Beeper Mini is back

Messages will be sent and received via your email address rather than phone number. [...] Even worse, when iPhone customers added an Android phone number to an existing iMessage secure encrypted group chat, the Messages app would by default switch the entire group chat to using unencrypted, unsecure SMS.

These two Messages features combine to create a terrible UX. When someone starts a group chat in Messages and includes a single non-Apple device, it converts the chat into a group MMS at which point anyone in the group who was added by Apple ID email address starts receiving the messages via email with text messages arriving as text attachments to those emails.

The from/to addresses look like 2345678901@domain with domains such as mypixmessages.com, mms.att.net, mypixmessages.com, icmms1.sun5.lightsurf.net, etc.

It doesn't matter if you have a phone # associated with your Apple ID in addition to an email address. If the person who starts the chat accidentally uses your email address (which Messages makes both very easy to do accidentally and very difficult to notice because Messages hides the actual address behind the contact name) and there's a single non-Apple device in the group, you get to be on the receiving end of a barrage of emails from which you cannot unsubscribe.

When Messages converts a group to MMS, it really needs to make it obvious which recipients are email addresses and which are phone #s... it should either not hide the information behind the contact name and/or for cases where a contact has both a phone # and email addresses, it should favor the phone #.

From everything I've read on the matter, I believe that the UX nightmare when you include a non-apple user is an intentional design choice, rather than an engineering problem that hasn't been solved. They want the experience to suffer when somebody outside of the ecosystem is involved so as to create social pressure for the outsider to change.

The ironic part of all of this is that while the EU may be forcing Apple into supporting RCS to fix the situation, Google has resisted every effort to extend RCS to their own Voice platform.

It's really a shame that Microsoft gave up on mobile, because they really could be a real middle ground for the rest of us that just want interoperability.

Let's imagine it is an engineering problem; how do they solve it? Give a disclaimer that "your communications are not encrypted" and turn the bubbles maybe light green?

how do they solve it?

Release iMessage on Android. If there is a concern that it wouldn't be secure with Google controlling it, then they could put it out on F-Droid, which would simultaneously prove that they're serious and also undermine Google's own efforts at controlling the culture war.

Part of the iMessage security model is that devices are attested. Without this, the service as-is becomes widely open to spam and other forms of abuse.

Yes, there are other solutions to the spam problem. They are nowhere near as effective as what I’ve witnessed as an iMessage user so far. I regularly get spam chats on WhatsApp and Signal.

As we know, the devices are not attested, because beeper works. They're also not attested on old iPhone versions which are valid iMessage parties. Some new devices being bound to the hardware key doesn't change that.

Spam doesn't matter here - same app is used for SMS, which gets spam, so there's nothing new here.

But if Apple wanted to, they'd just sort out a deal that allows hardware signing of iMessage accounts on Android. That's not an unfixable problem.

As we know, the devices are not attested, because beeper works.

This argument doesn't make any sense.

They managed to figure out a way to create valid attestation data via old Apple binaries. Just because a security (well. "security") measure was circumvented, doesn't mean it doesn't exist at all.

That's not how it works. Beeper uses the old binaries, because those come from older iPhones where the hardware signing was not possible yet. It's not circumventing anything as far as I understand, just connecting the way an older iPhone would connect.

I mean, we're splitting hairs on terminology here I feel like?

Apple does not want you to connect to iMessage with non-Apple hardware and Beeper uses old Apple binaries to let you do just that.

That, to me, does fall under the umbrella term of "circumventing" some measures that Apple put in place to stop you from doing that; but I guess I can see the point where you'd object to use of that word?

That's a different argument. I was responding to you saying "This argument doesn't make any sense." to the attestation not being required. Whether you call that circumvention or not, ¯ \ _ ( ツ ) _ / ¯

The point was that if you can replicate it in software, then they're not requiring hardware attestation.

Software attestation of hardware is just pointless anti-competitive behavior.

Hardware Attestation however can have an actual security benefit.

If beeper was able to attest without hardware, Apple isn't doing hardware attestation and it's therefore just anti-competitive.

From the way I see it described here, it's more in-depth hardware attestation on newer models. So they're doing the good security thing here, but also not making millions of users' lives worse by outright blocking old phones that don't have the necessary hardware features to perform this attestation. x (5? 15?) years in the future they'll block super old stuff that doesn't meet these security requirements.

Sort out a deal with… whom? 500 different Android device OEMs?

Google. The company that defines what can you call "Android". They can define it to include a hardware crypto chip, signed with the right keys for Apple interop.

I've not received a single spam message on Whatsapp or Signal for as long as I can remember.

I got lots spam on WhatsApp, None on signal.

Guess it's local issue?

i've gotten spam on signal

Was it from a number with the same area code as your Signal number? What was the spam for? Care to share the message if you still have it? I research around spam as a hobby.

Email is in my bio if needed. Thanks in advance.

I always delete it, but 100% of it is cryptocurrency scams.

I have not participated in any cryptocurrency-related groups, so I have always assumed it’s just random.

Same, in years and years of use, never a single spam message.

Ditto. Add signal. Never

Same. Travelled all round the world for years using WhatsApp for local comms and Signal for long-term relationships, and never had spam on either.

good point. there are many other people who received more than once spam on whatsapp (to the point it become a meme in some subreddit).

Does f-droid allow non-open source apps?

No, F-Droid builds almost all apps from source. Even some open source apps don't make it to F-Droid if the F-Droid maintainer doesn't manage to build it themselves on their build server.

Additionally, F-Droid signs every app themselves.

[1] https://f-droid.org/docs/Building_Applications/

This make them a nice target for malware injection.

edit: When the signing is in single entity like f-droid, we have single point of failure.

When everybody sign their own app, we have trust scalability issues -- "trust" just can't scale to everybody.

The reason F-Droid does this is reproducible builds. Which is a big advantage because the code you see on GitHub is the binary you get in your device. It also means it's quite obvious when code is being added because you can reproduce it.

Of course the build platform being compromised is possible but that can happen even with binary distribution.

I thought they only allow you to guild/sign your own apps if it is a reproducible build, and they verify that the version they build is identical to the one you supply.

You can add a repository containing whatever apps you want.

But then they wouldn’t be able to claim that alternative app stores are bad for consumers.

