iMessage launched, that it only worked with other iPhone users was a much heftier limitation because the smartphone market still had Symbian, BlackBerries, Windows Mobile, and Palm in it in addition to some very early Android models, and not everybody buying cellphones was buying smartphones yet.
Apple charges people to use iMessage by requiring you to use their hardware
Do we provide recompense to YCombinator for using hackernews?
Yes. Asking this question is original content. My reply is additional. Those reading this thread are community members.
All of this drives the visibility of new YC batch application kickoffs. Ultimately, YC founders, and some of these early leads result in big investment returns.
Apple announced that they will support RCS. Presumably they will not charge Android users for sending RCS messages to iPhone users right?
RCS isn't encrypted, doesn't work without phones, doesn't have a single identity across multiple devices, etc so it's not going to replace iMessage.
If only there was an encrypted chat service, that works on multiple devices, has a single identity across all of them, etc. Oh well, guess we'll all have to buy iPhones to use iMessage.
Correct! There are numerous options available across a wide variety of platforms, and yet people obsess specifically over iMessage because of perceived (and seemingly US only?) obsession with blue bubbles.
There is matrix.
RCS can be encrypted. Whether Apple chooses to do so is yet to be seen of course, but I'm guessing they will reserve encryption for "blue bubbles."
Yes, as a non-standard google extension that is not guaranteed to be present.
To illustrate the issue, imagine apple added support for "encrypted RCS" that was just iMessage's message blob stuck in an RCS blob (this is essentially how google's encrypted messaging solution works). Would you be ok with that being presented as "encrypted RCS"?
Does RCS rely on Apple servers? If it just goes through the same carrier network the way SMS does, why would Apple need to be compensated for the use of their cloud infrastructure?
Yes, Apple will most likely run their own RCS servers.
Yes, I think RCS will be supported free of charge similar to SMS and MMS today. I also suspect that Apple will reserve blue bubbles for native iMessage and use green bubbles for RCS.
There was an info somewhere that RCS will still be green:
https://9to5mac.com/2023/11/16/apple-confirms-rcs-messages-w...
Thank you I just came by to say that
RCS is in theory and intended to be a carrier service. From what Apple announced, all we know of what they are doing is is 1) adding RCS protocol support to Messages and 2) working with the GSM Association to beef up security, somehow.
In reality, RCS is practically a Google service at this point, and we don’t know a damn thing about how that is going to affect interoperability since the carriers have more or less outsourced the service to Google.
The only "ethics" problem I see is a company using it's considerable weight to deliberately segregate users of different platforms, resulting in discrimination and bullying. I understand a lot of people here may not understand this, on account of not being a teenager or young adult, but it is a very real phenomenon.
Not even young at this point. I overheard two grown men talking about how much they hate people with green bubbles and purposely skip inviting them into group chats because of it.
I have been a grown man on both sides of that conversation: left out of group chats due to being a green bubble, and now tacitly approving of not including green bubbles in otherwise pristine-seas-of-blue chats.
It's less about the background color and more about the endless series of interoperability paper cuts that exist with green bubbles. Will my reaction emoji come through as intended? Will my shared media get downsampled to feature phone quality? Will referencing the person's name in chat work the same? etc etc etc.
Interop is always a pain, but the sooner Apple can be forced into making any concessions the better.
It would help if Google wasn't a complete joke in the messaging space though. As much as I want iMessage interop with Android users, I have no faith or trust in any Google-based messaging app or initiative. Fool me once, shame on you; fool me dozens of times ... well I'd be an idiot to trust Google messaging again.
The fact that a huge number of perfectly good third party chat apps exist and yet most Apple users prefer iMessage is a huge testament to iMessage just being a really well made product. I wouldn't put up with the obnoxious interop and lockin issues if it weren't!
As an Android user who texts with other Android users, RCS works just fine. Automatic e2e encryption whenever it's available, reactions work (and support every unicode emoji, not just the 6 Apple supports), threading works perfectly, photos and videos come through in full quality.
Recently Google Messages started automatically translating the shitty little 'So-and-so hearted "<previous message>"' SMS messages Apple sends out from iMessage into reactions as well.
It's genuinely quite good. I prefer it over Signal when I know the other person has an Android too.
To be clear, I don’t think people actually look down on green bubbles vs. blue ones, it’s just that the presence of a green bubble in a Messages chat leads to numerous issues with threading, reactions, etc. (which is also something we can blame Apple for, but different than disliking a person for using an Android phone).
I think the ethics problem probably lies on the shoulders of the bullies, not on Apple.
If I were a profitable company and I knew I could end bullying resulting from my product without significantly harming my business, and I chose not too, would I be acting ethically?
Apple could also end bullying by giving their phones away for free so every kid in high school could use iMessage. Is it acting ethically if they don't do that? Exactly how much of Apple's products and services should be made available to everyone, and where/how do you draw the line?
To be clear, I don't have a dog in this race. I have an iPhone but barely use iMessages.
OTOH this software existing does change the conversation, especially if the solution gains significant media attention or becomes popular. Hopefully this solution passes muster and does effect some kind of change.
Remember when Apple promised that Facetime would be based on SIP and would be interoperable? Neither does anyone. I hope that someone opens this Pandora's box also and gives it to every grandma on the planet before Apple has a chance to ban it.
The VirtnetX patent case is what crushed interopable FaceTime.
This indeed changes a lot. If this gets enough traction to be visible and Apple blocks it, it’ll further complicate their relations with the European Commission, who are currently investigating whether iMessage should be regulated under the Digital Markets Act.
As if Apple doesn’t have hundreds of Billions in the bank... I think they can afford to foot the bill.
One of the ways they got to having billions in the bank is by selling things for money at a profit. If Apple ever offers iMessage to Android users directly, Apple is going to get paid somehow.
Agree. We have seen this before.
What if someone reverse engineered Twitter's services and built a separate client and tried to monetize it. What would Twitter do?
What if someone reverse engineered Reddit's services and built a separate client and tried to monetize it. What would Reddit do?
What if someone reverse engineered Instagram's services and built a separate client and tried to monetize it. What would Instagram do?
Not really. Twitter, and Reddit publish(ed) API's that required one to obtain a key in order to use at scale. No one reverse engineered them.
At the end of the day, this product is taking money for using Apple Services with no recompense to Apple. It won't last.
I wish companies wouldn't see it like this. I'm not going to speak on this one specifically, but the other one (Beeper Cloud) "makes Apple money" in that i'm more likely to buy into the Apple ecosystem. Ie normally i'm wanting to get out, because Apple likes to play all-or-nothing with the features that i buy from them. As someone who has an Apple watch, phone, laptop, tv, tv+, airpods.. yet works on Linux & PC, it makes me want to switch away from Apple if i can find better hardware.
Beeper lets me get _some of the features i pay for_, which makes me not want to switch.
Makes me sad that so many companies have this view of direct income or piss off. Secondary benefits are real imo, and it's what i personally want to buy. Apple feels actively hostile to me, and it makes me want to leave.
There's probably indeed a pragmatic issue with the service not lasting, but it is not an ethics problem. If anything, it's unethical for Apple to be so damn proprietary.
I'm on the fence about using this. I don't want to switch all my conversations over to iMessage and then have Apple figure out how to ban this. That kind of feels like a recipe for lost messages.
If Apple bans this they will have to answer to EU courts. I very much doubt they will in this political climate.
They wouldn't have to ban it, they could just alter the protocol to make it impossible. iMessage is designed to only work on devices manufactured by a single company. All of those devices have secure cryptographic elements built into them. It's not a stretch to think Apple could lock down iMessage under the guise of security.
Again, they would have to answer to EU courts. They are legally required to be interoperable now. Banning non-iPhones would definitely be litigated.
This is not true. iMessage hasn't been declared a core service by the EU. This takes seconds to Google.
Yet. There's a decision happening next year. This also "takes seconds to Google". https://arstechnica.com/gadgets/2023/11/google-argues-imessa...
They are already a gatekeeper with core services that are required to be interoperable. Even if iMessage specifically hasn't yet been declared a core service, Apple is in the crosshairs and behavior like banning competitors will be harmful to their legal position at a very sensitive time for them.
Your link—hell, even the URL slug and headline—make it clear that this is something Google is claiming to the EU, not something the EU itself is claiming.
Yes, it's possible that the EU will rule that iMessage needs to fall under these rules, too, but citing a major competitor (who's even more under the gun for the same stuff themselves) making the argument that Apple should be restricted is, shall we say, not super persuasive on its own.
who's even more under the gun for the same stuff themselves
Are they, though? Google allows alternative app stores on Android, they already implement an interoperable, open standard in their primary texting app (RCS), they allow alternative browsers on the Play store itself, and they don't block interoperability with other platforms the way Apple does.
That's not to say they're not under the gun, but what they're under the gun for is different, like bribing Epic and others to not move to their own app store or make a self-updating app downloadable from their website.
They're both monopolistic asshole companies, don't get me wrong, but they're using fairly different strategies.
they already implement an interoperable, open standard in their primary texting app (RCS)
Yes, but Apple has announced they will do the same thing. That is not the same thing as interop with the actual iMessage protocol. Similarly, Google Messages does not allow interop with its encryption and newly announced sticker/effects, which remain proprietary to the Google Messages app.
You said "They are legally required to be interoperable now." which is factually incorrect. It's okay to just admit that you were wrong.
You're right, my statement was factually incorrect. The correct statement is "Apple is currently fighting an effort to require iMessage to be interoperable".
The argument stands. It would be a bad idea for Apple to ban competition from iMessage, even with an attempt at plausible deniability, while they are fighting European regulators about interoperability on multiple fronts.
Good luck testifying that they specifically adjusted a private internal protocol to block an App vs improve/iterate on the existing protocol.
That would break old devices.
That would be easy and wouldn't even require lying. "We identified and fixed a security vulnerability and fixed it"
The only way I could see this happening is if they have all of the public keys of the secure cryptographic elements in a database of all Apple devices ever created. Because otherwise, it would just be trivial to emulate a "secure cryptographic element" if it's just a public/private key.
They aren't running a client by Apple. A glance at other posts seems they are using Apple code, but that would just be a matter of reverse engineering if the code required the secure enclave.
I can't think of a way that a server would be able to prove a device is Apple or not if you were to replicate the protocol completely. Only if there was some established public/private key would this be possible. And then the private key on the device would be in a secure enclave that you could feed it data to sign to prove the device is an authorized device.
I wouldn't be surprised if they in fact do have a list of serial numbers for all the mac, ios, tvos devices they have ever sold, linked with some corresponding device-unique public key data?
After reading some other comments, this very well might be the case.
I don't know how the secure enclave works in detail but if there is a private key inside it that it uses for attestation / signing, presumably it could also have a certificate signed by an internal Apple provisioning CA infrastructure which Apple can verify on their end.
Importantly, this matters even for those older devices that were created without secure enclaves. iMessage still used this PKI architecture back before every new mac/iphone/ipad had a SE.
Of course they have all of the public keys of the secure cryptographic elements of all Apple devices (that run iMessage) ever created. Why wouldn't they?
Could they just require the client to send over the Apple logo, which is trademarked, like Nintendo did with the GameBoy?
That was defeated 30 years ago https://en.wikipedia.org/wiki/Sega_v._Accolade
And if Beeper keeps it up they’re likely running afoul of the CFAA in the US.
The EU doesn’t rule the world. They haven’t forced iMessage open yet, and Apple is clearly trying to avoid it with their announced RCS support.
I don’t think things are as far along as you do.
Probably because no one uses iMessage in the EU.
I'm pretty sure almost everyone sending messages from an iPhone to another is using it.
Even iPhone users in Europe tend to just use WhatsApp. It's the default there, largely because of the history of carriers charging thru the nose for SMS back in the day...when WhatsApp offered "free" messaging (uses tiny amounts of your data plan), it took off.
Even iPhone users in Europe tend to just use WhatsApp
Europe is not that homogenous, WhatsApp isn't even the most popular messaging app in much of Central/Eastern Europe and Scandinavia (in addition to that iOS has a similar/higher market share in Norway/Sweden/Denmark than it does in the US).
of the history of carriers charging thru the nose for SMS back in the day.
Again, this wasn't the case in every European country (where I am text messages were already free or very cheap in the early 2010s so WhatsApp didn't really take off that much and FB Messenger is still quite a bit more popular to this day because it worked on PCs/browsers and most stuck to it when smartphones were becoming popular ).
same applies to Britain and Switzerland.I'm from Europe and live in Hong Kong, in both places, iMessage to us is like Edge for Windows users: a gimmick we see auto-installed but we dont use. So many people don't have an iPhone, and we change phone number every few months anyway. The US experience might be diff, and Europe / Asia aren't a single country, so maybe it even varies within.
addandsubtract is referring to low usage rates of iMessage in Europe compared to other messaging systems, especially Whatsapp.
Can you explain more about the suspected CFAA violation?
See https://en.wikipedia.org/wiki/Craigslist_Inc._v._3Taps_Inc.
The CFAA says that "having knowingly accessed a computer without authorization or exceeding authorized access [is a federal crime]".
The courts held that 3Taps scraping the Craigslist website was accessing a computer and exceeding authorized access because it should have been obvious to 3taps that craigslist did not authorize them to scrape their website (namely from some IP blocks and a C&D letter), so it stands to reason that talking to the iMessage API from a non-apple device is a federal crime. Apple has only authorized apple-devices to talk to their API, it should be incredibly obvious to all of us that this is not being done with apple's authorization, hence crime.
In case it's not clear, I think the CFAA is a rather poorly thought out law since "authorized access" seems like it could be as vague as a ToS violation, which means it escalates things that seem more like civil matters into federal crimes.
The Supreme Court has significantly weakened the CFAA since then in Van Buren. The weakened version might not apply.
Not to mention, nearly everyone in power in the US has an iPhone, and Apple is a darling of the establishment in the left and the right, and virtually nobody else has any power.
For those trying it out or if it does get banned, here's the iMessage unregistration link:
I tested it out, unregistered in the app and now I can't receive SMS from iPhones. This link says my phone isn't registered either. Yikes!
Edit: it's working now, took 15 mins to work itself out.
Thank you, this was probably my biggest concern
That's my main concern as well. I don't want to strengthen such a closed ecosystem by building their network.
(That and desktop support is a must for me)
Beeper desktop supports iMessage too, I'm using it right now.
Do you have an invite - I'm on beeper mini but on the waitlist for the desktop!
It doesn't help that they want to pursue the exact same approach for the other apps they want to provide service for.
They are looking to get banned and completely damage the Matrix/Mautrix bridge ecosystem.
What's the point of matrix integration if not to use it? Gaim/pidgin ended because of changes not because it was too powerful.
Same concern here. I think it's a more valuable use of time to get all your friends/family to switch to Signal. AND pay for (donate) to Signal.
Tis better to have loved and lost than never to have loved at all.
From their blogpost: https://blog.beeper.com/p/beeper-cloud-and-product-roadmap
Everything changed in August when a security researcher reverse engineered the iMessage protocol.
At a high level, here’s our product plan for the near future (in very rough order, and very subject to change): > Add support for SMS, WhatsApp and Signal into Beeper Mini, using the same end-to-end encrypted client-side connection architecture. No cloud servers in the middle.
so they are changing their whole business model to rely on illegal proceedings, breaking the ToS of every service they want to provide an alternative for.
I'm pretty sure Apple isn't fond of random people using their servers and their proprietary protocol on a client they haven't created. Signal is the same, they C&D every fork that becomes popular, the only official clients are the CLI and the ones they release (Signal is open source though). WhatsApp is also similar.
It's interesting and disappointing to see that they are hoping to create a business model on top of that, and it will probably backfire and hurt Matrix users as well, because these chat companies will become stricter and completely forbid third-party clients.
Beeper (Cloud) has been around for 3 years. It supports iMessage, Whatsapp, Signal and 12 other chat networks. We have 100,000 users on Beeper Cloud.
We haven't had a single problem like the one you're describing. Not to say it will never happen.
If Beeper Cloud uses a Mac in the middle then I would have assumed that is actually permitted, as its presumably a legitimate iMessage client and some software to forward your messages after that.
It seems similar to the parallel of iOS builds where its been possible to do so with virtualized MacOS on non-Mac hardware for a long time but its a violation of the TOS of MacOS to do so. Apple does spend effort ensuring that companies running cloud builds do so on Mac hardware; they don't care that the true end user is running Windows and achieving an iOS build as long as there was Mac hardware doing the actual building.
So this reply is along the lines of "we did something for 3 years that allow and they never stopped us" which isn't very strong evidence they won't stop you now that you're doing something they don't allow.
They may not do anything here thanks to the current EU climate though, I only mean that the fact they did nothing about Beeper Cloud is not evidence one way or the other.
Apple or Meta (WhatsApp) trying to take down something like this would almost certainly be viewed unfavorably by the ever-lurking EU regulators.
That's the only reason I'm not confident that Apple will kill this. They wouldn't want the regulatory attention and (at least for now) this is a niche area that few people know about.
Easier to kill something when it is a small niche area that few people know about rather than wait until it gets bigger and more people use it.
Except that Matrix never profited from it. Beeper is the first company to provide a paid service for it and had their own servers. But now they are providing a paid (with a free tier) service that runs on Apple/Meta/Signal infrastructure.
This is asking to draw unwanted attention towards yourself.
Please read this:
https://gist.github.com/smashah/667d4d5cf31670ee87547450861a...
The game being played here is poker. If they call beeper's bluff then they risk setting a whole industry wide precedent that interop supercedes ToS (that's the only angle).
As it stands, ToS based C&D for interop is untested afaik.
We as a community need to discuss ToS-trolling and fight against it.
This doesn't hold up.
https://github.com/signalapp/Signal-Android/issues/9966
https://github.com/libresignal/libresignal/issues/37
unless the EU rushes out their legislation that interop is not grounds for terminating someone's account, I'm sorry, but they can do whatever they want to with their app.
Would you feel happy if someone used your home network to seed torrents? Using your bandwidth to seed them?
As others pointed out, you used official Apple hardware.
Now you're replacing that with Apple's own infrastructure.
They won't like this and I really hope an eventual C&D from Apple, Meta and Signal won't affect the development of the Mautrix bridges.
Do you remember back when Pidgin, Trillian, and others created clients that worked across AOL, MSN, and other messengers. They worked for a while, they'd stop working, they'd update and start working, and that went over and over again. I'm not really looking forward to having that experience again.
When TOSes forbid interoperability, breaking them is just.
but now explain this in "Legaleeze" to Apple, to Nintendo, etc....
Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.
17 U.S. Code § 1201 - Circumvention of copyright protection systems
Has this ever succeeded in court? Has it ever even gotten to court or do people just give up at the first lawyer's letter?
Yes, it has been tested many times, famously for unlicensed video games on consoles.
You do know DMCA is not the only law they can refer to to sue freeloaders, right?
I agree with this statement but in the end, the effects of Beeper will negatively impact everyone else who hosts a bridge for these services.
Just because a legal binding document seems stupid it doesn't mean you can break them.
I find most laws stupidly worded, it doesn't mean I should disrespect them.
Signal is the same, they C&D every fork that becomes popular, the only official clients are the CLI and the ones they release
This always rubbed me the wrong way and made it seem like it's an NSA operation
The source to Signal is open to analysis if you doubt its security. I suspect they C&D forks because they don't follow coding/security practices as upstream does, and it would be too hard to ensure they would if they just let anyone fork it.
No guarantee the build on the app store is the same as on github.
No guarantee the build on the app store is the same as on github.
I don't know why this comment always pops up on HN every time Signal is mentioned.
Signal builds on Android have been reproducible on Signal for nearly eight years - basically the entire time Signal has existed as an app under that name.
On iOS? No, because Apple doesn't allow reproducible builds on the App Store, period. But you can't blame Signal for that.
Not really. Moxie just said "we pay for the infrastructure so it's unfair that you get to use the servers we pay for".
Nah. Not NSA. CIA
Yeah Apple won't like this or ever officially approve of it, but you make it sound like you'd call the police if you saw someone using an unofficial AIM client. I think the dramatics can be chilled. The ToS is dumb and not worth the virtual paper its written on. If Beeper can keep up with the cat-and-mouse game, this is no different than Trillian or GAIM/Pidgin/Bitlbee/libpurple or aMSN or Miranda IM or Gtkcord4 and on and on and on... Apple doesn't need an internet defense force for their stupid ToS.
I feel like there are two questions Beeper needs to ask itself...
1) Are they going all-in on being an antagonist to Apple?
2) Will the users be willing to stick around during any outages/downtime/failures due to the cat-and-mouse game? (That I agree will follow and continue.)
I can't answer for Beeper, but why would they be unnecessarily antagonistic to Apple? It's not related to their product or mission. Beeper offers interoperability. Antagonism is an undesired byproduct of any of this work, and it's immature to be antagonistic for no reason.
Will it be a cat-and-mouse game? Maybe. Will users stay? Probably. In many cases, Beeper users already WERE iMessage users. Beeper users ARE Discord users. They are users of the upstream service and explicitly want a unified and interoperable chat system, for one reason or another. Maybe it's more practicality than ideals, but it's all the same in the end.
That said, it's not like Beeper is new, and it doesn't seem like antagonism is a primary driver of operational issues yet, so it's not clear it's about to start any time soon, either. Perhaps one of the most annoying tech company strategies is to try to establish a horrid status quo before regulators and law enforcement have time to catch up with you, making it much harder to actually do anything about. I see Beeper as one of a small number of companies that are basically on the opposite end; if they gain a large enough mass of users, it's going to be harder and harder to antagonize Beeper without antagonizing their own userbase, especially when you consider that the value of IM networks is largely in the connections between users. So, the clock is ticking.
When there's money involved, the results are way more dramatic.
If Beeper was free, sure, they wouldn't bother that much.
But Beeper relies on this business model. Apple and co wont let this slip.
Signal is the same, [...], the only official clients are the CLI and the ones they release
Is there an officially supported CLI for Signal? Please tell me it's true, that would mean so much for small scale automation!
Not official but this works darn well: https://github.com/AsamK/signal-cli
It's not official but they don't want to kill it for some reason, maybe their own devs use it for testing
At this point, why not just wait for Apple to release their RCS implementation?
The nicest thing about iMessage (for me, at least) has always been that it was a significant improvement to SMS that just worked, with graceful fallback to SMS for anyone who didn't use it. No installing third party apps, wondering if someone new I wanted to contact would be on that messaging app, etc. A nice bonus, but not something that would ever get in my way. Wanting to install a third-party app on an Android phone just to get blue bubbles is weird.
WhatsApp, Telegram and many other platforms do everything that iMessage does and more, without the deliberate segregation of users on different platforms.
In effect, you are using a third party app (as opposed to stock SMS), but Apple has integrated it into their OS and refused to release versions for other platforms.
So you're saying that if I install WhatsApp on my phone, I can text anyone I want, if I have their phone number? Doesn't matter if they have WhatsApp installed? I just say "send this to 5551212" and it gets there?
They need to install the app, which is free. What they don't need to do is buy an iPhone, which is not free.
Android phones are free? I have to buy the phone no matter what, so I don't see that as a differentiator.
I don't want multiple ecosystems that don't interoperate at all. I don't want to give my private conversations over to an ad company like Facebook. I like iMessage because it adds features without taking. I don't worry about what app I need to use depending on who I want to talk to, I just send them a message and move on with my life.
You can run Android apps on almost any non-Apple brand of phones, Windows PCs, Linux, Mac OS and Chromebooks.
You can run iMessage on Apple devices, nowhere else.
Surely you see the difference.
Surely you see the difference.
I know what argument you're trying to make, but I think it is disingenuous to pretend that WhatsApp is free while iMessage is not. As a practical matter neither is free, and both are free.
iMessage is not free insofar as one much purchase an iPhone to use it.
So they absolutely segregate users onto their proprietary platform, it just happens not to cost money to use.
Your literally talking about WhatsApp and Telegram as if they aren't their own segregated microcosms you can't message from whatsapp to telegram for instance so obviously they are their own segregated users by platform, its just a software platform not a hardware platform.
They are hardware agnostic, iMessage is restricted to users of very specific hardware.
Its only now just arrived in beta on the iPad.
...what is the "it" that just arrived to the iPad?
I assume they meant WhatsApp :
https://wabetainfo.com/whatsapp-beta-for-ios-23-19-1-71-what...
with graceful fallback
Have you ever tried to stop having an Apple device? Hopefully better now, but a few years ago there was no way to unlink iMessage. So say good bye to all your Apple friends, as them texting you goes to the Apple cloud and not your new phone.
a few years ago there was no way to unlink iMessage
Deregistration[1] has been supported since November 2014.
Maybe that would be obvious to the average Apple user, but as a non-Apple user, it would never occur to me that I'd have to explicitly de-register my phone number with Apple after activating a new phone.
That seems okay? It's only applicable to the Apple user to begin with.
heh, fair point. I was mainly thinking about somebody dipping a toe in or trying out an iphone for a little bit before switching back
There was a time after you still needed to have the iPhone to do it, though. And I'm not sure how many are actually aware you have to do this, just getting messages for them sent into the void.
Yep, I used to switch back and forth between iPhone and Android every couple years. I'd deregister the phone number when switching over to Android. I don't remember a time they didn't offer that ability.
It's not weird. It might be weird in your eyes, but given how much exclusionary behaviour I've seen based on bubble colour, it's not weird in the slightest. I'd like to believe that apple supporting RCS will magically fix the whole 'green bubble/blue bubble' thing but I'm bearish as it seems to be more a cult thing than anything to do with functionality (I say this as an iMessage user).
And please, spare me the trite 'get new friends' comment.
And please, spare me the trite 'get new friends' comment.
Wow, okay then.
Anyway, I'd argue that the bubble color serves a useful purpose. At this point I definitely want to know whether someone I'm talking to is SMS or iMessage, because there's a meaningful difference in capability that will affect choices I make (like how to get pictures or video to them). Whether it's colored bubbles or something else, it's going to exist in some form.
I'd be bearish too if that were an important thing to fix, because it's human nature that's the problem, not the technology. The solution is a universal messaging technology that is as good as iMessage and has the broad reach of SMS. Perhaps if Google can get their proprietary extension of RCS standardized and implemented by the carriers directly.
I mean, the way everyone else solves this problem is by having an SMS app and a "proprietary messaging platform". Cramming them together in order to increase adoption of the proprietary thing is definitely a... choice.
If what you care about is the color of your bubbles, then that won't make a difference.
Green bubbles don't mean "second-class citizen" or "doesn't support proper group chats"; they mean "SMS" (or possibly "not iMessage"; that's not yet clear).
It's extremely unlikely Apple will make RCS bubbles blue—even if they don't make them green (and keep that reserved specifically for SMS), they'll make them some other color.
It's not a way to make sure you can identify the outgroup and shun them; it's a meaningful signal of what technology other people you're chatting with are using, which tells you useful information about their capabilities.
It's not a way to make sure you can identify the outgroup and shun them; it's a meaningful signal of what technology other people you're chatting with are using, which tells you useful information about their capabilities.
That seems like a false dichotomy to me as those are not mutually exclusive, and indeed can (and are) both easily accomplished with the current system.
Sorry; I was, perhaps, unclear.
Apple does not in any way intend it to be used to identify the outgroup and shun them.
SMS on the iPhone used green bubbles for years before iMessage existed. When iMessage was introduced, it had blue bubbles simply to distinguish it and make clear "these are users of the new service you can video chat with, send files to, etc". Like I said: a useful informational signal.
It wasn't until years after that that this wailing and gnashing of teeth about blue vs green bubbles started. To the extent that such a social dichotomy exists, it is a purely emergent socially-created one, not one that Apple has pushed in any way.
Furthermore, it would be a regression for Apple to remove that useful informational signal just because people are upset that they get accurately identified as "the one in the group who is using a different device, and thus cannot safely be added to group chats for reasons entirely outside of Apple's control".
The bubble color isn't the problem. The problem is, as you somewhat allude to, inseparable from the fact that there is a way to tell the difference between People Using iMessage on Apple Messages and People Using SMS.
The full app, Beeper Cloud, has a bunch of clients built in, that they'll be adding to this (as said in the link). This isn't just iMessage support, it's (eventually) multi-client.
Over time, we will be adding all networks that Beeper supports into Beeper Mini, including SMS/RCS, WhatsApp, Messenger, Signal, Telegram, Instagram, Twitter, Slack, Discord, Google Chat and Linkedin.
SMS that just worked, with graceful fallback to SMS
I’ve never seen it fall back gracefully. My experience is that there are missing messages, unsent messages and confusing group threads.
I’m not in the US and am in New Zealand which may or may not be relevant.
It seems that at least the push notification registration part uses a "leaked/extracted" FairPlay private key [1]. As far as I understand, FairPlay certificates/keys should be unique to each iDevice. Couldn't Apple trivially ban all subscriptions originating from this fake device? The comment says you know how to generate more; does Beeper Mini generate one for each install? Why would Apple believe those certificates are authentic?
P.S.: the source repo mentioned in the comment (https://github.com/MiUnlockCode/albertsimlockapple) is 404.
[1] https://github.com/JJTech0130/pypush/blob/main/albert.py#L16
Snazzy Labs did an overview video [1] about this implementation. According to them, reusing a specific hardware token is such s common practice that Apple would need to "redesign their entire authentication and delivery strategy" to mitigate this problem. I guess we'll see how this statement holds up in the coming weeks/months.
We're talking about a company that changes CPU architectures for their ecosystem every few years, completely seamlessly. If redesigning their entire authentication and delivery strategy is what it will take to mitigate this problem, Apple will do it.
What problem? Increased compatibility?
From Apple's perspective, yes. Social pressure to buy Apple devices to use Apple's messaging app is part of Apple's marketing strategy.
Apple also claims that blocking devices by serial number or similar unique hardware identifiers is a key part of its anti-spam strategy. If true, an end-run around that will likely create problems for users as well.
Isn't apple implementing full RCS support next year?
There is no encryption in the RCS standard, so of course no encryption.
The current state of affairs re encryption is an accident of history that I would bet doesn’t last much longer once Apple gets formally involved.
“Apple says it won't be supporting any proprietary extensions that seek to add encryption on top of RCS and hopes, instead, to work with the GSM Association to add encryption to the standard.”
https://www.techradar.com/phones/iphone/breaking-apple-will-...
Not encryption, apparently. And the blue iMessage bubbles indicate encryption, so RCS bubbles will be green.
I think so, but something makes me think they're not going to do it in a way that gives RCS users full parity with iMessage users.
The creator of this is screwing things up for everyone. If it was an obscure, open source project Apple would probably let it slide and we’d be able to enjoy this indefinitely. This has been the case for Hackintosh stuff and the like.
But no, the author had to make a dumb, flashy looking website that looks like they’re advertising a product built around reverse engineered Apple tech. I bet they get a Cease and Desist by the end of the week and the hole is patched shortly after.
One man's increased compatibility is another's security vulnerability.
Bridging the blue bubble moat.
Apple has control issues. If they don't control it or at least sign off on it, they want it to be incompatible with their hardware.
Hell, they don't even allow alternative browsers on their iOS devices. All the non-Safari browsers are just Safari in a (Chrome, Firefox, etc) skin
This didn’t really say much. Apple definitely knows about Hackintosh users, they mostly just don’t care. The question is whether they will actually do something if made to care.
This is too high profile. Apple is absolutely, 100% going to kill this and it’s gonna screw this over for those of us who leverage iMessage in Hackintosh environments.
It's been around for ages, and Apple has taken no action so far.
It has never been this easy and it has never been behind a subscription fee.
Yes it has... Beeper, before Beeper Mini.
Using the aforementioned Mac Mini server farm method.
Apple may be reluctant to kill this exactly because it is high profile, given the current anti-trust investigations.
You might be right, but if ever there was a regulatory environment under which Apple would think twice, this might be it.
They 'don't care' because they know that the M series processors were coming and now there is a built in death counter coming for Hackintoshes...the day they drop Intel support.
June 5, 2028: Intel hardware will reach "vintage" status after having been discontinued five years prior, ending most of Apple's service and parts support for Intel hardware.
June 5, 2030: Intel hardware will reach "obsolete" status after having been discontinued seven years prior, ending all of Apple's service and parts support for Intel hardware.
They 'don't care' because they know that the M series processors were coming and now there is a built in death counter coming for Hackintoshes
No, they don't care because they don't think about it at all. Hackintosh's numbers never mattered, it's always been too onerous to maintain even when it was at its easiest.
Does this look like the same file from the deleted repo? https://github.com/rdxunlock/albertsimlockapple/blob/main/AL...
I'd love to see an open source version of Beeper with no analytics. I'd be happy to host my own notification server.
Beeper already advertises the self-hosting route: https://github.com/beeper/self-host
I hope they open source their client app or at least makes it possible to connect to other matrix server. For me, their client app is the best matrix client in terms of UI.
The python library they provide should be a good start at least: https://github.com/JJTech0130/pypush
Looks like it's this?
https://github.com/xxCabin/albertsimlockapple/blob/main/ALBE...
This also seems related:
https://github.com/unicode99/MiUnlock/blob/main/activator.ph...
This is a wonderful project. It highlights how silly Apple is. For those defending the existence of green bubbles, why don’t we swap blue with green then? Would you be okay with all your iMessages in that ugly green while your SMSes with Android friends are in calming blue?
I am typing this on an iPhone 15 pro max and I have several MacBook pros (M3 Max on the way) and everyone in my family has their own iPad.
I hate that Apple has created this thing where some folks ostracize others because they can taint your group chat with ugly green.
SMS messages on iOS have always been green. iMessage was released four years after the original iPhone.
People keep telling me this as an excuse but the original color scheme was more pleasing to the eye. The current color scheme is painful to the eyes. I know because I see the ugly green bubbles on my messages app on my iPhone. I also have an iPhone 3 in a drawer that sadly no longer works.