The presupposition was "let's assume it was an engineering problem, how would they solve it". Obviously we can revert it back to a business choice rather than engineering problem rather trivially.

Apple would prefer you buy an iPhone.

This kind of attitude (eventually) gets the government involved.

As it did in Europe.

Ironically, iMessage is not that common in Europe. WhatsApp and Facebook messenger won the game here (but they are also targeted by EU).

Anyway, I hope for Apple that they have numbers proving that this bullshit strategy really makes them sell more iPhones because it makes them look really stupid. In any sane society, nobody cares about the color of a bubble, in fact, as an iPhone user, I blame more Apple for the lack of basic SMS features than of the bubble color. I’d be a stupid friend if I pressured my friends to get a blue bubble, that’s insane.

That's not an engineering solution.

They're social engineering your circle of contacts to pressure you to buy an iPhone

Wouldn’t entire thread need to be light green. Wouldn’t android users not see the Tapbacks/threads in same visual UX. It makes sense to turn it off entirely than to deliver a subpar and confusing UX

Actually both tapbacks (for a long time) and reply threads (since the latest iOS release) are both supported in MMS group conversations. The iPhone will send a tapback as an SMS message such as "Liked 'contents of message that was liked'" and other iPhones convert that back into a tapback. Google Messages also does this (and in fact did it before Apple did). iOS does not convert Google Messages style tapback messages into tapbacks though, so iPhone users only have half of the solution.

As for reply threads, when it's used it creates a lot of confusion for non iPhone users and it's not clear how Google Messages and other texting clients can fix it post-hoc. I'm not even sure how iOS reconstitutes it-- perhaps Apple sends some message metadata on the side via iMessage?

iOS does attempt to properly inline Android tapbacks and has done so since IIRC iOS 16. It's not perfect, though: if the tapback isn't one Messages recognizes, then you get it in message form, e.g. ":smile: to 'Have a nice day!'" (only with the actual emoji). It also fails all tapbacks if it's an image, presumably since it can't know which image is reacted to.

Hopefully the experience is improved when they implement RCS, though I'm not sure if tapbacks are part of the spec.

I just tested it in a group MMS with an iPhone user running iOS 17, and alas no, this is incorrect. Neither thumbs up (like) nor heart (love) apply as tapbacks when the tapback originates from android.

Unless there's something I'm missing, only Android users get cross compatible tapbacks.

I hate all of this. How depressing. As always, the actual people in the system wear all the cost.

Yes but ultimately those people are also responsible for chosing those systems and for electing politicans that allow this kind of behavior.

From everything I've read on the matter, I believe that the UX nightmare when you include a non-apple user is an intentional design choice, rather than an engineering problem that hasn't been solved.

I'd be sure this was why, if Google hadn't once tried to get me to use a combo SMS/MMS + some-other-Google-messaging-service app on my phone (by replacing the normal SMS app on OS upgrade—this was on a Nexus phone) that was so broken and janky it was unusable.

Like, it is for-sure the case that a rich, huge, "smart" company can fuck this up a lot worse than Apple has. iMessage is easily good enough that I haven't had to go find some alternative SMS app, at least.

iMessage is easily good enough that I haven't had to go find some alternative SMS app

(Almost) nobody here is challenging that it is, under the condition that you communicate exclusively with iPhone users.

MMS group chats are an absolute dumpster fire from an UX point of view. In some countries, a single MMS costs about half an USD as well (per recipient)!

No, I mean as an sms app. It’s fine for that. Group sms can get kinda rough but I’ve also never had a phone that did it better, including pre-iPhone phones, and a few Android phones. Of course it’s better if you can stay in iMessage, to avoid SMS, same as switching over to WhatsApp or whatever is way better.

MMS group chats are an absolute dumpster fire from an UX point of view. In some countries, a single MMS costs about half an USD as well (per recipient)!

Yes, agreed, I’ve never seen it not be awful.

iOS Messages is a terrible SMS app!

It doesn’t support delivery receipts (my old Nokia could do that in 2003!), doesn’t let me send texts to a specific number of a given contact, doesn’t let me pick what number I want to send texts from (for dual SIM), and most frustratingly I can’t send an SMS to any contact it believes to be on iMessage.

You can long press on the message bubble after hitting the send button in Messages to switch between sending as iMessage or SMS. Discoverability of UI/UX features on both iOS and Android is inscrutably horrible.

That button only appears when I don’t have a data connection.

Potential workflow, not that I consider this “sane” but rather a workaround:

Swipe up from bottom screen edge to open Control Center, toggle Cellular Data off, send as SMS, then toggle Cellular Data back on?

The ol' three-swipe-salute as it's known in some parts.

Maybe asking siri for help on this is the apple way.

What happens if you specifically ask Siri to send as text message and NOT iMessage?

To send to a contact's specific #, there should be a disclosure arrow to the right of their name (as you're entering it) you can tap and then pick which # you want. You can also double-tap a name in the To field.

There’s no visual indication of which number messages are going to and arriving from for an existing conversation, though. Messages to and from all numbers are just collapsed into one thread.

It gets even worse when iMessage and multiple devices come into the mix. It all kind of works for 95% of people I’m sure, but it completely falls apart in some cases with absolutely no way to be more explicit.

Totally agree. I was on Google Voice till earlier this year and that was its own kind of awful. After more than a decade on GV, I ported my number back to my carrier. I keep WhatsApp on my phone to use with a single family member on an Android phone. Another member with an Android phone uses whatever the built-in messages app is. Everyone else is on an iPhone. It's a mess.

The annoying part is, that this ends up going back to the lowest common denominator. Where users that wont install another program end up being the boat anchor dragging everyone else to the bottom.

most frustratingly I can’t send an SMS to any contact it believes to be on iMessage

You can long press on a sent iMessage blue bubble to reveal a 'Send as Text Message' menu item. It's quite hidden but it's there.

Only if the message didn’t go out to Apple’s servers. That doesn’t help me when I know the recipient won’t be able to receive it (e.g. because they are on roaming or out of mobile data).

I can choose what number I want to send from when using two SIMs. It's shown as "From" below the "To" when you write a new SMS using the new message button. In an existing conversation you need to tap on the contact icon and change the "conversation line" there.

Have you tried sending a picture via iMessage MMS? My wife's iPhone compresses every single picture she sends down to like 32kb and converts it to a JPEG. That's with the setting to compress images to save data turned off (I'd hate to see what it sends when its turned on). The pictures I send her arrive only compressed down to 700k-1.1mb and retain formatting and even transparency (our carrier limits MMS messages to 1.2mb).

Oh, what's even better is that it tricks the iPhone owner into thinking that a full resolution image was sent. On my wife's end she see's the full resolution original format image in the messages thread, not the blurry 32kb version everyone else gets so she had no idea that this happens.

That's with the setting to compress images to save data turned off

I think that setting doesn’t even do anything for MMS.

The compression level of MMS is set by the carrier, and cannot be changed or even queried.

SMS is too underpowered in 2023

SMS works quite well for what it was originally designed: Short, text-only messages to a specific mobile phone number. Using it for instant messaging has always seemed like a very weird usage of the protocol to me.

The two just have very different semantics, just like how it's generally accepted that email is not a great medium for group chat either.

Wait, there are still places that charge per MMS?

Some countries/providers just never stopped, especially those where MMS never really became popular and was quickly replaced by WhatsApp.

Some carriers/plans don’t even offer it.

30p per MMS - everybody uses WhatsApp, the only time I use iMessage/SMS is for receiving OTP codes.

I don't remember Hangouts being broken, but Google didn't keep their attempt to onboard people by making it the default SMS client going very long. To me, that seems like a major error on their part, though I think I'm glad Google didn't succeed in popularizing a proprietary unencrypted messaging service.

It would have been encrypted by now (at least for hangout to hangout chats) had it hung around.

And at least it was cross platform but overall I agree that mobile messaging should be standardized and open. So while the Google messaging strategy has been an abject failure overall, they did eventually trip over themselves and stumble onto the right path.

WhatsApp is that middle ground in some parts of the world.

Upon moving to Europe we discovered that WhatsApp is the preferred way to connect with friends, employees, social groups and schools. It was actually the driving factor in me conceding and setting up a FB account.

Why would you need an FB account?

Sorry I meant setting up an account in the FB ecosystem. Prior to that I didn't use FB, WhatsApp or Instagram.

*Meta

*The artist formerly known as Facebook

I don't think you need a FB account to have a Whatsapp account unless you imply they are the same (which I don't think).

IIRC I have not ever linked the two nor should FB have...

WhatsApp is owned by Meta/Facebook

Shh don't mention Voice. Google obviously forgot that they still had it turned on. If they remember it'll get killed.

Google voice has a paid version via Google Workspace, so I doubt the service will go away. But I wouldn't bet on the free version staying free, or not losing features forever.

hehe

https://killedbygoogle.com/

Google domains was baked into GCP and had "enterprise" users.

A service having a paid version doesn't mean anything.

From everything I've read on the matter, I believe that the UX nightmare when you include a non-apple user is an intentional design choice, rather than an engineering problem that hasn't been solved. They want the experience to suffer when somebody outside of the ecosystem is involved so as to create social pressure for the outsider to change.

This makes no sense. What’s the point in degrading the UX without telling the user 1) why the UX is degraded, 2) what they can do about it? If the point is to steer people towards iDevices, why is it degrading the UX specifically for these people? Honestly, this sounds like a knee jerk reaction where you are convinced that Apple is bad and are looking for confirmation instead of trying to actually think rationally.

It's really a shame that Microsoft gave up on mobile, because they really could be a real middle ground for the rest of us that just want interoperability.

They could not. They were neither here nor there in terms of platform use and applications availability and poured tons of money into it for no result. Nothing in their behaviour at the time showed that they even understood the problem they were trying to solve.

What’s the point in degrading the UX without telling the user 1) why the UX is degraded, 2) what they can do about it? I

Because 1) everyone in the Apple world knows, and 2) they want the answer to "What can be done about it" to be "Shame your peers into switching to an iPhone".

And it works. A little too well, especially with younger folks.

I have never once felt any shame for using Android, nor have I felt any pressure to switch to Apple. If anyone in my social circle tried that sort of nonsense, I'd never stop ridiculing them about it.

But I'm also the opposite of a younger folk.

Yeah, I don't have issues either. But in the US, in gen z and younger social circles, the "green bubble stigma" is a very real thing.

The ironic part of all of this is that while the EU may be forcing Apple into supporting RCS to fix the situation, Google has resisted every effort to extend RCS to their own Voice platform.

Google Voice has been in maintenance mode for years. It's unlikely that Google resisted adding RCS, but rather there's been no effort to actually do it.

That might be true but they're also dragging their feet with RCS in Google Fi (still only partial support - have to disable Fi cloud sync).

Google fi works fine on messages and uses rcs.

It's really a shame that Microsoft gave up on mobile,

Nokia's Lumia phones were so good at one time. The hardware was top notch (including cameras). The software was smoother than android and more intuitive than iphone. It was just a solid platform.

I would buy one in a blink if it was available today in the high end segment. I'd not even be bothered about google's anti competitive behavior wrt youtube and other apps.

Massive shame we lost Nokia and windows phone both due to the de facto duopoly that has taken hold in the market.

I used Windows phone only once, while I tried to find where I can remove SIM card’s PIN on my father’s phone, because he couldn’t find it. It took us a solid half hour, because I never imagined that it’s an application setting.

It wasn’t terrible, but it had its problems.

It hardly matters, almost everyone on earth uses WhatsApp for group chats.

Source? Of the many group chats I'm involved in, exactly one of them uses WhatsApp.

(I'm American, for context.)

In the US, sure. Very few of the people in Earth live there.

But how many of apples users live there?

Not that many, considering iPhones are popular in several European countries and in China.

I really don’t think Apple consider iMessage exclusivity that important.

I really don’t think Apple consider iMessage exclusivity that important.

Then you missed the part where Apple executives explicitly said so in writing:

"the #1 most difficult [reason] to leave the Apple universe app is iMessage . . . iMessage amounts to serious lock-in." Schiller stated that "moving iMessage to Android will hurt us more than help us, this email illustrates why."

https://www.phonearena.com/news/imessage-locks-ios-users-int...

If Schiller had to make those points in what sounds like an internal debate, and the plan of record at some point was iMessage on Android, then it follows that Apple didn’t see it as that important.