You know you wouldn’t want to swap the green and blue bubbles.
It's 2023, why can't the iMessage app allow some user preferences. Christ.
Apple.
I run dual sim, so my other number is not enrolled in iMessage and is all green. I don’t care and imagine most people don’t. It’s a neutral, normal, natural green color.
I’m glad the white text on green is neutral and pleasing to your eyes.
I wish I could change just that one color in my iMessage app without messing up the rest of my iOS color scheme.
Instant messages on the Mac were the same green for a decade before that.
They used to be black-on-green, now they are white-on-green. iMessage also used to be black-on-blue, see the announcement at https://www.youtube.com/watch?v=NrBIgjodpFs
It's not the "ugly green bubble" that people hate, and ostracize others because of. It's the limitations of SMS messages coming into an iMessage group chat that can mess up the whole experience. Media is crappy, group messages don't work well, it's not encrypted. That said, It doesn't justify people being jerks about it. And yes, if the colors got swapped it would turn out the same - nobody cares about the color. I grant that the blues chosen probably have a branding and emotional draw to them, but this is seriously not about the color of the bubble.
That's not entirely true. By one metric, at least, the green bubble is "uglier" - https://uxdesign.cc/how-apple-makes-you-think-green-bubbles-...
Thank you.
Old school iOS SMS used black text which was much more readable.
It’s as if I’m writing with yellow highlighter on white paper. Painful.
Worse, it changes the color of (gasp) the iPhone owner’s outgoing messages. So as an android user, you’re messing up MY texts and ruining MY perception of myself. Ugh.
Yes, humans are stupid. But it would be nice if Apple let me customize the colors in my app. I did just pay them over $2K for new phones for my wife and me.
Normal people choose an app that works for everyone. If they can’t be bothered to switch to something, like Telegram, or Whatsapp, or Discord, or Line or Signal, or… is because they value your companionship not worth the bother.
So buy an iphone to fit in, or respect yourself a bit more and move on and find a better group to interact with.
I think we started using WhatsApp for our family communication because my wife (the only Android user) _hates_ group messages. She hates them because the SMS experience has been so crappy in a mixed environment, but iOS users (my mom, our exchange students, our nanny) default to it in messages because it’s so easy otherwise .
I swear my 75 year old mom doesn’t care about the limitations of SMS. White text on a bright green background is tough to read and straining on the eyes. Luckily it is only her own texts that are colored that way (even though she is on iPhone).
We switched to using FB messenger because it’s easier to use and read for everyone in our family.
Absolutely lqughing at anyone who thinks the particular colors matter. Ugly green? Calming blue?
The specific color does not matter, the only thing that matters is that they are differentiated for the Star-Belly Sneetches hadbellies with stars and the Plain-Belly Sneetches had none upon thars...
The color kind of does matter, it pains me to read white on light green.
Actually the green is far less saturated, making it less contrasting with the white text, making it look much worse.
fantastic reference
Who cares what the color is? One message type is E2E encrypted over Apple's infrastructure, and you can message while not on cell. The other is not E2E and may have carrier billing and whatever other restrictions on it.
XMPP/Pidgin coming back!
I'm so glad I don't have friends who give a darn what color my texts show up in - or the ones who do, are using customizable SMS clients on Android/Linux phones/who-cares-what.
iOS makes culture wars where there is no need to have one, for people too immature to have better things to worry about.
A moment where we can all learn from those with blue/green color vision deficiency. Who sees the world more accurately in this context?
It's really impressive that a high school student [1] has managed to reverse engineer iMessage. What I'm wondering is:
1. How stable is it; would it be trivial for Apple to patch this?
2. If it's as simple as reverse engineering the protocols, how has it taken this long?
Its more a commentary on how amateur it is in my respectful view. iMessage is a fundamentally unserious "product" in search of enough collateral flaws to harm those foolish enough to depend on it for anything.
How so? Other than the security issues that get exploited by NSO group from time to time (that appear to be mitigated fairly well by lockdown mode if that's something that's important to you) or the obvious flaw that you can't talk to anyone that doesn't have an iPhone it seems to be a perfectly good platform. The alternatives either have worse encryption (Telegram, RCS), worse privacy (WhatsApp), or the same platform lock-in as iMessage (Google's RCS).
iMessage is the LastPass of messaging apps. This has been endlessly discussed and I want people to use their curiosity to help direct them to why I would comment in this way. In practice (not whitepaper or the ideal implementation), it is no more secure than sms (actually worse)
This is absolutely not true. iMessage is a full E2E implementation; it’s nothing like SMS.
"E2E" is a joke when Apple holds the encryption keys to the vast majority of all messages, and uses them to respond to law enforcement requests. (It's how iCloud backup works by default and we know people don't change defaults. This is documented by Apple, not a conspiracy theory.)
It’s still a substantial upgrade over SMS or unencrypted (non-Google) RCS, where anybody can snoop on conversations with little effort.
Last time I checked, everyone knows SMS is cleartext and can't take over your phone in the profound way built-in 1st party apps/services you emphatically cannot remove (only toggle) can seize the means of production so to speak.
“Everyone” may be overly broad… just about everybody with any technical inclination knows yes, but for many years now the overwhelming majority of smartphone users have not been particularly technically inclined, and as such I would not expect most of them to be aware of the security and privacy implications that come with use of the various messaging services.
With that in mind, I’d say that most messaging apps don’t go far enough to make that distinction clear. Any app handling SMS or any other unencrypted messages should have ever-present, readily visible warnings when conversations aren’t encrypted.
Didn't mean to sound so bratty, I just get frustrated by this topic. My apologies if I was a bit testy. I just mean that iMessage is extremely misleading and overly-technical in what it takes to truly have a chance at making it secure and private to the extent it extolls itself.
This shit matters now that people aren't able to receive proper reproductive care and education and other grey areas where Apple is setting its users and itself up for terrible and unjust outcomes that depend on everyone but Apple having flawed/imperfect information and Apple pretending 'Saul Goodman...
It's how iCloud backup works by default and we know people don't change defaults
Are you referred to Advanced Data Protection being opt-in?
If I'm using ADP then these concerns are moot, right?
Not unless everyone you talk to also has ADP enabled.
Thats a Bingo!
No, when you sign into iCloud/your account in Settings, it sets a bunch of insane defaults like iMessage and Facetime and every app you add is opt-out for iCloud storage. Defaults are end-runs around true explicit and informed consent and open people to implications they didn't knowingly understand
Ok, but you can change yours, yes? Just like Signal isn’t installed by default on your phone and if you want what it offers you can use it.
But unless everyone you talk to also changes it then Apple still holds the keys to your conversations. If you care, it is best to avoid software with bad security defaults altogether.
Bingo
I'm curious how Apple implements Keychain in the sense that they claim it is also e2ee but they also use e2ee for ADP and its absolutely not (or at least not zero knowledge), rather it is convergent encryption which is not zero-knowledge and also allows for knowledge of filenames and hashes cuz "de-dupe" is so important for people with TB of cloud storage at the expense of their privacy.
Pretty sure they use a different implementation, iCloud Keychain long predates Advanced Data Protection.
The joke will be when they increase iMessage security to prevent these solutions from working well ;)
That's the thing tho: it will never be secure because its the skeleton key. It was never truly intended to be secure. Same reason why only WebKit's allowed on all billion+ iPhones. Access is only guranteed if its monocultural.
the obvious flaw that you can't talk to anyone that doesn't have an iPhone
That's because iMessage is a first and foremost a marketing tool that Apple compels users to rely on.
Do you somehow think complexity is the opposite of amateur - that is, complex = professional?
Because I have bad news for you. If iMessage is simple that means literally the opposite of what you think it means.
The unfortunately fatalist question to ask is... how long until Apple shuts it down?
I give it a week, tops. The next iOS update at the latest.
Right. What is stopping Apple from requiring a valid unique device key with every request now?
Old hardware that doesn't have it. Are they gonna ban my iMac from 2009 that was before iMessage was a thing?
Yes, they are. You already don't get OS updates.
No they aren't. My iMessage still works, and so will other devices that had iMessage.
Ask someone with 32-bit Mac apps about Apple’s willingness to leave parts of their userbase behind.
They still work. Apple doesn't stop services from working or programs from functioning.
just because it works now doesn't mean it will tomorrow. You're on officially unsupported hardware / os version.
They’re gonna break iMessage for the ~50% of population not on the latest version of iOS next week?
...They obviously would do it in a way that doesn't do that? Do you think this company can outsmart them in the long-run?
This is a replay of the Messenger Wars. Yahoo IM, AIM, ICQ, etc played a game of cat and mouse with clients that wanted to get all of the messengers in one spot.
Besides being allegedly hard to shut down without breaking iPhones, there's also this statement given to Ars Technica:
Migicovsky had a few different answers. The broadest one, regarding the tech behind the app, is that reverse-engineering for interoperability is legal—a fair use exemption to the Digital Millennium Copyright Act's restrictions against circumventing encryption or other protections. The app also goes out of its way to avoid trademarks like iMessage, referring instead to "blue bubbles" and the like, and the rest might be considered nominative fair use.
https://arstechnica.com/gadgets/2023/12/beeper-mini-on-andro...
I’m curious to know if this tech requires spoofing an iPhone or otherwise falsely representing to Apple’s servers that the Android device is an iPhone. If so, I would be looking at the CFAA more than the DMCA.
Van Buren protects it from CFAA.
The only avenue that is untested is based on Terms of Service.
I did a OSS WhatsApp reverse engineering project and got a C&D from 800 billion dollar Meta's lawyers all based on violation of their Terms of Service.
As far as I'm aware, there's no precedent for interop against ToS.
Way outside my area of experience, but Van Buren itself doesn’t appear to address this issue. I was thinking more in terms of Apple framing a claim based on access through an act of fraud.
I've been told by a C-level exec at a similar company (but relating to banking) that citing Van Buren against CFAA claims gets the claimant's lawyers to back all the way off.
It's legal. But it doesn't mean that Apple has to quietly allow it.
What is maybe more relevant is the EU talking about forcing federation. If Apple lets this live it may give them more bargaining power in those discussions. If they shut it down thatay throw jet fuel on the fire.
Or it may lose them bargaining power. This is a very real technical proof of concept, and deprives Apple of one fewer claim that opening up is a technical challenge.
Apple can easily argue that this implementation violates their security controls and doesn't count as a PoC. As soon as the last iphone without a secure enclave loses support, they can flip the switch and kill Beeper('s iMessage service) instantly
Seems like the local implementation may be durable, but the system for backend polling (BPN) they built appears to ping Apple servers server side. I imagine that creates a block of homogeneous traffic for Apple to spot.
That's what I'm curious about too.
If it does manage to do a good job imitating what an actual iPhone would do though - is there any way Apple even could shut it down without breaking iMessage on old iPhones or forcing people to update?
OK, took a while to figure out what it is, as I barely know anyone using iphone. Though it's not for me, BUT if they deliver this:
Over time, we will be adding all networks that Beeper supports into Beeper Mini, including SMS/RCS, WhatsApp, Messenger, Signal, Telegram, Instagram, Twitter, Slack, Discord, Google Chat and Linkedin. We'll also bring Beeper Mini to desktop and iOS.
I'm interested, even if it's paid. I'd love to have most of those apps gone and use a cleaner one.
Is this some sort of new mobile Adium?
Trillian
EveryBuddy
Pidgin
Gaim
Not sure what EveryBuddy is. Trillian was a multi-protocol chat client from 2000 [0] named after Trillian [1] from 1979.
ah didn't realize it had gone away. its successor appears to be [0]
now I'm reliving the chaos of the late-00s/early-10s instant messaging apocalypse when AOL sunsetted AIM. Clients like Trillian were absolutely necessary before AIM shut down. Everybuddy was a good linux-friendly client. When I still spent time on IRC, I really really liked Bitlbee [1] with ERC [2]. Gaim was one of the first open-source projects I ever contributed to.
(I'm not saying that there's a connection there, but rather that all the chat protocols started getting used less around the same time for the same reason, which was smartphones becoming commonplace in late-00s.)
Happy Beeper customer and original poster here to tell you: Beeper Cloud is already out there and works really well! It's also free, though you'll have to get through the waitlist somehow. It doesn't perfectly replace every app just yet but it covers the most important functionality extremely well. And it's available on mobile as well as desktop devices.
Do you mind giving me a referral for Beeper?
Here you go - refer.beeper.com/39gJJ0
Possible to generate another ? Says invalid code
Edit: I mean a code for Beeper Mini on Android - not desktop
Says invalid code
Well yeah it was already used and you came 3 hours after the fact.
IIRC, though, Beeper Cloud does not come with end-to-end encryption on messaging services that usually have that feature through their regular app. Messages are encrypted between your device and Beeper's servers, and between Beeper's servers and the other end of the conversation, but the Beeper folks can still read your messages if they want.
(Please correct me if I'm wrong; the architecture of their product is pretty confusing.)
as I barely know anyone using iphone.
where are you located?
I'm from the Netherlands and I know plenty of people who have iPhones but I also know (and am) plenty people with androids. People use either WhatsApp or Telegram. Isn't iMessage just texting within a walled garden?
The situation is very different in the US, primarily because in other countries SMS fees tended to be really high a decade and change ago, and thus drove users to WhatsApp, but in the US most carriers had adopted some form of unlimited texting shortly after the iPhone first came out.
Thus, for many socio-economic groups, iPhone is definitely king in the US, and for them iMessage is just the default way to message people because when it was introduced it was the default way to use SMS on iPhone. A restaurant in Texas famous for their funny signs put this out, https://twitter.com/ElArroyo_ATX/status/1693316647677825160 , and tons of people (myself included) could immediately relate.
Poland. I know a few apple fanboys but those aren't people I communicate with outside of work. Just not my bubble.
It's actually weird and silly when they send me text messages and somehow I end up in the same conversation multiple times - like once 1:1, once in a group chat with myself included twice or more (as a number, as an email, as a second number). It's a bizarre experience and usually iPhone user can't see anything wrong :D
Ive tried the legacy version to consolidate Signal, Whatsapp, etc and you can't send/receive calls, only messages. It's very much still a work in progress
Beeper is a really cool idea by some cool people (people behind the Pebble smartwatch) but I've resisted using it for fear of bans. I don't want my Slack/Discord/Instagram/AppleId/etc to get banned for using something not allowed under the terms of service. How are people who use Beeper dealing with this? Are you just using dummy/test accounts that you don't care about or are you just rolling the dice.
I would like to live in a world where I could use Beeper without worry but I don't feel like we currently live in that world. Am I wrong?
If you have an Apple account, why are you even using Beeper? I guess it might have some advantages for convenience (multiplexing chat apps), but is that the main selling point right now? I'd imagine the target market is Android users who want to talk to people on Apple Messages. So they can just create a new Apple account, right? (Isn't that kinda hard anyway, though? You need to tie it to billing, etc.) And if that gets banned, who cares? It's not like they were using it for anything else anyway.
I sit in front of my work laptop which is signed into my work apple account. My iPhone is signed into my personal Apple account. I cannot iMessage from the keyboard because they won't play together. I've been using Cloud Beeper since early summer, and it makes the two apple systems play nice together. I also have a Windows machine signed in to it, but that's a nice to have.
Wait, how does this work? Is it using Handoff and sending from your phone, or Beeper is just a GUI and you've extracted a token from your personal phone to use with Beeper on your work device?
Btw, this is mostly unrelated, but do you work for a large company? I'd assume most security teams would have a problem with a setup like this.
Neither. Their cloud server is a farm of Mac Minis or similar. Then Beeper Cloud is basically a proxy from the app to that data center.
Ah I see. I thought I remembered reading about that on Twitter (in the context of people criticizing it as false advertising). So basically this Beeper mini is the "proper" implementation of full e2e encryption, while the cloud service was the bridge to get them here?
That's my understanding, yeah. I don't love my apple ID being signed into a box I can't access, so would love to see THIS service go cross platform.
I'm more interested in the multiplexing aspect, yes I'm iOS/macOS so I don't care about the iMessage aspect alone though I'd love to pull all my chats into 1 extendable app.
An Apple account isn't particularly useful for messaging without an Apple device to message people with.
Since they've been on waitlist-mode for several years, it's not currently easy to try out in any case.
Invite: https://refer.beeper.com/7Wh0gt
Says invalid - maybe used already ?
They’ve opened invites from existing users
Beeper mini does not require an apple account so there's not much harm Apple can do
I’ve been using Beeper as my main chat client for multiple years and haven’t had any issues with account blocks or bans on any of their supported platforms. I have Discord, Signal, WhatsApp, iMessage, and LinkedIn connected. There are technical issues at times but they are well communicated and usually resolved pretty quickly.
I would like to live in a world where I could use Beeper without worry but I don't feel like we currently live in that world. Am I wrong?
I've been using Beeper for close to six months, and it's been a dream.