Seems like a decent amount to me:

https://www.macrumors.com/2023/08/29/china-biggest-iphone-ma...

Quite a few people commenting here live there.

You also seem to be forgetting the most-populous country in the world – no WhatsApp there either.

Between China and the US, that's already 20% of the global population unlikely to be using WhatsApp for most of their messaging.

You also seem to be forgetting the most-populous country in the world – no WhatsApp there either.

However in the 4th largest (Indonesia) everybody uses WhatsApp (at least a few years back) as Facebook offered free data to their services there (internet.org / "Free Basics") whereas iMessage would cost money for data traffic or SMS/MMS.

Thus really different across countries and regions and social circles.

Same for the 5th, Brazil. Everyone uses WhatsApp here and has been more than a decade since the last time I've ever had to use sms (never even used mms).

Most populous is India now - lots of WhatsApp.

But very few of the people on Earth live where you live, either. What’s the point?

People I know in India tend to use WhatsApp. People I know in Europe tend to use whatever shit is popular where they live. Discord, Telegram, FB Messenger, iMessage for those with iPhones, SMSes as a default, you name it. Again, what’s the point?

WhatsApp is by far the most popular option overall and in Europe too. Facebook Messenger and WeChat are also popular.

iMessage is only used in the US.

WhatsApp is by far the most popular option overall and in Europe too. Facebook Messenger and WeChat are also popular.

And Discord, and Telegram. Aggregate averages are not useful because they mask a lot of very different situations. Even at the country level, just look at this map for example: https://www.similarweb.com/blog/research/market-research/wor... . And even this map obscures a lot: it does not show social effects, and it only shows the most dominant platform without telling how popular the others are. In these discussions you see a lot of people parroting anecdotes as if they were statistically significant. This is really unhelpful.

iMessage is only used in the US.

This is factually false, for example. Loads of people use it in Europe as well, even though it might not be the case in your social circles. It is not dominant anywhere, but that includes the US. Looking here for example: https://engage.sinch.com/blog/most-popular-messaging-apps-in... iMessage usage varies from ~10% to ~35% depending on countries (with a lot of countries missing). That’s quite a few million people using it at the very least.

Again, asserting anecdotes that way is really unhelpful.

I'm not American and I've never seen anyone use WhatsApp. I only use it to text my family back in Morocco. Facebook Messenger is even more universal than WhatsApp in my experience

Sure, that one is popular too. My point was that almost no one uses iMessage group chats.

That's obviously not true or we wouldn't be having many of these discussions.

It’s clearly a US vs everyone else thing.

Despite your username, I just have to laugh. Millions of Americans use something other than iMessage. Apple doesn't have anything like a monopoly.

True but it only takes one or two to become a problem, unless you really have a small circle of friends.

Agreed that I don't get the entire "iMessages is essential". I also have never seen it been used, I'm a zoomer and most of my friends use iPhones, but with snapchat or anything else for group messages. Maybe it's a generational thing!

The funniest part is all the olds (of which I am one) talk for your generation on this topic. Of course anyone who actually interacts with zoomers knows that this “green bubble blue bubble” thing is a media beat up: discord, Snapchat, instagram are what matter to western zoomers for group chats

"western" is too wide categorize for this topic because it's different per country.

Definitely not the case for Americans

It depends entirely on your social circles. That’s why all these discussions about $some_platform being completely useless because of course everyone uses $other_platform are completely pointless. I haven’t seen any of these in which there was any useful information or even a hint of looking things in perspective. It’s only people telling everyone else that no platform is relevant except for their pet app.

I agree, but I find it hard to comprehend the social circles that shun people for not having an iDevice. Why would people choose to use a platform that not everyone can participate in, when there are just-as-good alternatives that are available to everyone? Like, if there's a group chat that doesn't want to include me because I don't have an iPhone, I don't think I want to be in that group.

In quite a few countries, the vast majority of Internet users (in Kenya, 97%!) use whatsapp at least once a month: https://www.verint.com/blog/what-countries-are-the-biggest-w...

In India alone, whatsapp MAU already reaches nearly 50% of imessage MAU worldwide, and rapidly rising.

Well, the most and third most populous countries on Earth don't.

Well, the most and third most populous countries on Earth don't.

WhatsApp is ubiquitous in India, the most populous country in the world.

As much as I don't like it, I am sure that Whatsapp is the go to communication channel in the fourth most populous country on Earth.

I live in the UK and have not seen an MMS conversation in about 15 years. This is crazy.

even SMS is seen as outdated here i feel

What do financial institutions where you live use to communicate TOTP codes? Here in the states, it's almost entirely TOTP codes over SMS (via a shortcode).

Usually their app, sometimes SMS.

SMS is outdated in a similar way that email is, it's something you use to receive notifications and messages from companies etc, it's not how you talk to your friends.

Thank you email is still somehow decentralized. I’m really frightened that sooner or later, one of the GAFAM tries to replace it with its own « open » solution.

It’s really not that decentralised anymore. I don’t have anything fancy, I just use a custom domain. About every fifth site can’t send email to it.

I’ve heard that if you have your own server, it’s even worse, to the point that you need to pay for some proxy which helps you avoid such problems, and also avoid that almost everything recognise your emails as spam.

I almost forgot that you could MMS to email addresses. Crazy times of old.

When I was in high school and not allowed to have a cell phone, I had to use email via Gmail in my PSP's web browser in order to message people. I relied on these addresses so heavily and many people gave me weird looks for "oh btw, I need to know which carrier you have so I can get the right email address"

When I was in high school and not rich enough to have a cell phone, I had to wait until midnight for my BBS to dial the upstream FidoNet host and exchange messages.

You can also usually send a SMS by sending an email to your provider, ie 9495551212@vtext.com, which is the poor man's way to wire up alerting to text the on call if you've yet to implement or afford a solution with proper sms/twilio support

https://www.verizonwireless.com/pdfs/user_guides/How_To_Txt_...

Spammers haven't, that's for damn sure

Whenever Apple tries to add significant new functionality to an already existing app, they screw it up. The combination of SMS/MMS and iMessage never made sense. Neither did the combination of purchased music and Apple Music. Or the traditional phone call with FaceTime.

Sounds like a great UX to me!!!

/sarcasm

Maybe this came up in the earlier threads (announcement, outage) so I apologize if it's been discussed ...

This project is fantastic. The hacker spirit is in full force, and I love a good David and Goliath story. However, all the comments about demanding interoperability and protocols keep confusing me -- I don't consider APNS a protocol (like TCP anyways), it's also not incidental, extra header space to stuff data into in an existing message being transported (ala early SMS), and it's not an open relay for everybody to use. It's Apple's private message delivery system!

Why does everybody feel entitled to use it if they're not using Apple products?

I'm not licking boots over here, just genuinely curious. I wouldn't want to set up a mail server and then foot the bill and assume liability for whatever the hell goes through it from random people on the internet.

And trust me, I'm all for civil disobedience and sticking it to the man with clever technical solutions, but given the (probable) massive costs of operating APNS, Apple's got every right in the world to close any gaps in their system and keep kicking Beeper out.. and Beeper can keep trying to get back in.. but I just can't wrap my head around making the assumption that APNS access is somehow a fundamental right that we're all being denied.

Selfishly I'm most excited about this project as a demonstration that secure and reliable communication across platforms is pretty straightforward. The only blocker is that Apple doesn't want it to exist.

If Apple were truly acting in their users best interest, they would want their users to have encrypted and fast communication with all devices, through an open protocol or otherwise.

And yes, iOS allows 3rd party apps but not nearly with enough permissions to act as a full Messages+iMessage alternative.

Don't WhatsApp and Signal already do exactly that?

And yes, iOS allows 3rd party apps but not nearly with enough permissions to act as a full Messages+iMessage alternative.

Not an Apple user, but I imagine even though there's some allowances for third party messaging, there's a lot of holes. For instance, what happens if I ask Siri to send a message to a specific contact from my Apple Watch. Will it send it over Signal if I've added a Signal address to their contact card and went the mile to set that as the default messaging app for that user? Curious.

While I don't mix text and voice control that often myself, it appears to be fully supported: https://faq.whatsapp.com/1803878309981730/?locale=sv_SE&cms_... as for what actions an app supports, that appears to vary based on what the developer included.

But do you have to say "Send a WhatsApp message to X" or does it work with "send a message to X"?

The only blocker is that Apple doesn't want it to exist.

This is my main source of excitement around this project. The existence of this project shows that there is no technical reason it can't exist. So, what is the reason it doesn't exist? Exactly what you said: Apple thinks it is in its best interest not to.

There’s also the fact that iMessages have a cost to them. An individual message might not amount to much, but millions of them? Apple is hosting the computing to manage the delivery of iMessages. Should they provide that free of charge to the world out of the goodness of their heart?

As of iOS 6.1 (2013), Apple said APNS had delivered over 4 trillion notifications already. A 2018 paper [0] claimed (with an admittedly-small sample size) that people receive on average 56 notifications a day (delivered, not necessarily interacted with). It's almost 2024. Even going off those old numbers, assuming 2 billion active devices [1], APNS would be delivering close to 41 TRILLION messages a year, and likely growing.

That's a lot of pepperoni, guys. Expensive pepperoni. Just some food for thought.

https://dl.acm.org/doi/abs/10.1145/3229434.3229445 [0]

https://www.statista.com/statistics/1383887/number-of-apple-... [1]

That couldn't possibly have ever been in doubt, though.

If Apple were truly acting in their users best interest, they would want their users to have encrypted and fast communication with all devices, through an open protocol or otherwise.

yeah that protocol exists. it’s called RCS and it is coming to ios soon. imo apple is allowed to gate imessage behind ios-only if RCS support is a thing

RCS has no end-to-end encryption in the standard, though. That's a non-standard google messages extension. I think a better example would be the cross-device messengers like signal/whatsapp/etc.

Google is slacking here and I hope Apple's involvement in RCS will help to move this forward. Samsung Messages also does not support Google's E2EE even though it supports RCS and pretty much all of the user-facing features Google Messages provides. Based on Google's whitepaper [1] about their E2EE support, I imagine it's because of the identity service they use for key exchange being centralized and internal (when really the identity service a contact uses should be an RCS capability in the extended contact system [RCS terminology here], and they should interoperate).

[1] https://www.gstatic.com/messages/papers/messages_e2ee.pdf

I believe encryption is not in the RCS spec yet.

Apple hijacked SMS. You can't CHOOSE to send SMS. If your phone is tied to a computer for a shared imessage account, if you're outside with your phone alone (while computer is online) the phone cannot receive text messages. (The sender ios device presumes 'success' in sending the message because it is received by the computer. It does not have the ability to send just sms).

So, i'm all for anything that shakes up messaging and maybe returns some of it to users.

You can't CHOOSE to send SMS

You can turn off iMessage and force sms unless you are referring to something else.

That's on the receiver party. I'm the sender using an iOS device. I can't CHOOSE to send an SMS if they have iMessage on.

That’s entirely incorrect.

You can also press and hold the send button to swap over to SMS.

This isn't true. That ability is no longer there.

you can choose; there's an option buried in settings somewhere

But, there's no ability on a per-message basis. If they have their phone set up with iMessage, I cannot just send them an SMS if they lose their data connection.

https://support.apple.com/en-us/HT201349

This isn't related to the ability to just send someone an SMS if they're using imessage.

I mean you can literally just set the iMessage toggle to 'Off' on your phone

It's not even buried. Settings -> Messages -> iMessage == Off

But, that party uses imessage for some things. I want to be able to send them an SMS.

How would that be done?

Why does everybody feel entitled to use it if they're not using Apple products?

Because I want to talk to my friends without being locked into Apple's ecosystem. Simple as that, I don't need any other reason.

This language about "entitlement" feels like when Google complains about people using adblockers on YT - I don't care because they're both $2T corporations, and the only "entitlement" I see is the way Apple and Google think they're entitled to my money and my data.

Because I want to talk to my friends without being locked into Apple's ecosystem. Simple as that, I don't need any other reason.

You can't do that now with SMS and a plethora of other messaging apps?

I think the "send my grandmother non-pixelated photos of my kid using the default messaging app" is a fair ask.

She doesn’t have an email address? You’re not in a walled garden, just self host it and send her a link.