I've used Beeper for about a year with Facebook, Signal, Instagram, Twitter, LinkedIn, and iMessage. Instagram signs me out once a month or so for security suspicions, but I just reconfirm my account with 2FA. Other than that, no issues.
Dang, I support your efforts but I just don't have any incentive to pay for a texting app. Normal texting and WhatsApp and discord and Instagram and tiktok messages etc etc are all free. So I just don't really have a reason to subscribe to this.
I recently paid >$1000 for the privilege of access to iMessage when switching from Android to iPhone. I'd have been _much_ happier staying on my preferred operating system and paying $24/yr.
(iMessage has, for me, actually been worth it - but still, I frequently find myself wishing that something like Beeper Mini existed so I could go back to android).
What do you prefer about Android?
Long list, I've been meaning to write a blog post.
Would be very interested in seeing the list of things that you feel _aren't_ possible on iOS and aren't things I'd consider extremely "niche" or purely "cosmetic". (Sadly, I'll probably never know if you ever write such a blog post...)
Affordability.
How about not being in a walled garden and actually having access to your device?
You switched from Android _just_ for iMessage? Why on earth for? Could you elaborate?
it's very hard to socialize with non-techies in the US without it. you miss so much.
I did as well. Because there are group chats I need to be in that I can only access if I have iMessage
I can't convince dozens of people in the groups to go sign up for signal just to accommodate me
Normal texting and WhatsApp and discord and Instagram and tiktok messages etc etc are all free.
This product is not for you. I don't know where you're commenting from, but I'm guessing it's not from the US. Using WhatsApp or Discord or Instagram or TikTok messages only have value because the people you want to talk to use them. In the US, iMessage is by far the dominant messaging service for iPhone users, and iPhones dominate certain socioeconomic groups. This situation sucks, but there are lots of Android users who get extremely frustrated when a large group of their friends are on iPhones, to the point it can be socially isolating when you're "the odd man out" in a group chat (and it's not the whole green/blue bubbles the media likes to talk about, it's that interoperability between iMessage and other clients sucks and breaks many features).
This is a great option for US Android users who want to be able to better communicate with their friends that have iPhones.
In Hong Kong everyone has an iphone but everyone uses Whatsapp. I'm so surprised iMessage is even used at all, we all consider it a gimmick here, like, Whatsapp and Telegram are so great at their respective subset of features and WeChat does the rest.
I am in the US and have been here my whole life. My entire extended social circle uses whatsapp. I realize that is the minority but it does exist.
Their older app, Beeper Cloud, is free anyhow.
Yeah, the cost is a bummer but if I look at it as spending $2 a month to avoid buying an iPhone, it's worth it.
There really is no free lunch.
// insert some clever "you are the product" here.
Did you get permission from Apple to connect to their servers? Google Play does not allow apps to connect to 3rd party APIs without consent.
The relevant policy can be found at: https://support.google.com/googleplay/android-developer/answ...
"We don’t allow apps that interfere with, disrupt, damage, or access in an unauthorized manner the user’s device, other devices or computers, servers, networks, application programming interfaces (APIs), or services, including but not limited to other apps on the device, any Google service, or an authorized carrier’s network."
From what I understand your app connects to APNS without permission from Apple.
I have personally had my Google Play Developer account banned for making an app that connected to a 3rd party service
Is this specifically unauthorized, though? The user is permitted to use Apple's services, and Apple has, as far as I know, not announced that third party apps may not use their services.
Even Signal pitches a fit if you use a third-party app with their servers. It's a common (and unfortunate) practice.
what does this mean? plenty of 3rd party signal clients exist (flare being a well-known one); signal explicitly factored out a libsignal presumably to _encourage_ this.
i’ve run multiple 3rd-party signal clients, even alongside the official apps, and never seen any problems or warnings.
what does this mean?
Moxie (Signal's founder) has thrown fits in the past over the existence of third-party clients using their servers: https://github.com/libresignal/libresignal/issues/37#issueco...
By calling that a “fit” it sounds like you’ve an axe to grind.
That was pretty damn polite for a heated mailing list discussion.
I use my own personal fork of the official Signal app (I absolutely despise the idea of going back to having a separate SMS app), so I do. Sort of.
It's a common (and unfortunate) practice.
It would be nice if third party clients were allowed to connect, but it's totally understandable if they don't want to allow it. Servers cost money, and misbehaving client apps that you have no control over sound like a pain in the ass.
If Apple files a complaint with Google it will definitely get taken down under this clause, so I think the only way it will stay up is if Apple doesn’t care.
With the trouble Apple goes through to ensure you are accessing APNS from an Apple device including obfuscating the signing algorithm and requiring unique hardware identifiers I think it’s safe to assume they don’t want 3rd parties accessing their services.
I have personally had my Google Play Developer account banned for making an app that connected to a 3rd party service.
Well what did it do with the service?
I had app that connected to the Snapchat API and let you upload photos with custom effects and photos from your photo album before that was a feature (not sure if it is today, I don't use Snapchat)
I'm surprised Apple hasn't cut them off yet. They must not be able to for some legacy reason. I suspect the only way to cut them off would be to cut off all the older phones like iPhone 3GS as well.
the iMessage protocol and encryption have been reverse engineered by jjtech, a security researcher. Leveraging this research, Beeper Mini implements the iMessage protocol locally within the app. All messages are sent and received by Beeper Mini Android app directly to Apple’s servers. The encryption keys needed to encrypt these messages never leave your phone. Neither Beeper, Apple, nor anyone except the intended recipients can read your messages or attachments. Beeper does not have access to your Apple credentials.
We built Beeper Mini by analyzing the traffic sent between the native iMessage app and Apple’s servers, and rebuilding our own app that sends the same requests and understands the same responses.
Isnt Apple adopting RCS and won't that solve the green / blue bubble issue?
Personally if it's a business / marketing advantage unless their hand is forced for business reasons they should never change it.
Green/blue bubble is about the prior probabilities people use to make assumptions about others. E.g., if you use Android/iPhone, there is a prior probability of x% of being y type of person.
WhatsApp/Signal have been available for a long time for anyone that has wanted group chats with modern capabilities.
Whatsapp and signal don't load messages that were sent before joining a channel, a modern feature that slack has had since launch.
I would not expect/want that behavior from a chat app. If I was having a conversation with 3 people, and then a 4th person walked up and joined the conversation, I expect them to not be privy to anything discussed prior to them joining.
A “channel” that shows all participants the entire history seems more like a private forum thread than a “chat”, and should probably be distinguished separately.
Whatever you want to call it, if we're having a conversation, say, planning a birthday party for Bob, and we forgot to invite Alice to the conversation, through the magic of computers, instead of us having to start the conversation from the beginning again when every new person joins, they can just read the scroll back.
If you're the type of person having conversations about people that you wouldn't want them to hear, maybe you shouldn't be having them?
I understand the pros and cons, I just think there should be a clear demarcation of which is which. I can see a chat app deciding to keep this feature out if they think it would make the app too confusing for its audience.
WhatsApp/Signal involve other people you want to communicate with having those apps, which is fairly unlikely in the US (at least outside of tech/international social groups). Only chat apps out here you can count on are facebook messenger, sms/rcs, groupme, or imessage. iMessage is probably the best of these.
I have directly asked many relatives/friends in their 20s/30s, and they have told me they would assume an Android user has a higher likelihood of being “weird”.
The barrier to entry to installing WhatsApp or Signal is near zero, just a minute of one’s time. And given that most everyone is using Meta’s other apps anyway, the privacy costs are moot. In fact, all of the people I asked have WhatsApp already, but mostly to remain in legacy group chats with older family.
Also in many countries Android is a sign of your social/economic class as many such headsets are super inexpensive compared to an iPhone.
If Apple started a new color "purple," that indicates sent via iPhone 15 Max well then that would be a further marketing boost for the multiple millions of ppl who care about social class & flaunt it. Apple overall is a luxury brand another one of their marketing strategies.
Apple is adopting RCS, and no, that won't solve the green/blue bubble issue. They'll still distinguish RCS and SMS from iMessage.
iMessage is Apple's value-add and has its own app ecosystem, apparently/allegedly true E2E.
*> Personally if it's a business / marketing advantage unless their hand is forced for business reasons they should never change it.*
To the vast majority of people though it will solve the problem. Android to iPhone communication will be close enough to the iMessage experience.
Yeah, maybe it will make some improvement for Android people, who are the majority of the mobile market.
For iPhone users, they'll still be some non-blue bubble people who lack the E2E[1] and tight iMessage app integrations that are popular among iPhone users these days. At least until governments possibly intervene.
1. E2E insofar as not carrier-accessible (unlike RCS), which is a bit of a hot button issue in the US, post-Snowden/PRISM. If carriers have access to RCS payloads or even metadata, they will most definitely harvest it for marketing purposes, as well as ship it off to the US government.
I just downloaded it, and can't get past the landing/sign-in page: "Google sign in error.null"
Unfortunately, signing in with Google is the only option.
For some reason this security setting was turned off on my account even though I don't remember turning it off and use sign in with Google in other places.
https://help.beeper.com/en_US/beeper-mini/beeper-mini-how-to...
Note that if you have added more than one Google account to your phone, this setting must be enabled for ALL accounts (not just the one you intend to use to activate Beeper Mini) or the "null" error will appear.
Unfortunately, I'm still getting the error even after switching this on.
Thanks! I was having this issue as well.
Me too but I have no Google account logged in on my phone. Google shouldn't be the only login option though. Why always the push to give up privacy??
Same as above. Pixel 5, running Android 14. (Edit: the help link provided did not help, as the toggle was already on)
Same. Activated Google Account sign-in prompts and the error still appears.
Same. Wanted to sign up immediately but couldn't on a de-googled Pixel.
Very interesting. I was under the impression that Apple used hardware keys to validate iMessage accounts. But it seems that this is able to talk directly to Apple without and Apple hardware? In the post it just says that you need to send and receive a SMS to register.
I would have also made that assumption, but I have to admit I'm not surprised it doesn't. IIRC, iMessage was introduced with iOS 5, which supported iPhone 3GS. The secure enclave didn't show up until iPhone 5S which shipped with iOS 7.
ah interesting, so Beeper's days may be numbered by when Apple drops support for older devices. But if they can grow quick enough then they'll have enough users that Apple can't quietly nail them and stuff their body into a dumpster.
Perhaps. They didn't start including the SE with Macs until the first TouchBar Mac in 2016. So there are many millions of non-SE devices in use right now. Of course, Apple could still decide to unilaterally drop support for iMessage on older devices, but doing that risks pissing off and probably losing for life tens of millions of users to prevent, let's be realistic, several hundred thousand users (this is a paid app, this isn't free) from using iMessage on Android using this method.
I wouldn't put it past Apple and other reverse-engineering routes might have to be taken but I don't think this is as easy of a "Apple will instantly shut this down" scenario as many others seem to.
If it realistically stayed with just several hundred thousand users, I would agree.
My suspicion though is that there will now be a rush of apps doing imessage on android or windows etc, and probably also spam on iMessage will go up which might stoke the fire a bit.
I guess we'll see what happens!
Blocking it might be a cat-and-mouse thing that works with heuristics, which would of course be unreliable in both directions.
Old Macs didn't have a secure enclave so I assume this is using an old version of the protocol that was used in those days.
In the related pypush repo it mentions something about hardware serial numbers used in rate-limiting, etc. So I guess they do something?
But yes, I was expecting it to be based on some kind of hardware root of trust certificate system that comes from deep within the hardware and secure enclaves!
https://blog.beeper.com/p/how-beeper-mini-works
SMS access is used to send an SMS text message from your number to Apple’s “Gateway” service. The gateway sends a response via SMS, and the contents from that SMS response are sent to Apple to register your phone number as a blue bubble. Your SMS chat history is also used to determine if any of your recent SMS chats were with people who have iPhones. If so, these chats are shown in the inbox.
Does this mean that Apple is sent the phone number of every person you have ever sent or received an SMS with?
Very cool program, by the way. It’s refreshing to see a company take privacy seriously.
seems likely? or atleast a hash of it.
A hash of a phone number would be trivial to brute force.
Hmm, could it be salted somehow?
Not sure why downvoted, this is a reasonable question.
No, even a gigantic salt wouldn't help because the input data is too low entropy - only 10 digits that are 0-9. Salts are only helpful to prevent rainbow table attacks by making the size of the pre-computed output space too large to fit on a drive.
The salt has to be stored in plain text in order for the verifying algorithm to compute the hash of the input and compare it, so if you have the hash you also have the salt and can brute-force old school and crack all of them in short order.
That makes sense. Thanks.
Beeper Mini checks only the last 50 contacts and determines if any are on iMessage.
Thanks for answering. Any plans to make the check optional? Some people may not want to send that info to Apple.
Recently I got a spam iMessage from a sort of empty contact. There was no number, no email address. I thought this was impossible, that there had to some kind of ID connected.
Can someone explain what's going on?
I just got some iMessage spam yesterday. Now I know why.
This jailbreak will make it less likely for someone to be able to trust iMessage.
iMessage spam has been a thing for months, and if these guys could reverse-engineer iMessage, so can criminals.
But why can you register an iMessage account with no email and no phone number? It doesn’t make any sense to me. Signal avoided that and that protocol is documented.
You can't. Either it sends an SMS to an Apple server, or you need to sign in with your Apple account.
So how could I get an iMessage spam with no sender...
and that's exactly the justification Apple needs to squash this. I'm not saying you're wrong (you're not), just that I'm pessimistic on this project's future.
Well, is it related to this jailbreak or not? I guess it might very well be, but I’m sure. Are you going to force me to read the article?! :-)
I was added to a waitlist, despite their blog post saying there's none. Is anyone else dealing with this?
I'm on the wait list for Beeper, except sometimes when I check my position I've actually gone further back in line somehow.
I can invite you if you want. I just need a platform to send you a message on then I can do it through the app.
Thanks, that'd be awesome. If email works you can use my username @gmail.com
I messaged you but you might be able to use this link http://refer.beeper.com/YTRsJd
Are you on Google chat? It says not found
You may have used the wrong link, this is the correct one: https://play.google.com/store/apps/details?id=com.beeper.ima
Whenever this issue of iMessage crops up on HN, I’ve come to expect the usual points from both sides. However, the one thing that’s never addressed is the “why” of it all. For a group that ostensibly values openness and interoperability, why spend so much effort and energy to climb into a walled garden?
Blue-bubble envy is real. I myself am a green-bubbler but every once in awhile I feel this tinge of "otherness" when I see "Loved an image" in the group chat.
it's location tracking and sending money that you don't feel.
Because half our friends/family/etc own an iPhone and they either use iMessage or WhatsApp, and neither is acceptable for the likes of me. And since they don't 'stoop' to the level of Signal, we can 'stoop' to the level of iMessage (but definitely not WhatsApp).
Whats wrong with WhatsApp?
To pry a closed system open and force it to interoperate. Climbing into a walled garden and breaking down one of the walls.
Receiving videos which aren't crunched down to 320x240 resolution would be nice.
Beeper was made by the pebble dev. Eric should have read the goal by Eli goldratt, it's a case study of TOC. I still love my slides of time.
Pebble: https://en.m.wikipedia.org/wiki/Pebble_(watch)
https://www.kickstarter.com/projects/getpebble/pebble-time-a...
What's Pebble? It's mentioned on the Beeper home page too with no context as though everyone should know what it is, sadly I don't.
One of the original smartwatches, if not the original:
https://www.kickstarter.com/projects/getpebble/pebble-e-pape...
(At least I think that's what the word salad of parent is referring to.)
I would name Seiko Data-2000 the original, some 28 years earlier. Even if you'd like something more modern-looking the list still has IBM Linux Watch and Samsung SPH-WP10 and others before.
Thanks. I had one of those and quite liked it.
For anyone confused, "TOC" refers to "theory of constraints":
https://en.wikipedia.org/wiki/Theory_of_constraints
I also enjoyed The Goal and found it helpful for my manufacturing business, although I'm having trouble understanding how it connects to this blog post.
It doesn't do with this post. It has to do with pebble. They overproduced and were too carried away with efficient over production and (probably) had warehouses full of pebbles. For years after you could get a new in box one for $40 or $99 at retail when it was supposed to be $200 or so.
Can I make this work with my Google Voice number?
Same question. No RCS, no iMessage... Us few Google Voice users have been forgotten by Google. I live in constant fear that the service will be "spring cleaned".
Yeah I'm too far commmitted. I hope they'll let us buy the number off them
But my theory is that too many google execs use it so it'll hurt them too if it gets canned. They did update the app semi recently
My main glimmer of hope is that Google has started selling Voice as a hosted VoIP enterprise solution[1] recently, showing that they are doing _something_ with the technology... even if the consumer offering is languishing.
You know, if Apple wanted to be really snarky, they could run some of those "Make Apple support RCS" ads, except with Google Voice.
They started working on a bridge. I have endlessly begged them to make one.
https://github.com/beeper/googlevoice
If I knew Go I would roll up my shelves and work on this myself.
How does the generation of validation data for registration work? As far as I understand, this requires details from an actual Apple device (serial number, model, etc.)
jjtech covered this in pypush: hhttps://github.com/JJTech0130/pypush#dataplist-and-mac-seria...
They mention the generation needs a plist from an actual Apple device, and provide one of their own in the repository. I wonder what Beeper does. Maybe they have just one serial number? Maybe they have multiple and rotate?
I think it's calling a server generating validation data (probably with a pre-set hardware informations to be able to run it on a Linux machine which is cheaper, with emulation as pypush does it or by directly loading the macOS executable in the memory and run the right code snippets there).
I'm curious what are the implications of having pre-set hardware info. Maybe rate-limiting? or easier for Apple to flag those particular serial numbers to block the service if they wish?
Thinking maybe this isn't working. I downloaded, installed. It said it detected all my chats with iPhone users and that I was 'upgraded' to iMessage chats with them. I then tried using Beeper Mini to message someone I know has an iPhone (continuing our existing chat that it 'upgraded' from SMS) and I asked him if I was coming up as a blue bubble and he said it's 'grey', not green and definitely not blue.
Can't comment on whether it works or not, but it sounds like there's a mix-up here. On iOS, it would be their bubble that is either blue or green when messaging you, not yours. To an iOS user, everyone else is a grey bubble.
Hah! Whoops!
Also, even then, sometimes existing conversations won't automatically switch from SMS to iMessage. I'm not sure what the trigger is - he might just need to wait a while, or delete the thread and start it again.
That's because received messages are grey, but the messages sent from an iPhone to an iMessage recipient are blue. So I'd ask if when he texts you back if his texts are blue.
In principle - it's cool - but I already dread the increased iMessage spam that this will surely bring.
WhatsApp is already almost useless with Notifications turned on for me. Maybe this is specific to Japanese phone numbers, but iMessage was always the safe spot where no fishing/scams happened.
My mother actually got scammed out of ~2000 USD on WhatsApp.
I think I hope Apple kills this fast.
I get spam messages on iMessage and never on WhatsApp, weird
I don't know if I have ever received an iMessage spam, and I have 6 addresses associated (5 emails, 1 phone number).
SMS I get spam almost daily.
I've gotten local political messages from volunteers, but those were sent from their cellphones (and may have resulted in them being banned from iMessage a few days later)
I've never gotten an automated spam via iMessage protocol.
I mistakenly gave my number to a bot on Tinder, and now I get random texts on WhatsApp all the time, consisting of a highly photoshopped photo of a woman and some short intro.
Hi Eric! Big fan of Beeper, Pebble, and hopefully the yet-to-be small android phone. I had some questions that I was ill-equipped to answer, and hoped I could throw them your way!
When I installed beeper, I mentioned it to my friends that I was using it as a bridge for Signal. They threw a pretty big conniption about the implementation and the fact that all our messages were being routed through an unknown server in Germany with source code we could not read or audit (the Synapse/Matrix server beeper.com, as I understand it).
There were also some unfounded tinfoil-hat allegations that Beeper is an intelligence honeypot meant to slurp up all Signal encrypted comms that pass through its Matrix bridge, before forwarding them (although I don't give those any credence)
What reassurances might I be able to provide them? The UX for the Signal app has been going somewhat downhill as of late and I'd like to keep using Beeper if I can assuage their fears.
You can self-host any of our bridges if you prefer: https://github.com/beeper/bridge-manager
Thanks for the response! I don't think I phrased my question properly, since they were mostly concerned about what kind of access the beeper.com matrix server has. If I set up my own bridge, it will still send all of my messages to e.g. @dabluecaboose:beeper.com, right? Their concern was what's happening in the Matrix server that's hosting my account, not as much the bridge.
All messages are encrypted by the bridge before being sent to the matrix homeserver. Homeserver cannot read or see any message contents. If you want to self host everything, including the homeserver, you can do this: https://github.com/beeper/self-host
Thanks! Appreciate the responses. I'll forward things to the interested parties. They're already all atwitter about the potential for a direct Signal reimplementation like the imessage one. That might just be the ticket!
I'm sorry but don't understand exactly what this is. Is it a universal text app that you can use for all your contacts? Or do you need to know if the person you're texting with has an iPhone or not?
Given the excitement and number of upvotes I'm obviously missing something, but I'm at a loss.
The excitement is because previously it was impossible for Android users to communicate with iPhone users over iMessage. If you're not in the US, you probably won't get this, but in the US it's very easy to be "the odd man out" as the only Android user in a group of friends. Group chats between iMessage and Android users is basically horrible right now - I seriously considered getting an iPhone solely because friends were annoyed with me for breaking their group chats.
What Beeper does (especially since it's such a huge technological achievement by reverse engineering the iMessage protocol, as opposed to just using a Mac server as a "man-in-the-middle" iMessage communicator) is unlock a part of the iOS ecosystem to non iOS users in a way that Apple has been avoiding for years.
What is it about iMessage that breaks group chats? Where I live everyone uses WhatsApp (SMS is for 2fa codes pretty much exclusively for me)
There are tons of interoperability problems. Google put up this website a while back, before Apple announced they would support RCS interoperability with iMessage, that explains a lot of the broken experience: https://www.android.com/get-the-message/
Thanks for the clarification.
Yes I'm not in the US. Here in France (Europe?) pretty much everyone uses Whatsapp; it's not a problem to do normal text between Android and iOS, but I'm not aware of group chats that would be exclusive to iPhone users (I have never been offered/asked to join an iMessage group).
The fee and requiring account signup are a dealbreaker. Hopefully someone will create a FLOSS alternative.
AirMessage is open source (and quite old, unsure if its maintained). It requires a Mac computer to run some kind of forwarding software however.
BlueBubbles is the new hotness I believe.
Why are people so godawful cheap that they demand so much labor from others for free? I'd gladly pay for this, it's hella cheaper than me having to switch from Android to iPhone.
there are FLOSS alternatives: jabber/XMPP (or arguably Matrix, etc)
okay, i sound snarky: but how is this aligned at all with FLOSS projects/communities/ideals? how/why would a FOSS project tie itself to a network run by a company that’s going to constantly be trying to kill their implementation? both the users and the devs would be constantly fed up with the breakages: you solve that either with open protocols or by paying somebody to do the dirty work of defending against Apple.
Fortunately, I think this is going to be a forcing function for the RCS conversation.
Unfortunately, I'll be waiting for the data loss post coming in the near future. As some one who had to deal with a stuck iMessage validation with Apple support on a genuine iPhone a few years back this can get sticky.
RCS is not an iMessage replacement though? it's not encrypted, it doesn't support a single identity for multiple devices, it requires cell service and a phone number
RCS supports end to end encryption (it's on by default for Google Messages), Apple just isn't implementing it in their planned implementation of RCS. Google Messages does support a desktop app and you can link it to your phone with a QR code, so it can use a single identity for multiple devices.
No, google has an extension they use that is not part of the RCS standard.
I don't mean to insinuate they are like for like. I just mean Apple is starting to pick up scrutiny on interoperability which started with USB-C and I think the focus on this project is going to increase the scrutiny especially if Apple cuts it off.
I think this might be launching at an opportune time. The EU is already trying to force them to open up the App Store and iMessage has a target on its back. A cease and desist about this won’t look great in the inevitable antitrust hearings…
Does iMessage have a target on its back? It doesn't have a dominant position here in messaging, if it has a position at all.
over 50% of US market (and a few other countries), for starters. Not EU's jurisdiction, but it is a major messaging service.
Yes, I know but I was specifically talking about the EU, since that's the only government legislation for open access.
bit of irony that this can fly because of legislation in a mostly irrelevant market
The biggest question I have is what does the exit story look like? I know it's a common problem for people switching to Android from an iPhone (keeping their phone number) and not receiving any messages from iPhones as their contacts are still trying to send via iMessage.
What happens at the end of the trial when I choose it's not for me. Will I suddenly loose my ability to text with every Apple user? What about in the event of a service failure of your infrastructure (it says it talks directly to Apple's servers but does it also rely on you?)... What if Apple does go after you or makes a breaking change to the protocol?
In all those scenarios, what happens to my messages? Can I export and keep them?
I'm very interested to try but the potential to loose access even for a day or two is a really hard ask.
Someone on r/android reported that they could not receive messages from iPhones once they uninstalled the app. They had to remove their contact from the iPhone and re add it to fall back to SMS.
Someone else commented that you can de-register your number on Apple's site, but the person then said that it didn't work either.
So yeah, I am holding back on it to until there is more clarity about this. The overwhelming majority of people I text are on imessage and it would be a royal pain if I had to have all those people delete and re-add me.
Someone else commented that you can de-register your number on Apple's site, but the person then said that it didn't work either.
I don't know how Beeper could possibly prevent Apple's iMessage deregister form[1] from not working. Apple handles whether or not you have an iMessage account, not Beeper. It might take a bit for it to fully be purged, but this was only announced/launched less than a day ago so I can't believe that person really waited before confirming it somehow doesn't work.
They complained that when they entered their number to de-register, they were presented with a "number not found" error. Which seems like a plausible error for a backdoor imessage implementation.
Apple has a form to de-register a number from iMessage here:
How long until this gets forked into an iMessage spam bot?
There's already a ton of those operating, I get iMessage spam at least once per day.
Never ever seen that myself. SMS however yes, lots if spam by companies using bulk SMS services. But those show up as green bubbles so easier to ignore.
The spam iMessages I've received had the "iMessage" text above, were sent from a seemingly normal phone number and had a "Report Junk" button at the bottom of the screen (which text messages don't have).
Isn’t iMessage, amongst other things, the subject of some upcoming EU reg forcing it to be cross platform (or at least make APIs accessible)?
Thus, preceding the need of Beeper Mini.
DMA.
These companies have many years to comply and drop Fred functionality to 3PAs.
It's not enough imo.
DMA should've explicitly greenlight adversarial interop, superceding any existing agreement between gatekeeper and interop developers.
Proposed EU regs... I'd bet it'll be years till it is truly an open platform, and even then, they may restrict the openness to the EU only.
I think you meant to write “preempting”.
If this really works, it is what Nothing's partnership with Sunbird claimed to do (and lied about) a couple weeks ago - before being called out and shut down
It's really not. Beeper (and Sunbird, and others) up until today used a Mac server to sync messages. OP is describing an Android app that's natively talking directly to iMessage infrastructure, for the first time.
Sunbird was claiming they reverse engineered iMessage (either to maintain e2e encryption, or to just do stuff on device).
It looks like Beeper has actually managed to do the latter, which is really exciting!!
I’m one of the authors of the blog post you linked — Beeper Mini is entirely different.
There is a great blog post by JJTech (author of the pypush library, tech Beeper Mini is based on) also on the front page right now: https://news.ycombinator.com/item?id=38532167
Trying to use this an I am stuck at the AppleID login screen (I don't have an AppleID).
However from your message it seems that it should not be required:
No Apple ID is required
Sounds like phone-only registration didn't work. This may happen if you don't have a SIM card that can text outbound. If you are outside of US, Apple's SMS registration number is in the UK (+42)
+42 is Czechoslovakia
+44 is UK
Yes, I am outside of US and it could not send the verification message to the short number.
Whatsapp is known for banning accounts that use any kind of third party clients.
For Android users on iMessage (insane achievement!) obviously this isn't such a big issue, as they didn't have an account before, so the sanction of being banned is not so important.
I would never dare, however, to switch over my WhatsApp to a 3rd party client. Do you have something planned in this regard?
The best you can do now is run whatsapp apk on an emulator or spare device, then auth that with the matrix bridge, then you can avoid needing to use whatsapp clients on daily drivers. Works decently well: https://github.com/mautrix/whatsapp
Emulator based WhatsApp accounts are highest risk of bans just f.y.i
If you're worried about using beeper due to bans then just get a second hand burner phone (needs to have had WhatsApp before so it is safe from being identified as "poisoned") then make an account on there to use with beeper.
Beeper is very helpful NGL.
Beeper Cloud has supported Whatsapp a long time and I haven't heard of anyone getting banned for using it.
Can anyone explain to me why it matters if you have iMessage or not? So what my friends see a green bubble when I message them?
This is set to change, but right now iPhones only support the most basic form of text messaging with android phones. Texting between iPhones just works better. The images are higher quality, reacting to messages works right you can can reply to people, where as soon as you try to include an android number all of that drops away
gpt says
The distinction between iMessage (blue bubbles) and regular SMS/MMS (green bubbles) on iPhones matters because iMessage offers additional features like read receipts, typing indicators, higher-quality media sharing, and seamless syncing across Apple devices. While the color of the bubble itself may not be significant, the functionality and experience differ between the two, impacting communication capabilities.
Your telco/carrier can (and do) "read"* your SMS chats.
* Capture, store, share with various authorities and data services, and sometimes advertise against, as well as make available to other people on your account and carrier support.
It's got one of those "We'll charge you if you forget to cancel" subscriptions. Might be google's fault, but I'm not signing up.
I remember Meebo (https://en.wikipedia.org/wiki/Meebo) tried to do a similar multi-chat client as well, but for the web.
I mean… yes, that is generally how subscriptions work. Google and Apple make it relatively easy to cancel in-app subscriptions.
Yeah. It's pretty shitty. You should get cut off after a week with a positive opt-in to continue.
If you want that, just cancel the subscription immediately. You still get the free trial period and you can subscribe at the end if you want to. Works for any Google Play subscription free trial AFAIK.
I'm really surprised people will go to so much effort for a blue bubble.
I'm really surprised people still pretend they don't know it's not only about the bubble color
For me, it's not a blue bubble as much as the higher quality images/videos, compared to SMS/MMS. Trying to figure out which proper app a certain person has/uses, and remembering which to open for a certain person, is a huge pain. The full Beeper app is like old school Trillian: a bunch of clients in one. I just see messages from people. It's great!
It's the images, videos and most of all, this the group chats. Being the only person on Android sucks if everyone else is on a group chat.
So you can use this to spam iMessage?
You could spam iMessage before this.
Before, there was an Apple ID or device that could be banned for spamming. Here, there is no account required at all, just a phone number.
No, because you needed an actual account which could be trivially banned.
I remember Nothing tech did something similar-ish not too long ago, but I can't find their announcement of it. But then I stumbled upon a video talking about privacy concerns[0]. What's the difference between what they did and what Beeper is doing? Sounds cool though, impressive work! (also, "hacker"-news needs to be more embracing of their name lol)
Nothing/Sunbird lied about how their bridge worked, while Beeper has an open source matrix <-> imessage bridge implementation with docs.
Technically they are similar with both using macs in a server farm for their hosted offers.
this one doesn't have reports of using insecure http during account linking and I think you have the option to self-host
Nothing's thing was a branded version of Sunbird https://www.sunbirdapp.com/ which is technically similar to the iMessage part of Beeper Cloud. It is essentially a way for you to login with your Apple ID on a Mac Mini in a server farm, and then interact with its desktop iMessage client from an Android app.
This was done because Apple obfuscates how its notification system works, so the cheapest short-term solution is to just use real Apple hardware.
When Nothing released it, it was found to have many flaws, which is where that video comes in. Nothing unreleased it and hasn't followed up since.
Beeper Mini uses the long-term solution of reverse engineering Apple's notification system so that it can run independently of an Apple device.
Side note, i'd love if Beeper could impl some "standard" open APIs to brute force us in a new unified direction. I feel like the chat ecosystem is in the days of pre-LSP editors. Anytime i wanted to try a new fancy term based editor, i'd lose out of very basic features like code completion, jumping, etc. Since LSP came around, i can basically jump to any editor because everyone has this baked in now, and it works with "all" languages - it's great!
I want this for chat. I loved how great everything looked and felt with Telegram, but then i left for Signal and it was super bare bones. Eventually Signal got some stuff, but it's still missing a lot of stupid features that make it fun for me (integrated gif lookups, etc).
I'd love if we could unify around some of these behaviors and as we add new chat apps, users don't lose "basic" functionality.
Anyway, wishes aside - Beeper is really cool. I just signed up to Cloud, and my wife has been a happy user for quite a while.
Beeper (Cloud?) is based on Matrix, so I guess that's the open standard you're looking for?
Good luck with this one - dunno how Apple is going to react - a Steve Jobs nuking upon from high via API changes or Tim Cook ignoring it and just disgruntled acceptance that it exists but not care why folks in the US choose Apple.
There is probably a tense debate happening internally right now about how they want to respond. PR says no, Product says nuke it, Legal is stretching their fingers, and Engineering just finished reproducing the issue.
My understanding is that they are re-using a device serial number but they imply that changing this means a major change to how iMessage works so they banking on Apple inertia.
Charging $2 before the horse has bolted seems a bit ... would have preferred that Apple was involved.
Does this mean it’s trivial to spoof iMessage from arbitrary phone numbers not already registered with iMessage, or hijack any non-iPhone users SMS messages by tricking the iPhones they communicate with to send replies via iMessage to the spoofer rather than SMS? If this is true, (edit: probably not true,) and I’m just speculating without specific knowledge, it seems Apple would shut this down for legitimate security reasons, and perhaps re-engineer things to prevent this.