You're really suggesting that Android users go back to 1996 just to talk to their friends and relatives who use iPhones?

Sure, I can print and mail her the picture, too - the point is convenience. Sometimes, people want to send photos back and forth, too, so asking the technical user of the two to setup a host isn't a solution.

(But I'm guessing you already knew that)

Why are you entitled to use Apple's messaging servers without paying for access?

People are willing to pay but Apple won't take their money.

Is this an answer to my question? I’m allowed to add more load and increase your infrastructure costs just because you won’t take my money in the way I want you to?

The argument is that iMessage is a de facto monopoly utility and should be operated accordingly.

Yes! All I hear when entitlement comes up is "Why do you feel entitled to text message your iPhone friends if you don't use an iPhone?"

because there IS an open SMS standard, and Apple has hijacked all their phones to use iMessage in it's closed ecosystem, saying to the rest of the world: "Go Fork Yourselves".

So, right back at ya, Apple. If you cannot make it by distinguishing your products on their MERITS vs the amount of lock-in you can generate, I feel no reason to help protect your brand, or access to it

It's Apple's private message delivery system!

In the US, where democratic principles govern and capitalism drives the economy, the regulation of corporations emerges as a necessary practice. This approach rests on the understanding that while corporations are essential for economic growth, they must operate within a framework that prioritizes the public's interest.

In a democracy, every entity, including corporations, should answer to the people. Corporations wield significant influence and power, and without oversight, this power could be used in ways that harm the broader society.

Corporations should reflect the values of the society in which they operate and not undermine social, environmental, and ethical standards set by the democratically elected government. Regulation of corporations is not about impeding economic growth but about guiding it in a direction that is beneficial for all members of society.

This is a wonderful speech full of noble platitudes. None of this actually answers the question of why Apple (or really anyone) should let anyone have free and open access to something they paid and keep paying a lot to create, deploy, maintain, and iterate on. It’s their stuff, not the public’s. Nobody should expect corporations to be charities.

Or, to expand a bit:

If Apple should be expected to open up iMessage, then why shouldn't Facebook be expected to allow interoperability with Messenger, and Telegram and Signal forced to open those up, too?

Or, if you wish to take it a slightly different way: Why shouldn't the New York Times be expected to give everyone a copy of their paper for free? Information and good journalism are a public good, after all.

Why shouldn't pharmaceutical companies be expected to make all life-saving medications available for free?

Why shouldn't ISPs be expected to make Internet access available to all for free?

I mean, we could structure our society so that everything wasn't arbitrarily gated but that would be gasp socialism.

Also, Telegram and Signal are already open and can be bridged from anything to anything so yeah, we should force Messenger and Imessage to accept, at a minimum, bridging as well.

To be honest, I personally agree that we should be forcing at least some of these things for the common good (and, to the extent necessary, funding them with significantly-more-progressive taxes). My point is primarily that it's not particularly logical to single out Apple for this treatment if that's your principle.

Good to know about Telegram and Signal—I don't use or know much about them. IMNSHO, my argument still holds even removing them from the equation.

We force companies to incur costs for the public's benefit all the time. In special cases we even require them to serve loss generating customers as a condition of operation. No one is forced to operate a power company, but if you do you are bound to provide power to customers regardless of their individual profitability. Similarly, dominant vertically-integrated messaging systems could be required to provide interoperability at a reasonable charge (or even no charge!). Apple could then decide whether or not they want to operate a system under those terms.

OK! Let's assume you've built a water delivery system, a series of pipes. You attach anyone who buys a licensed faucet, and collect a modest monthly payment, as a typical utility would do. You use these funds to cover the operation costs of the pipe system.

Your pipes use a standard threaded connector.

If somebody attaches to your pipes without buying your licensed faucet and without paying, just due to the interoperability of threaded pipes, do you have the right to disconnect them, and rework your pipe connectors in a way that prevents unpaid connections in the future? If not, why?

Any sane company with the goal of making money from operating a service would just meter water from a device they own and charge a reasonable fee. Most of the people complaining would be completely fine with Apple charging a reasonable fee for Android access to iMessage. A system like yours would only make sense if your goals had nothing to do with covering the costs of operating the service, and were instead growing and maintaining your licensed faucet marketshare. Some people might think that isn't in the public's benefit and want to change the law. In the case of water services we already have, and the licensed faucet scheme would likely be illegal basically everywhere in the US.

At my last house, we had a private well and, later, a private company laid water pipes in the street and offered for us to connect to them via their own meter. I don't think anything was illegal about that company offering for me to rent a meter from them for the ~$10/mo connection [aka "meter rental"] fee, and use whatever mix of water that I wanted from their metered source or my own well, provided I had a backflow preventer to prevent any of my well water from entering their metered water lines.

If someone chooses not to rent an Orange water meter, they can't have Orange water. That seems like a choice that Orange can make. Changing Orange to Apple and water meter to smartphone messaging, I don't see any inherent reason why the rules should be different.

Changing Orange to Apple and water meter to smartphone messaging, I don't see any inherent reason why the rules should be different.

Their choice of what water meter to use is completely transparent to you provided it works properly. It has no effect on how you use the service or any other aspect of your life. This is obviously not true of phones. The bundling of separate product categories is what makes the situation different, the same way that bundling water service with the arbitrary requirement of a "licensed faucet" would likely be illegal many places.

Apparently, blue bubble envy is a thing people have. The beeper home page mentions blue bubbles 9 times (and not being a green bubble twice). WSJ reported in August that 87% of teens have an iPhone so anybody with an android or a green bubble therefore stands out and is a loser.

https://www.wsj.com/tech/personal-tech/why-teens-hate-androi...

My son had an Android phone. I don't think anyone considered him to be a loser, but he did get very sick of everyone why he had a green bubble.

I have a green bubble because I don't want to live in a walled garden. I'd like to think there are still youth social circles where that'd get you clout.

I'm shocked your son and his friends were using iMessage, even in the US. My teens are using Snapchat/IG/TikTok mostly for messaging.

iMessage or SMS is exclusively how they communicate with their parents.

It’s not just about that. I want to be able to use my Apple message id on other devices.

I want to be able to send messages from Signal to WhatsApp! Alas, I am not entitled to that.

On the Beeper website it sayss they use "blue bubble" to refer to iMessage.