I just tried out the app - an SMS challenge was sent to my phone number, and the app sends a response via SMS. By challenge, I mean there's several fields with encoded data (not just a 6-digit OTP).
I have no idea how it's implemented by Apple but I'd hope there's some sort of expiry time. I'm sure they've thought of SIM-swapping as a way to take over people's accounts.
Does that challenge seem to come from Apple or Beeper? I hope Apple. That would largely allay my concern. I guess I should have given Apple more credit, because this “vulnerability” would likely have come to light much earlier otherwise, as they’ve always needed reliable means to establish ownership of a number — it’s just been automatic and invisible on the iPhone.
Will this be available from F-Droid or as an APK? I'm using a deGoogled device. Too cool!
Nope even if you install it using aurora store it requires a Google account linked in play services (you can't even log into it manually!). So even on a device with play services but no Google account logged in I get an error logging in. On a Google free device it definitely won't work.
Beeper's clients never were open source. They were based on Apache 2 licensed Element. The new client won't be open source either, given how they don't even open source their server part (contrary to their matrix bridges).
Great job! Just from taking a quick look at this, what you have here is much bigger than iMessage itself.
This could literally allow things like Universal Clipboard to work on Linux and Windows - by using the method presented here to access the iCloud Keychain and generating Continuity keys and placing them there - then the iPhone will broadcast its clipboard data encrypted with those keys via BLE. If I understand all of this correctly.
I had been wondering where Beeper's route to profitability was, but if they can get Continuity and AirDrop stuff working with Windows that will be an instant no-brainer subscription for a lot of people (including me), so I guess it works out.
It works over wifi, but you might be interested in KDE Connect [1]. It can do clipboard, remote input, file sending, command running, etc. on Windows and Linux.
My first thought is "was Apple behind this?" I understand that they claim to have reverse engineered it...but if it's such a trivial conversation exchange, it is a bit surprising this hasn't been utilized before. Seems convenient given the loud exchanges happening about RCS and the like. And unlike RCS, iMessages actually has E2E baked in.
The next thought it the utilization for abuse such as spam. E2E is wonderful but it also means that the normal cryptoscammer / phishing checks can't apply. There are mentions of rate limits and that surely comes into play, but given the simple proof of concept it would be easy to scale out.
I don’t think so. The security researcher is a kid in high school that seems really fucking sharp.
I have confirmed with him that he hadn't been born yet when Steve Jobs announced the iPhone.
https://blog.beeper.com/p/how-beeper-mini-works
Very cool. A question: will you be revenue sharing with JJTech0130? Their work made this possible, correct?
This project is licensed under the terms of the SSPL. Portions of this project are based on macholibre by Aaron Stephens under the Apache 2.0 license.
This project has been purchased by Beeper, please contact them with any questions about licensing.
They seemed to comply with the SSPL as well.
Nice! Glad they took care of it.
First... I want to say this is awesome and really really cool. I'm an android user and honestly don't care about blue bubble or iMessage features, but I know A LOT of people care a lot about it, and its really cool to see a solution that doesn't involve passing Apple credentials to some 3rd party service.
That said... I will be SHOCKED if Apple doesn't prevent this in some way in short order.
Could be through legal action (not a lawyer don't know if they have a leg to stand on)
Could be through technical means (pretty sure there are multiple ways they could break this)
...but regardless I highly doubt they will let this fly for long.
I've been a beeper user for a while now. I, too, share this concern. There's no way Apple won't try to kill this somehow.
Agreed, and it needn't ever address Beeper directly. Simply fixing the "security hole" that allows invalid devices to register would put a knife in Beeper's back and needn't ever be acknowledged by Big Gray
It is normal these days to have login with buttons BEFORE the subscription info? I mean I wouldn't even try to download if I knew there was a monthly subscription fee. Thanks
Right? I felt like it was some kind of trick to at least get your email before showing you the app actually is a subscription only app.
100% this. I don't really care about the whole bubble thing. I just though oh cool, let me try this and find some iphone user to see if it works. Downloaded, auth'd my google account which was the only option which is not right either... and then bam, paywall. Yes it does say it costs $1.99/mo almost at the bottom of the linked page, but I 100% would not have downloaded this if I knew that up front. And absolutely would not have auth'd my google account.
There 100% should be a message BEFORE logging in that has the pricing. And allow for actual email signups too, not google or any other 3rd party logins.
How come there’s a waitlist for the main product but not this one? I feel like it should be the other way around?
There's no stress on their servers with Beeper Mini, as it communicates with Apple servers directly.
Oh that makes sense. I was thinking that there’s added risk of spammers and botters on mini and they’d want to gate that
If this is a standalone app (not requiring ongoing server/relay maintenances), why charge a monthly fee and not a one-time fee?
They still run a server on your behalf to translate from Apple push notifications to Android ones. Somehow they were able to do it without compromising the end-to-end encryption too, which is awesome.
Why charge $10, when you can charge $10 per month?
But seriously, Beeper does have server side components. They're just optional ones. If you don't pay, you don't get those features.
I'd love to try this. Anyone with a referral code?
You don't need a code. Just install the beeper mini app from the play store
When I installed it after it asked for a 2 dollar a month charge or referral code
This is really cool, at least in theory. I keep hearing from only iPhone users on podcasts that they find it annoying to message amyone not on iOS. As an Android user, I couldn't imagine this being a concern to me; have any of you Android users even had the passing thought that you're missing out on hypothetical conversations between people who only use iMessage?
I use Messenger for the gen x people in my life, Signal for others, and sms and google chat for some others, but I don't even know what devices any of my friends use on a regular basis, seems arbitrary to me.
Every single person I message regularly uses iMessage. As far as I know none of them are “iPhone users” in the sense that they particularly care, they just use ‘the normal thing’ (which is iPhone).
So for the opposite question, I’ve never had the passing thought of missing out on what Android users do either.
I wonder if people just sort of mostly self select into mostly non-overlapping groups?
Android users don't have platform specific messaging apps as far as I know, so the fact that some people use iMessage as their normal is mostly inconsequential to Android users, but not the other way around since things appear differently based entirely on the platform. But I suppose I answered my own question, and something like this would enable iMessage to be more platform-independent, and thus an iOS user could hypothetically switch to Android without concern that they'll be ostracized from their messaging group or whatever.
Is there any way to do this on iPhone? I use a Google Voice number since Google Voice came out, and I would love to iMessage from it, but Apple won't let me add it as a number for the device.
It only runs on Android for now, although I think a desktop version is on their roadmap. But also, Apple will refuse to register Google Voice numbers. You need a number tied to a real carrier account. You'd have to port your number into a carrier, do the registration, then port it back.
I believe all you need is an apple id with a valid email to use imessage. my devices sometimes ask me if I want to message from/to a number or an associated email. I could be wrong though.
Why do people care so much about the bubble color?
For one, teenagers are ostracized and excluded from their friend groups because of what OS they're using in group texts. It's insane, but there it is.
It's most likely too late to save the USA teen population from smartphone homogeneity - from 2022's https://appleinsider.com/articles/22/01/06/gen-z-survey-says...:
"Analyst firm Piper Sandler's approximately twice yearly survey of teenagers in America shows that iPhone ownership is up 1% to 87% since its last report. At the same time, the new figures claim 88% of teenagers say their next phone will be an iPhone, which is down 1% from the last report."
from my informal poll of young relatives in past years, females were typically iPhone users and males were more likely to own Androids. I guess peer pressure was too great to fight the supposed Android benefits.
But, hey, Apple doesn't have a monopoly in smartphones, right? so Apple doesn't need to be forced to play nice with anyone...
Do I understand correctly that you charge $8/month for this? I can't wait for an open source version of this app.
If you're paying for it, it becomes feasible that maybe they aren't selling your information or doing something nefarious
Paying or not doesn't matter. In the end, you have to trust them.
The sweet thing about open source is that you can review the code to build that trust.
I wonder how they'd react is someone reverse engineers their app and makes an open source version of it.
I'm more interested in the future of now beeper cloud. As I understand it you will deprecate it at some point in the future. Does that mean that you will stop supporting the matrix bridges and go all in on the client side beeper?
Will beeper mini be open sourced?
From their description it seems like they will move these into beeper mini and drop the "mini."
Really happy to see that original customers are getting this included as well. I was worried that this was a ploy to say "we know we said you all would be grandfathered in, but that was for _Beeper Cloud_, our old legacy one. This new one is a monthly charge". Thanks for being great, @erohead
Yes, they didn't have to do that, and I certainly appreciate it. I think this business model is going to work for them, and the timing couldn't be better with the recent kerfuffle about Nothing's terrible attempt at this. They knocked it out of the park here especially with the no-compromise completely functioning end-to-end encryption.
No Apple ID is required
How are you going to send the messages? Whom from, a phone number?
Third paragraph:
With Beeper Mini, your Android phone number is registered on iMessage
Does anyone care about what color a message is?
Almost everyone in the United States, unfortunately.
I've been using Beeper for 3-4 months. I find it very useful, easy to use, and easy to setup. I use both the mobile app and the desktop app.
Same here. I really like it. Don't mind occasional connection issues, but what really irks me is that every message has separate notification. When someone sends me 5 consecutive messages I get 5 beeps. In whatsapp app I only get notification for the first one. So when there is some conversation going in group chat and I don't have time to read it right now I'm getting bombarded with notifications.
many people always ask ‘what do you think Apple is going to do about this?’ To be honest, I am shocked that everyone is so shocked by the sheer existence of a 3rd party iMessage client.
These are two completely different concepts?
I’m aware third-party clients have existed for eons.
I also believe Apple would shut this down.
Third-party standalone clients? Which ones?
I was excited until it asked me to login with my Google account. If it doesn't need an iCloud account why does it require my Google one?
For the $1.99/mo subscription fee via Play Store in-app payment.
First they require email and personal info. Then they tell you it's a monthly subscription. Felt like a terrible onboarding experience and a bit of a dark pattern.
If you scratch around enough they do say it's a paid product. Pretty cool yes,"show hacker news"? Dunno.
Great work, this looks very cool and seems to work well. I hope one day to see a local backup option, as it's important to me that my chats are not lost.
I wrote a tool for this: https://github.com/ReagentX/imessage-exporter
Could it technically work without BPN by fetching messages from iCloud? I know that's a whole another story (another tricky protocol to reverse) but it will make it one step closer to perfection imo.
There is an option in the app to disable push, which I assume is disabling the BPN connection
The thing that leaves me confused is what will happen to the main Beeper app?
JJTech is a high school student. Neat!
Related ongoing thread:
iMessage, explained - https://news.ycombinator.com/item?id=38532167 - Dec 2023 (73 comments)
Normally we'd downweight it as a follow-up but I think it's worthy of an exception.
It's shameful that Apple forces people to go to these lengths to send messages to their users.
You don’t need to use iMessage to contact an iPhone user. You can use plain old SMS, or WhatsApp, messenger, telegram, etc.
I've had a lot of trouble getting dates, women see the Android-colored bubbles when I message them, then they typically blow me off. I'm sure it's the Android-colored bubbles.
Come to Germany, everybody uses Whatsapp, nobody cares about the color of your bubbles or what phone you have.
Great, now we need a good AirDrop client for Android and Windows. :)
The AirDrop (https://github.com/seemoo-lab/opendrop) is there. We just need an app
Looking at the pypush, it looks like it uses Mac framework code with a .plist from a real Mac to generate encryption keys. Is beeper sending the metadeta of a genuine mac to the client so the client can generate the encryption keys that Apple will trust?
Also see BlueBubbles[1]. It could easily be integrated with pypush/rustpush.
Really annoying that I need a Google account though. I don't have one of those (yes I'm on Android but not Google)
Is this part of the reason Apple decided to support RCS? They knew the iMessage system would get opened up eventually anyway...
"Beeper does not have an official office, and we all work from home: ..., Sochi, ..., Kiev, ....".
So they work with Russia and do not know how to spell the capital of Ukraine.
I tried Beeper Mini today on my android phone/phone number and it works!!
I probably won't use it with my main AppleId due to fear of being locked out of it. They really do have me in an iron grip with their lock in.
The people in control of Apple know their market power, ironically, derives from a closed-garden messaging product. Exactly like Blackberry.
The longer the anti-customer behavior continues the greater the resentment becomes. Customers do not like being treated as captives to Wall Street thinking. Mega-tech will face consequences for the unapologetic greed they exhibit right now.
My wife has been using Beeper for a while (6+ months? not sure), think i should give it a try.
But, why?
Gives me Trillian vibes.
So let's introduce my bias:
All Multi-Messengers in the past that relied on reverse engineering proprietary protocols vanished.
I'd like to use this without a Google account, and at most using only sandboxed Google Play services. Is that an option? It doesn't seem to work.
Very cool, but some basic stuff is broken having used the app. For example, I'm unable to create a new conversation since I'm unable to click on a contact after having searched for their name in the "New Chat" flow. Looking forward to using it once this is fixed!
Edit: Seems like I have to double tap instead? Not super easy to use but it works so I'll take it!
As Android user, this seems useless to me. What do I get by switching over to this "blue bubble" platform? RCS messaging is pretty good and has most of these advertised features already.
I already got 2 iMessages from scammers. This won't last a long time. I am sure Apple will stop it by checking the device type.
I am pretty sure this exploit is probably the source of iMessage spam so I hope they figure out how to close this hole.
What is the license for this app?
Congrats on the Eric & Team. Can't wait to try it
This is incredibly awesome. You really don't think Apple is going to attempt to crack down on this?
Curious to see the shelf life of this app. Very cool. Will have to test out. Although keeping at arms length in case ONE iOS update or android update nukes it.
Well, it works, and works extremely well. I'll be paying for this, simply because group chats are currently hell.
We currently offer a 7 day free trial, afterwards there is a $1.99 per month subscription. Beeper Mini is available to download today with no waitlist.
Our business model is simple - we build a great app and earn money from those who find value in it. We feel that this business model aligns our success with your goals. No ads. Complete data security and privacy. Plus, we’re incentivized to continue improving the app with new features and improvements.
So... Until a fully blown beeper with multiple services. This app basically is still a subscription based reversed engineered iMessage (unofficially) compatible client.
How are you going about your treatment of disappearing messages?
This is amazing -- I've been a happy Beeper user for everything except iMessage and Signal until now, and this mostly kept me from using iMessage much at all. Congratulations to the team, and wow -- that high school kid hopefully has a long and impressive career ahead of him.
I would love for this to work with my Google Voice number, instead of the number from my SIM.
'many people always ask ‘what do you think Apple is going to do about this?' I am shocked that everyone is so shocked by the sheer existence of a 3rd party iMessage client.
I'm not shocked that someone figured out how to create a 3rd-party iMessage client, however I am somewhat skeptical of the notion that Apple will not find a way to break it.
Has anyone played with pypush enough ( https://github.com/JJTech0130/pypush ) that I think this is based on to get it easily usable in the same way that signal-cli is? Would be neat to use this for actually cli sending to my one or two friends stuck in Apple land. Thanks!
this is nice!
I'm working on small tool to make microblog using iMessage. Proper API would simplify many things.
Awesome!!
I'm an iOS user, and juggle SIMs a lot. For your upcoming iOS app -- what sorts of SIM liveness requirements do you require? I'd love to be able to auth periodically and predictably and then disable my iMessage-aware SIM for some period of time.
Wow, this is cool. Thanks everyone for their hard work.
Bad idea. I had my iCloud account in a constant autoblock mode. This works only with insecure Apple account setup.
This reminds me of using Trillian to connect to AIM, MSN, ICQ, etc. back in the day.
So yeah, it seems ok for one-on-one chats, but for group chats it's super buggy. Can't tell who said what in the history of any of my group chats because Beeper Mini is confused and thinks all of the messages, left and right, are from me.
I am shocked that everyone is so shocked by the sheer existence
Huh? It's not being shocked, the legitimate question is what is Apply going to do? Saying you are shocked does not answer the question, if people buy into Beeper how likely is it that they lose functionality due to an Apple lock out?
I love the concept of Beeper or now "Beeper Cloud" and I am trying really hard to use the app but the app is just too sluggish to be usable. I am not sure why, perhaps because it's built on top of the Matrix oss app, not sure.
Eventually, opening WhatsApp/Telegram is super quick and Beeper is too slow
I've been using beeper for a long time for Linux, and it has been a delight to use. The updates are regular and they seem to constantly be working on improving performance and staying ahead of various breaking changes forced upon them by the messaging services.
This is a really impressive reverse engineering feat of the iMessage protocol, all the way down to the iMessage auth flows and identity credentials. The deep dive the authors posted is interesting
The referenced technical write up is fascinating[0]
I wonder how well this architecture (including privacy preservation) would work for LinkedIn messaging?
Specifically the BPN service since that seems to come from a data center IP and more likely for Apple / others to have a choke point.
[0] https://blog.beeper.com/p/721485af-aad0-4962-b418-eea9bc1e8f...