I think people wouldn't mind the green bubble if it had a good contrast ratio.

You could say the same thing about https://en.wikipedia.org/wiki/Samba_(software)

Samba is a protocol, Microsoft doesn't have any costs associated with more users of it. GP is asking about APNS, which involves Apple servers and therefore costs Apple to handle more requests, however minimal per individual request/message

Support costs for Microsoft definitely go up.

Explain your perspective on this. Here is a probing question.

How does support costs for Microsoft go up when I communicate from my linux workstation to my linux server using SMB implemented by Samba.

I think Samba was my first introduction to the idea that using a non-official/reverse-engineered implementation of something to piggyback into a closed ecosystem may not actually be preferable to either shunning that ecosystem entirely, or just buying into it. I loved it in concept, but in practice not so much.

Uhhhh, what does APNS have to do with any of this?

Correct me if I'm wrong, but people want iMessage to be an open protocol. You're talking about APNS, the "apple push notification service", which is something completely different than what beeper is doing and what folks are asking for. The message schema, format, types, encoding, max length, delivery guarantees, etc, like jabber/xmpp [1]. Push notifications are sent for iMessage, but that isn't what people want to be turned into an open protocol

[1] https://xmpp.org/rfcs/rfc6120.html

APNs is used as the backbone of iMessage, it's not an optional component. It is not just used for the push notifications you see on your phone, but for the actual delivery of the messages.

https://support.apple.com/guide/security/how-imessage-sends-...

https://blog.beeper.com/p/how-beeper-mini-works

I am an Apple user. I've owned more iPhones and MacBooks than I can remember.

I am the one who foots the bill for iMessage and APNS.

I want to be able to message my friends with Androids with the same ease as I do my friends with iPhones.

I also would like to be able to access my messages when I run Asahi Linux on my MacBook.

Use Signal. Get your friends to do so. What you are describing is a multi-platform ecosystem so don't rely on one of the platform vendors to enable something for everyone else.

Or better, use matrix/element if you can (the backbone technology of Beeper). It's an open protocol not beholden to one central server (Signal/WhatsApp/Telegram/Discord) that could go out of business, get bought, or change their usage policy at any time.

Yep, its really a lose-lose for everyone except Apple. Apple could even release a client that doesn't allow Android<->Android iMessage and I doubt many Android users would care. Personally, I just want a decent messaging experience and I would be willing to jump through the extra hoop of downloading another app even if my iPhone using contacts aren't willing to.

It's my understanding that in the European Union, the new Digital Markets regulations will require interoperability. It's still not 100% what it will cover, but it could become a requirement.

iMessage is pretty much dead in the EU though so I doubt the EU regulators will ask for interoperability.

As far as I could find, the text suggests that only applies to market giants (i.e. Meta with WhatsApp and Facebook Messenger). iMessage is not even breaking the top 5 in the EU. It's not even in the top 5 world wide, and even in the US it's only somewhere in position 4 or 5. If they go for absolute numbers (i.e. X million users) instead of market share that might be different, but it's unlikely to really be relevant to the EU considering from a user's perspective it's already interoperable (messages sent on one device end up on the other device, even if it's technically a mix of SMS, MMS and iMessage - that part is not really relevant).

I think the only source of all this iMessage this that and the other comes from parts of American society where they value the color of a chat bubble. Ironically that value has nothing to do with iMessage and just to do with "this persion I am chatting with can afford an iPhone", which in turn is what people appear to value.

In countries where iMessage is not really used, it doesn't matter at all. I would be surprised if most users would even know about different chat bubble colours and what they mean.

It's already been made public that iMessage will not (currently) be covered under this.

Why does everybody feel entitled to use it if they're not using Apple products?

I hereby demand that Google stop making changes to YouTube that prevent ad blockers from working.

Or more to the point, I should have the right to sell hacked access to Microsoft's Office 365 servers to end users and Microsoft must not take any action that interferes in those user's access.

That's reasonable, right?

I hereby demand that Apple stop supporting email interoperability with non iCloud users. The current situation, where the iCloud email users enjoy first class communication with gmail users, is tantamount to theft.

That’s reasonable, of course.

That does not seem like it follow from the person you are replying to's examples. Pretty much nothing is about removing functionality?

What does that have to do with a company's right to control access to the services it runs?

Why does everybody feel entitled to use it if they're not using Apple products?

Network effects.

This would be "enticed", not "entitled". What a user is entitled for is listed in the ToS; who did not accept them, is not entitled. Not necessarily forbidden or blocked, but any bets and guarantees are off.

If many people around you are participating in something but you're left out because of your phone OS choice, you do still feel entitled to participate in that by whatever means necessary. It's about the social aspects more than anything else. See other comments here for people apparently getting shamed and left out of group chats for having wrong color bubbles.

Remember Clubhouse, and how it was iOS-only when it was actually popular for a month? I felt entitled to build an unofficial Android app for it because so many people were on there doing interesting things, and so many other people were complaining loudly about it being iOS-only.

FOMO is a powerful force.

It's Apple's private message delivery system!

It's not!

Note: Beeper Cloud’s new Oct 2023 iMessage bridge never used Mac relay servers and still does not today. It uses a similar method to Beeper Mini, but runs on a cloud server.

I think you misunderstand that quote. Prior versions of Beeper Cloud hosted Mac Minis in data centers and used genuine Apple hardware and software to automate iMessage in order to function.

This quote simply says that Beeper Cloud is using the same direct implementation of iMessage that Beeper Mini does. It does not indicate that Beeper Cloud & Mini do not communicate with Apple's servers (they do).

It's the same as XMPP/etc vs proprietary chat protocols.

"Slack chat is only for Slack customers."

"Google chat is only for Google customers."

And so on.

Well....if you say it is, then it is.

But the supporters of interoperability would like to...interoperate. So non-Apply customers can send messages to Apple customers and vice versa.

Why does everybody feel entitled to use it if they're not using Apple products?

Vertical tying.

Why does everybody feel entitled to use it if they're not using Apple products?

I'm only speaking for myself here, but I don't look at it as "being entitled to use Apple's services". I look at it as closed, non-interoperable systems as being fundamentally bad for people and for the internet. I hesitate to call them immoral, but I feel like I could argue that competently as well, if pushed to do so.