Curious how the BPN service presents to Apple.
Subscribed! I'm guessing that nothing needs to be done to let my friends know? It just works?
I'm using Beeper on my Mac and iPad, specifically to chat with friends who are on arcane chat platforms such as Instagram.
I'm quite happy with how the service works, and wrote a review a while back: https://news.ycombinator.com/item?id=37745270
i'd pay for a good whatsapp client for apple devices. unfortunately it's so prevalent that i have to use it
Enjoy your job at Apple. RIP to this App.
To be fair, you really have to be an Apple fan to disable your messages for the sake of blue bubbles.
Great to see this! Keep it up, Eric and team!
How can the most popular article on HN this week be just a bog standard messaging app? This should have been a solved problem long ago. But instead of a bunch of greedy bastards can't give up even a tiny bit of control they have over other people.
Apple is 100% going to ban this. While reverse engineering the protocol is fine, legally, Apple has a legal right to decide which clients can connect to its servers and from which clients it trusts data.
Blue bubbles on Android
I don't get it, what's the obsession with blue bubbles? I like my grey bubbles, they're less eye-piercing.
If you want blue bubbles just use Facebook Messenger.
can somebody explain why everyone so obsessed with getting iMessage on Android?
it's a genuine question, no sarcasm. I the last 12 years of using Android i've never had to send message to iMessage. So i really dont get the hype.
I already had a significant respect for Beeper (Cloud) as a technical product. The backend being Matrix with open source bridges was a great choice.
This write up adds so much more to that respect. It would have been easy to botch this, it would have been easy to do a worse implementation that would have caused problems for users whether they cared or not, but Beeper seemingly took the time to get right.
Congrats to Eric and the team on the launch!
This is an amazing technical achievement and there is no world where it doesn't get banned.
Sounds like Texts the app Automattic acquired https://www.theverge.com/2023/10/24/23928685/automattic-text...
These all-in-one messaging apps should be interesting
That's painful for nothing phone
This is the coolest thing I have seen all day! I’ve been using Jared [1] running on a Mac VM to send and receive iMessages from my locally hosted AI. If I could just use a python library that would make my life significantly easier
I don’t know what’s going on but these blue bubbles must be extremely important for people.
What's hilarious about all this is the main reason people want iMessage on Android is not missing features, or speed, or anything practical. It's because Apple chose an intentionally terrible shade of green to use for SMS messages, to make messaging Android users unpleasant. If they had used a green with similar contrast and saturation as their iMessage blue, this wouldn't be such a big deal. Literally a single color swatch, that's what this is about.
#191,000 in the waitlist. Can't wait to try it in a couple months hahaha.
The real question is - even if they cannot find a way to lock out Beeper - will they find a way to identify beeper devices and make the bubbles green ?
Does anyone have a code for Beeper Mini and not just desktop Beeper ? On Android Beeper Mini always asks for a 1.99$ a month fee or a referral code and regular beeper codes do not seem to work.
Anybody got a referral code ?
I have tried Beeper before, and I am really happy that you are pivoting to client side bridges !
Hate to be "that guy", but pypush technically isn't open source because SSPL isn't an OSI approved license.
Hi, I immediately subscribed.
Is there any way to adjust the display name for my contacts to use nicknames instead of contact name?
This is incredible! Excellent job on this. I regularly hunt for an app that can do what you've done, so it was a very pleasant surprise to see it as an HN post.
this month has been crazy for Apple and text messages. First RCS now this! I am a bit nervous about jumping into this not knowing privacy implications. Normally I let HN "vet" apps like this but I think more will be revealed with this app, and not saying that in a bad way. It is going to be a crazy week!
I wonder how much money Apple would make by releasing an Android app that for $1 a month, would allow Android users the ability to have a "blue bubble" or whatever.
I don't actually think Apple will care enough to get rid of this.
But why not simply migrate away from iMessage, FB Messenger, Whatsapp and other services already offer most of the same features.
Or, hear me out. Normal texting still works. Trying to get in the cool Apple club without paying the toll seems counter productive.
Anyway, I'm not trusting a startup with my communications in this situation. I have no way to know what controls you have in place.
I saw an article on the topic where the reporter spoke with Beeper's CEO, Eric Migicovsky. He seems to believe that blocking Beeper might cause problems for legitimate Apple user's.
Obviously that outcome is something he wants, but I still think its interesting.
[0]: https://www.theverge.com/2023/12/5/23987817/beeper-mini-imes...
Apple maintains iMessage compatibility with devices that are long out of support, if Beeper Mini is sufficiently similar to the client in for example iOS 12 then it makes an Apple decision to break Beeper fairly expensive. Even if they do the work to publish iMessage updates for the old iOS versions it just buys a little time before the new version gets reverse engineered, and that at the cost of poor user experience for the people with those devices in a form they will directly blame on Apple. Given all that I suspect he's right.
There's probably a cliff in complexity. Once Apple starts requesting signed attestations from the secure enclave on the devices that have one, it's game over.
They probably don't just yet, since still too many people use iMessage on first-party clients that don't have one, e.g. Intel laptops without a T1 or T2.
If Apple does start enforcing signed attestations, they will say that it's to reduce abuse. I have no doubt (being in the anti-abuse world) that spammers and phishing gangs will immediately begin using Beeper to spam iMessage users because this allows them to avoid buying an iOS device. With end-to-end encryption, Apple may also decide to roll out privacy-protecting client-side spam and phishing detection, which would IMHO be a really great thing.
Spam protection should be on the recipient, rather than the sender.
As we’ve learned very clearly over the last 20 years of commercialization of spam, that never works. The only tractable way to fight fraud and abuse is to impose cost.
The massive prevalence of physical junk mail would refute your argument that even a significant per message cost would dissuade abuse.
Scope and scale is important here, the amount of junk mail from business interests outside of my immediate region is not very high. If physical mail were free and you could send it from anywhere in the world, junk mail would be so much worse than it is. You couldn't run a lot of internet scams at the costs of physical mail and be profitable.
Probably not because even if the postage is free the paper, printing, envelopes, etc. are not.
How many pieces of physical junk mail do you get per day? Now how many spam emails do you get per day? Include the stuff that lands in your spam folder, because we're talking about cost to send junk mail here.
I'm willing to bet the latter is much, much higher. It certainly is for me.
That's a brief statement which makes me think I'm missing something obvious, but it doesn't seem obvious to me. Would you please expand on that?
I think it's a bad idea to lock out unattested clients, and as long as third-party clients are accepted, spam will always be sendable. If you're not doing end-to-end encryption, you can catch it at send time by having the server reject the client for sending spam. If you're doing end-to-end encryption, the only options are the sender or the recipient, and attempting to block it at the sender would require prohibiting interoperability.
While I love the principle of accepting third-party clients, Apple clearly doesn't which make this argument fairly non-compelling for them.
I disagree. Email has SPF and DKIM an what have you exactly because client side filtering doesn't work right. Mail gets dropped beforr the clients even get a chance to run filters.
That's not to say that requiring remote attestation or blocking third party clients entirely is proportional, but Apple should (and does) play a role in spam prevention.
The phone number registration https://blog.beeper.com/i/139416474/sending-and-receiving-me... will make it possible to enforce legal action against malicious and spammy messages.
Note that iPhones already receive SMS spam and fraud just like every other phone.
However, you are correct that the blue bubble is no longer a guarantee that the bad actor is using an iPhone.
They do receive spam and fraud, but the numbers are orders of magnitude less than every one’s else BECAUSE it’s tied to hardware. I don’t know the details of how’s these guys got around it, but this is bad for the rest of us when phishing skyrockets.
I don't understand what you're talking about. I get far more SMS spam on iOS than I did on Android.
Whether the number uses iMessage or not is totally irrelevant.
How can you get more SMS spam on one platform than another? With SMS they're just blindly sending to your phone number, your SIM could be in any device. They don't know what platform you're receiving it on.
Android is much better at blocking it.
There were also differences in the platforms with how/when your phone number can leak to spammers and data aggregators, although I'm no longer deep enough into mobile OS or related CVEs to know current details.
Like the legal action that is currently protecting us from robocalls?
I don’t know if iMessage registration requires bidirectional SMS verification, though. If it does, that would be significantly harder to spoof than just caller IDs.
Maybe Apple needs an even blue-r bubble to set apart the super attested users from the mere blue bubble peasants
they could call it "apple blue" and charge a few bucks a month for it. People love that stuff
They can desaturate the iPhone / MacBook Air users to disambiguate from the MacBook pro / iPhone pro / max users. Also device age in years will add hints of green hue. That way people know they're talking to someone who can afford to spend thousands of dollars on hardware every year.
wait is this where "green with envy" will come from?????
I’d pay for a blue Apple checkmark!
I imagine the next color being purple since that's a sign of royalty. Hail to the king baby!
Apple can break Beeper without relying on the secure enclave: If Apple devices just send their serial number (IMEI for their GSM products), their servers can refuse to talk to hardware they didn't manufacture.
How does this address iMessages sent from non-iPhone devices?
If in the data sent across (via Apple servers) the IMEI and serial no of the device are also transmitted, then Apple can in that millisecond query on their various lists/inventories that this device is legit (activated device + IMEI + serial) and if all lights are green, proceed to deliver, otherwise drop it.
(perhaps different sets of data can be used, but it must be something that Apple already has, and the user has already provided (i.e. the iMessage email or the iMessage phone number, from the iPhone's enabled Settings)
Do you mean that I now have a nice party trick - DoSing friends iPhone from sending iMessage? :)
If you have a FlipperZero, DoSing iPhone users with Bluetooth is a bit of fun!
As someone who once bought fake airpods on ebay, I can tell you that Apple can't do this.
I spent a number of days with them where they were trying to work out if they were fake. The serial number was real but they were fairly sure the number had been taken from a real product and reused, but were unable to say for sure.
I ended up just returning them (because of the ebay return window) but found it interesting that Apple couldn't easily check this, and was very aware of the issue.
you already have to do this to get certain apple services (including imessage) working on hackintoshes. turns out there's a really easy work-around: guess-and-check serial numbers on apple's web site until one works. they rate limit it a bit but you can usually find a working one without a terrible amount of hassle.
Non-Apple devices could just lie
Beeper will know only a small number of valid serial numbers
If it ever becomes popular, there will be a lot of duplicate serial numbers. That's easy to detect and ban.
Not if they require a certificate containing the serial number/imei/... + a nonce provided by Apple, signed with a private key/certificate stored in the secured enclave, loaded into the device when it's manufactured.
I believe you can bruteforce/generate IMEIs somewhat easily. https://github.com/bstein/py-imei-generator
There’s also the registration process that could be locked down and/or hardened. There may or may not be additional metadata (including out of band) that could identify first-party clients.
I would think that’s the biggest issue right now. If spammers can register “real” iMessage accounts at scale without Apple hardware, Messages becomes less pleasant, very quickly.
That would make sense: because Apple have deeply coupled iMessage to the OS they can’t simply roll out a new version of the app with protocol changes that would block Beeper, they’d have to release entire OS updates.
No matter the method it would be a scorched earth approach. I suspect the number of people actually using Beeper will be far below a rounding error for Apple.
No they haven't. On my Mac it's just an app and a reusable framework.
There is nothing stopping them releasing it on the App Store similar to Mail.
I’m talking about the iPhone.
Messages is the same on OSX and iOS.
It's not deeply integrated into the iOS by any normal definition. It's just shipped together.
The Messages app in macOS is less capable than the Messages app in iOS. It cannot even edit sent messages.
It can, by right clicking the desired message to edit. This is in macOS Sonoma, and I believe was a part of Ventura as well.
Oh interesting, I have a 2015 MacBook Air. Wonder if the feature is not available on whatever macOS version I have.
It’s a Ventura and later feature and your MacBook Air probably topped out around Monterey or earlier. 2016 MacBooks Pro also didn’t make the cut for Ventura.
Messages has a bunch of special privileges on iOS, which is why they had to add the whole Blastdoor protection framework and why it's such a juicy target for sandbox escape exploits.
Nope. It just happens to be on everyone’s device and usually enabled
Yes, and when it's enabled it has more privileges than most other apps, doesn't it? But yeah you can still remove the app.
Btw, maybe related, on iOS I have "app privacy report" enabled, to show me a list of apps and the recent entitlements they used. Every Apple app, even those that don't need access to them, is shown as having recently accessed my Contacts. I find this weird. Anyone know why they do that? e.g. I've never even used the Health app and yet it's accessing my Contacts for some reason.
It’s basically the same as any other app, there are some special permissions it has to integrate with the OS a bit better but nothing too interesting. Not sure what’s going on with Contacts but it might be a bug?
fwiw it hasn't been called "OSX" for awhile now
Mail is also deeply coupled to the OS. The app itself does very little.
In the sense that the app is just a wrapper around a system framework, sure. But changing that framework would be an OS release.
I'm not that familiar with ios apps, can they not push out updates to individual apps?
Not the OS-included ones, afaik. Some Apple apps are through the AppStore normally, which can be updated independently (i.e. TestFlight, despite its deep hooks).
Why did google break out Google Play Services as a separate app, was that when they started integrating more with third-party android phone suppliers, and they didn't want to have to wait for OS upgrade cycles from slower-moving companies?
Probably they originally did it because Android has high-assurance embedded use-cases (compare/contrast: Windows IoT Core) where you want to strip out everything possible from the attack surface.
But mainly it's because base Android (AOSP) can be arbitrarily modified by the OEM; and Google doesn't want to have to trust installations of Google Play Services that have been arbitrarily modified by OEMs.
(Especially because those versions would likely all act differently-enough from one-another that they would be forced to loosen their server-side, network-traffic-fingerprint-based "authentic Android device" detection that allows them to ignore/block bots pretending to be Android devices.)
By shipping Google Play Services through the store, they can ensure that, on devices that run it, it's exactly the same code for every device that runs it, with no OEM alterations. (And they can also include various checks to reject devices that would try to alter that code at load time. This is the real reason why e.g. Huawei devices are blocked from using Google Play Services — they try to patch unspecified parts of the Play Services code while loading it, "breaking the integrity of the platform" from Google's perspective.)
Man, that's contrived. Really its simple: Google seperates out Play Services so they can harvest user data from virtually all Andoid devices. It lets them market Android as OSS while still reaping the benefits of closed source data scraping.
derefr cited one reason but there's another that's relevant to this thread: updates. In the Android model handset manufacturers and carriers decide when (or if) to ship updates. Google distributing their apps through the store gives them a way to roll out new features to a reasonable portion of their user base.
On iOS many of the individual apps e.g. Mail, Notes you can delete and then re-download from the App Store.
And as part of Security Updates they have patched vulnerabilities just in the relevant apps.
So there is nothing technical stopping them. It's just been customary to treat iOS as a product where all features ship together.
Apple never patches security vulnerabilities in individual apps except for Safari, and they’ve stopped doing that too.
I don’t think this actually physically deletes the app, given that it’s back once you reset the phone. It’s most likely just hidden/deactivated until you “reinstall it from the app store”.
Actual updates require the app binary/bundle to be mutable.
Uptake for OS updates is very high on iOS though right? I heard a while back that it is like 90+% in 6 months. (could be totally wrong on that can someone confirm?)
There’s a ton of devices out there unable to upgrade to the latest iOS. Obviously you can release point upgrades for old versions but I do wonder what the uptake of those is like. I’d wager there are a ton of very old iOS devices out there. At the very least many more than there are potential users of Beeper.
anecdote of 1, but i have a 6S+ that is kept up with any updates it receives which is 15.8. there maybe some devs that have older devices that they intentionally keep at even older versions, but if someone is using an old iDevice as a daily driver, they're probably still more likely to run the updates. at least, that's my reaches up and grabs for an opinion
Uptake of updates is, uptake of devices isn’t. Here I have 1st gen retina iPad from 2012 which is on the latest iOS available for it - 9.3.5 (from 2016, current version is 17.1.2). As of today FaceTime and iMessage still work perfectly fine.
That and reading the books is actually about the only thing it can do right now.
You say this like Apple doesn't release OS updates. Why are you putting that as some arbitrary limiter to what Apple could do to protect its walled garden?
They don't usually remove features as important as iMessage from older iOS versions. I don't believe they push updates to the iPhone 7 and older anymore, so they'd be unable to use iMessage.
I have a 6sPlus, and messages work just fine, and it may not be iOS 17, but I recently-ish ran an update for its OS that Apple deliberately updated (which you just know must have been an important update). You can stop making stuff up now
Non-Apple legitimate users aren't the only concern for Apple: Once third-party clients are readily available, this makes spam much harder to filter.
Right now they can probably just ban known-spam-originating devices, which is much more effective than banning iCloud accounts since there is a much higher cost to the spammers.
will iMessage Contact Key Verification coming in iOS 17.2 break Beeper — or just make it super annoying like the “not a genuine Apple part” warning when replacing a screen or battery
It's not too hard to think through -
They would need to accept and verify a flag from messages that the copycats can't reproduce. At the very least that would require a client update from anyone using official iMessage clients, which covers many millions of devices.
Unless they're able to hook into already existing flags/keys on the devices since they already verify application signatures and a whole other host of things.
Apple can probably do it, but much like jailbreaking how fast can they release breaking changes?
They could probably require a new check but whitelist already registered numbers.
What's brilliant is they get press either way this goes down.
i understand no such thing as bad news/publicity, but if the 800lb gorilla squashes the little guy, then that's some pretty bad news. with the recent Twitt...er,X and reddit debacle with 3rd party apps, that 800lbs is pretty powerful when it wants to be
edit, because i used the wrong turn of phrase
What is currently not interoperable between the majors mobile OS makers?
Well messaging for one thing...
Some others:
- Find my device features including Bluetooth ping networking (airtags, Tile, Android's upcoming network)
- Airdrop/Nearby Share
- Bluetooth LE proximity pairing (at least I doubt this works when pairing cross ecosystem)
- Carplay/Android Auto
- Airplay/Google Cast
okay but this "interoperability" is legitimately hard without degrading the user experience because apple's unique level of control allows it to produce a superior product with more consistency. airdrop is best-in-class; open-source solutions like wi-fi direct are dumpsterfires with trash UX. LE proximity pairing is, i believe, a custom chip apple put in airpods (h1 chip) because bluetooth is stuck in 2005 and still doesn't have easy pairing, full quality two-way audio, etc. carplay/auto have different feature sets and airplay is an objectively easier experience than google cast.
the EU is fundamentally interested in these changes regardless of consumer welfare. this is sour grapes because they fail at tech by every conceivable metric and by degrading everything to a common feature set and commoditizing certain standards, they hope to give domestic companies a prayer. that it prevents innovation and improvements is merely a secondary concern for the hard-headed anti-Americans in brussels.
Another way to read this: Apple has a superior product because they perform anti-competitive practices and don't allow other companies to out-product them. And when they do, they buy them/shut them down before anyone is the wiser.
editorialization. you know as well as anyone that restricting your feature development to your own platform rather than doing a retarded design by committee helps one innovate faster.
We don't need to speculate; internal emails from the Epic trial discuss the motivations.
https://www.theverge.com/2021/4/27/22406303/imessage-android...
In short, Eddy Cue proposed in 2013 that Apple owning the best-in-class messaging app would be a win, and even mentioned the cost being low. Phil Schiller shut him down, arguing it would remove a barrier preventing iPhone parents from buying their kids Android phones.
That reads like anti-competitive motivation to me. In particular, it looks like tying, where two unrelated products are connected artificially. The wikipedia article on anticompetitive behaviors has a section on tying, and mentions another case involving Apple that bears some resemblance involving iPods being artificially restricted to only playing tracks either from iTunes or direct CD rips.
So I think the anti-competitive angle has some real merit.
The innovation claim, though, I have a harder time with. I don't see how releasing Messages for Android implies design-by-committee. They could just release it, like Beeper Mini just did, but without the reverse engineering part.
They could definitely just release an app for Android instead of opening the protocol, but as an Android user I'd reject it for the same reason I reject my Apple friends suggesting we all use WhatsApp or Signal: I don't want different conversations living in different chat apps for no reason. That to me is the bad old days of Facebook Messenger+Twitter DMs+SMS where I had to remember which platform each of my contacts prefers to use and then deal with missing features and an inconsistent experience all the time.
As much as I think Beeper's work on iMessage is important, apps like that do not and have never solved this problem. Because then you have different contact identifiers to contend with, the inability to make groups amongst those users, differing features, and the list goes on.
If you look closely at what I'm saying here, it's easy to compare it to what iMessage users say about why Android users create problems for them, and that's true. That's why messaging interoperability is important.
Interestingly enough, in my life, WhatsApp has just won. Everyone I know uses it, people I meet when traveling use it. Pretty much every Airbnb host tries to contact me on WhatsApp. My physio right now in Malaysia organizes all my appointments on WhatsApp. But I only travel East of the UK, so Europe/Afria/Asia, I have no idea what South America is like, and can guess that it's not as ubiquitous in North America based on these threads.
I cannot remember the last time I've received a non-spam SMS. The whole iMessage thing feels so alien to me. My girlfriend is an Apple fan-girl and has never used iMessage in her life. I kinda wanted to see what was special about it and when I asked her about it, she had no idea what I was talking about.
Innovation is a good thing, but for many items on this list there's no more innovation happening. Google Cast and Airplay have been mostly unchanged for the last ten years, and the same is true for Airdrop and Nearby Share.
You can definitely make the argument about innovation in the messaging space, but RCS is very extensible. RCS Encryption definitely needs to be standardized, but I recommend you check out how Google layered it on top of RCS [1] including handling fallbacks for corner cases like switching your RCS client away from Google Messages before the system realizes it.
This is to say that RCS is pretty flexible, the key is handling the fallback paths in the extension design and working with other vendors to standardize promptly, so we don't end up with the same kind of broken mess that the carriers made.
[1] https://www.gstatic.com/messages/papers/messages_e2ee.pdf
It's really not. Just make the "superior product" interoperable.
But it often not that simple, anyone who has done cross-platform development can tell you this by heart, it doesn't matter what you do, you must adhere to the lowest common denominator. Interoperability isn't free.
I'm not asking them to implement these things on every platform, but it's not difficult to make documentation they certainly already have about protocols available.
Protocols calcify when you don't control all the endpoints, consider the case in point, iMessage, it is seems like there is some security implications for spoofing iMessage for any random number, yet, apple's recourse is very limited if it can't update all the endpoints (devices).
The same is also true, say about AirDrop, if apple makes it "Open" and they have to make a breaking change for security or whatever reason, they can't feasibly even make an update available for non-apple devices let alone enforce it.
Now "Apple" has broken your non-apple device and along with it their reputation.
Open is good, but the cost is non-zero.
By that logic the Outlook for Windows team should be responsible for patching Gmail for Android.
This argument is silly. You could use this line of reasoning to justify why all computers should use the same OS from the same vendor. Of course then you'd have a monoculture where implementation bugs that cause vulnerabilities are universally exploitable, instead of only exploitable on machines running that vendor's software.
This isn’t uncommon at all when dealing with development that requires interoperability.
Far from it, actually.
If a part of your user base uses another service, you’ll inevitably have to add workarounds specifically to cater to users for that service. It’s just a fact of life when multiple groups have to implement a spec. If you aren’t willing to add workarounds, users will think your software is broken when they should be blaming someone else.
For example, Firefox maintains a few workarounds for websites that ship in the browser. They aren’t the web developers responsible for the sites but someone has to make it work.
Interoperability is not free.
Have you used Nearby Share on Android? It's IME just as good Airdrop, the only real issue is that it's not baked into Windows PCs like Airdrop is with Macs (confusingly MS has their own thing called Nearby Share for Windows devices). I've actually had less issues with Nearby Share, my iPhone stopped sharing to my mini after a few months but could talk to everything else. Android solved BT pairing in a superior way years before with NFC pairing. Touch two things and paired. I could get my airpods to pop up on my iPhone 1/10 times. Finnicky, overhyped crap IMO. Only reason NFC pairing didn't catch on is Apple holding the NFC chip hostage for the sole use of Apple Pay.
yes, i primarily use an android phone. nearby share is janky and terrible. additionally, the fact that it's not built in everywhere is a ding from the standpoint of an end user.
It is built in to the Share dialog, so it is accessible anywhere the Share dialog is shown. And when you copy something to clipboard, the popup at the bottom includes Nearby Share. Where else would you like to see it?
Certainly not every iOS app has a custom Airdrop integration either.
Every time I've nearby shared it's worked just fine. What phone do you have?
Honestly, this reads more like marketing spin to cover anti-competitive behaviour than a forum post.
i am not, nor have i ever been, employed by apple. i use none of their products as my primary devices. stop breaking the forum rules.
Another Apple ecosystem that can be used by non-Apple devices. OpenHaystack [0] has been working well for quite a while.
[0] https://github.com/seemoo-lab/openhaystack
Does this still work? that repository appears to be abandoned.
Apple did actually open up the network, there are plenty of third party devices that are 'Find My' compatible. It's intended for integration into things like bikes or scooters.
You can buy tags from AliExpress for $5 that implement it. I've been using a few for a couple of months, and no issues so far.
It would be preferable if Find My capable smart devices could forward tag pings on to non-Apple owners and vice versa. Right now, Find My is strong in the US where iPhones are very common, but it works worse in places where most phones are Android, and vice versa for Androids in the US versus abroad.
You are referring to being able to track devices via the Find My portal on Apple.com or your Apple devices, but I am referring to being able to merge the networks so that Apple devices will forward pings onto Android's Find My network and vice versa.
The last commit and release is from october.
See my comment below for why this isn't the interoperability I'm interested in. I don't want to use Apple's service, I want Bluetooth tag pinging to be standard across Apple, Tile, and Android ecosystem devices so that they all work equally well regardless of the percentage of one brand of phone or another in the area the tag is pinging from.
Is there a way to SEE the location of my Apple manufactured Airtags from Android?
- Carplay/Android Auto
Are there any headunits that only support one or the other? The cheap Chinese unit I got last year supports wireless for both. It would be nice to have an open protocol though, so third parties could develop alternative UIs.
Sadly, yeah- even in OEM units.
Or so that there isn't a duopoly lock in for a new phone OS or an android fork that doesn't have Google Play Services on it. Just like Google Cast and Airplay, this should be an open standard, not a pair of incompatible proprietary locked down solutions.
One of my companies lives from this kind of things so it would last if someone could fund it. More food for thought: "Reflecting on 16 Years of Work on Adversarial Interoperability" (now, more than 20...) [1]
[1] https://blog.nektra.com/2020/01/12/reflecting-on-16-years-of...
Have you ever received C&D for your work? There's a big problem of OSS projects being TOS-trolled by billion dollar companies and having to shut down out of fear.
What would they demand they cease doing? Publishing software?
If the use of this software is against their rights in some way, the end users running it would be the ones in violation. Publishing original software is protected expression.
This was tried by apple. https://www.engadget.com/apple-drops-its-lawsuit-against-a-m...
Emulation software isn’t wholly original as it needs firmware and software from the device so emulated. An iPhone emulator with no bootrom and no iOS isn’t very useful.
An open source client for an API need not include any non-original works.
They are though. https://news.ycombinator.com/context?id=38534247
After digging in more I believe that is only done in that proof of concept. If that's the case then it's too bad they didn't go back and update the POC to avoid the need for the binary.
For the app it is probably just done server side.
Depends on whether you consider a private key an "original work": https://github.com/JJTech0130/pypush/blob/main/albert.py#L16
The situation seems very similar to the AACS key leak back in the day: https://en.wikipedia.org/wiki/AACS_encryption_key_controvers...
Note that a key cannot be copyrighted, but it can be considered a circumvention tool for access controls that protect other copyrighted works.
There is a very useful iPhone emulator with no bootrom and no iOS: https://touchhle.org/
It targets games, so manages to be useful without having to emulate or re-implement the majority of the OS.
One prominent counterexample to this thesis is DRM circumvention software, which regularly gets taken down via DMCA notices. I wouldn't be surprised if Apple even invokes that particular law.
"Section 1201 provides for felony liability for anyone commercially engaged in bypassing a DRM system: 5 years in prison and a $500,000 fine for a first offense."
So it's even worse than the risk of being taken down. Way worse.
https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-w...
iMessage is not DRM. It is not protecting IP.
The component that tries to identify that you're accessing it from the right device isn't DRM? I don't think courts would agree with that.
That means Jack Shit in a world where a lawsuit can ruin a person's life regardless of its legal merit, with zero consequences for the corporation that filed it even if it gets tossed out by a judge eventually.
LPT: Live as if human/constitutional rights didn't exist. Because if push ever comes to shove, you will quite possibly find that they indeed don't exist in practice.
But there are consequences. Even if the financial costs are not meaningful to a big company, the backlash created by such actions can have wide ranging implications, from lost sales to loss of the public mindshare, to attracting legislative attention.
Tell that to Alexey Pertsev.
You know, your question is very interesting: no, we didn't.
Anecdote: we reverse engineered several Microsoft products and before Microsoft Windows 7 launch we were contacted by Microsoft QA and they offered us support to check if our software was compatible with it! BTW, our software was installed in millions of computers around the globe. For example, Trend Micro used our software for supporting their antivirus in Outlook Express and Windows Mail.
Our Deviare Hooking Engine [1] was eclipsed when Microsoft Detours [2] turned to an MIT license and free. Even when our was superior in several ways. This is why I wrote that you should continuously fight for "adversarial interoperability".
[1] https://github.com/nektra/Deviare2
[2] https://www.microsoft.com/en-us/research/project/detours/
I agree. After receiving a C&D from Meta for my OSS project (along with some other maintainers from some other projects) I strongly believe adversarial interop is a basic digital right that is required to fulfil the broken or revoked promises of web 2.0
If you know anybody that can help please let me know because I want to get back to maintaining the project.
Did you contact specific organizations such as FSF, EFF, etc and/or specialized lawyers? There were well known people defending itself or being plaintiffs. For example, https://cr.yp.to/export.html
What is the project? On what grounds did they C&D you?
On the contrary, the EU law that enforces interoperability should put some wind under this project's wings.
Exactly what I thought
But EU interoperability laws are cancelled out by DMCA (aka EUCD). That’s why reading a DVD with VLC has always been “technically” illegal.
If Apple is able to update the protocol in such a way that it requires some kind of signed attestation from the secure enclave (basically a DRM) they’ll get legal protection.
Also. Nobody uses iMessage in the EU. It’s all WhatsApp here. Blue bubbles are an American obsession.
The recently enacted DMA requires interoperability. Unless Apple wins its case against iMessage being classified as a gatekeeper service, it'll be required to support interoperability. I'd be surprised if tricks like hardware attestation were compliant, unless Apple allowed other companies' hardware.
Furthermore some implementations cannot provide hardware attestation, so it probably couldn't be limited to implementations which can, if the EU really means "interoperable"
No it’s not, it’s an obsession by a small number of users, not widespread at all.
What exactly is considered bypassing DRM in the case of Beeper Mini, and what copyrighted content is the DRM protecting?
This might be news, but the DMCA laws don't allow you to restrict software which is compatible with your own, especially if the competitor never used your code.
it might even be the reason for it's existence
You mean like WhatsApp, Signal, Telegram and dozens of different chat apps available for both Android and iOS?
Beeper is an app that unifies all the messaging protocols you mentioned (and others) into a single app. They are not introducing another protocol.
Universal in this context is referring to the ability to use a single app across protocols rather than the ability to use a single app across platforms.
I miss the days of jabber being able to senselessly talk to aim, msn, yahoo, icq, etc. All chat contacts in one account.
Jabber transports, they were great.
Ok, I get it.
It's what EU mandated and from March '24 all major chat apps have to be able to communicate with each other.
Relavent xkcd: https://xkcd.com/927/
We had universal chat applications & standards and interoperability in the 2000s. Pidgin (et al.) + libpurple allowed users to use a singular application for chat--even the proprietary protocols. We also had (& still have) XMPP from that era which many of the big boys like Google jumped on, killed, then jumped off (EEE?). Are we just repeating history (https://ploum.net/2023-06-23-how-to-kill-decentralised-netwo...)? There’s an XKCD about inventing yet a new standard despite us having good ones for decades…
This was never enough for me. On paper Pidgin did the trick, but you still had to remember which of your friends preferred which platform, you had multiple "friend" entries for the same person, many used silly pseudonyms that they certainly didn't go by IRL, you had no way to tell if your friends actually were monitoring each of their accounts (I uninstalled aim months ago, have you been sending me messages on it?), you couldn't have group conversations across networks without mental gymnastics or compromise, the features offered on each platform were inconsistent, both on their native apps and the features pidgin actually implemented.
That to me is not universal chat, that's just welding 10 chat apps into one, somewhat poorly.
That being said XMPP was well on the way to becoming something universally supported, and though the protocol itself was way more complicated and crufty than I'd like, it's a shame that Google particularly abandoned it for really no reason.
Given how many large chat systems are based on XMPP, it should be possible to select a set of standard extensions to interoperate with each other. Sadly, I don't see it happening.
It would be, however would not bet my chatting account history on a phone number. Phone number does get lost over time. Email is more reliable, but may be a private key for authentication instead. Also a modern day chat app, one would expect to have chatting over bluetooth as well Internet such as Briar, and chatting over Tor such as Quite would be much more needed.
I'm not so sure about email being more reliable than a phone number. I believe more people have a contract with their cellular provider than with their email. Free email accounts could be banned with no recourse.
The timing is potentially clever. Apple has committed to supporting RCS next year, and will face regulatory pressure in places like Europe.
Even if short lived they could onboard a lot of Android users and then use RCS once it’s supported.
I wonder if these events are connected. Imagine Apple hearing through the grapevine that someone had a proper iMessage implementation and that they planned to release it for Android. Perhaps one way to get in front of that would be to commit to RCS. One could imagine the Nothing Phone events having the same cause.