So if Apple isn't willing to allow interoperability with their messaging service that is used by hundreds of millions (billions?) of people, then I support every effort to "sneak in" and make that happen anyway. And if that means using some Apple service that isn't intended for use outside the Apple ecosystem, that's just how it has to be.

On the other hand, I would frankly just prefer that non-interoperable systems die, instead, and be replaced by functionally equivalent, but more open, systems. So I am also uncomfortable with Beeper Mini pushing more people into Apple's closed ecosystem, even if overall (in the short term, at least) it will mean a better, more secure experience for both iOS and Android users. (It's gross that Apple talks about the security and privacy afforded to users of their products, but at the same time forces their own iPhone users to send unencrypted SMS/MMS messages to anyone who doesn't have an iPhone, because keeping non-iPhone users off iMessage is a competitive advantage for them.)

I’m a former Android fanatic turned iPhone user. I still own Android devices, but my primary device is an iPhone. I haven’t had something excite me as much as this Beeper Mini situation in years—I love that they’re doing this.

One of the things that got me to switch to the iPhone a few years ago was the fact that it seemed Apple was actually doing a lot of the right things when it came to privacy and security. Obviously, I was still pretty skeptical of them, but compared to Google, Apple’s track record seemed a bit more trustworthy.

The way Apple tries to lock you in though while stifling competition is extremely disappointing. They’re on the wrong side of history.

it seemed Apple was actually doing the a lot of the right things when it came to privacy and security

Isn't this one of them?

A security hole existed that permitted Beeper to pretend to be your Apple device. In this case, it was being used for non-nefarious purposes, but that doesn't mean everyone would. Apple's fixing that hole seems in-line with your desired "privacy and security".

A security hole existed that permitted Beeper to pretend to be your Apple device.

_An_ Apple device. Not _your_ Apple device.

"Hey, I'm /u/ceejayoz's new iPhone! Bwahahahahahaha. Ahem. I promise I'm really the iMessage client you're expecting. Start sending me a copy of all their potentially sensitive messages."

Again, how do we not classify that as a security issue?

So wait, if I send people messages from a different number and say I'm /u/ceejayoz's new number, they will believe me?

What is stopping me from buying a second-hand old iPhone and doing this without Beeper?

What is stopping me from buying a second-hand old iPhone and doing this without Beeper?

In that scenario, you're still using the official client, which Apple presumably knows isn't silently siphoning messages off to somewhere else. You're on official hardware with an official client.

Sorry, I misunderstood the previous comment. I thought you were worried about other people pretending to be you to your friends to trick them.

Is what you are asking this?

1. I install Beeper.

2. I log in to Beeper with my Apple ID, for the explicit purpose of accessing my own iMessage data.

3. ...

4. Gah! How could Beeper access my iMessage data even though I installed and authorized it just so it could access my iMessage data?

5. "Gah! Beeper was hacked/compromised/deliberately siphoning off Apple ID credentials into a log/error reporting/bad actor's database and now millions of people have had their sensitive texts and other iCloud data exposed."

Facebook and LinkedIn used to try to get people to hand over their email credentials so they could "help you find your friends on Facebook"; people were correctly skeptical then. Giving my Apple ID to a third-party seems insane, given what can be done with it, and I'd imagine Apple sees it the same way.

Giving my Apple ID to a third-party seems insane

That's fair. You'd be happy to learn that literally no one is forcing you to hand over your Apple ID to Beeper. Your approach is very good for your account safety, but you don't need to keep other people safe from themselves.

Do you have similar concerns when people use non-Google-approved email clients to use Gmail, or alternative YouTube clients, or Signal/Telegram forks?

Perhaps you think HN should ban alternative clients or weird web browsers too. Too bad a lot of people think interoperating clients are important or we would be left with the Web Integrity crap to "keep us safe".

Do you have similar concerns when people use non-Google-approved email clients to use Gmail.

If they ask for credentials, absolutely. Google has both an OAuth flow and the ability to generate app-specific passwords (which correctly have very limited abilities) so I never have to pass over the real creds.

I have never given my Gmail credentials to Apple, but I get my mail just fine.

Google requires you to register an application and get it approved to log in with OAuth, you can't just use it with arbitrary callback URLs. Why should I need to ask Google permission to use my own data, or ask for Google's permission to allow other apps to use my data?

If the Beeper service is totally fine, and you mind their auth methodology, perhaps you should complain about Apple not providing better iMessage auth options.

Instead, you complain about users being able to give their own data to an app they chose to install.

Google requires you to register an application and get it approved to log in with OAuth, you can't just use it with arbitrary callback URLs. Why should I need to ask Google permission to use my own data, or ask for Google's permission to allow other apps to use my data?

I specifically mentioned the other approach; if your email client doesn't implement the OAuth style approach, you can generate an app password. https://support.google.com/accounts/answer/185833?hl=en

If you’re referring to the history, then it cannot talk to the iCloud keychain, and even if it could, it would require your credentials. Same thing if you are just talking about incoming messages, they need your credentials. If they have those you’re already fucked. And also, they could just have taken an iPhone and log in there with your credentials.

It's understandable Apple doesn't want third-party apps proxying Apple ID credentials. Ever.

It isn’t proxying afaik, it is calling the Apple servers directly. The only thing getting to Beeper servers (and that can be disabled) is an IDS key without its matching decryption key, for Beeper to be able to see if messages are coming to signal the phone (which has the encryption key but is not connected continuously) to fetch it and show the notification.

At the very least, it's being proxied through the third-party Beeper app, which Apple has no reason to trust. (Nor the Android device it's running on.)

https://techcrunch.com/2023/12/11/beeper-mini-is-back-in-ope... appears to indicate more than that, though.

In tests, signing in with our Apple ID generated an Apple prompt that noted our ID was being used to sign in with a device “near Los Angeles, CA” (where we are not located.)

Because the user explicitly authorized the app by logging in with their own credentials and has the keys.

Isn't this one of them?

I don’t believe so. Beeper Mini uses Apple’s protocols the same way the native iMessage uses it; they didn’t exploit a security hole (unless you classify the device faking part as a security hole—I don’t). They maintain the E2EE flow.

The protocol's implementation is intended to verify you're connecting a device Apple built, with stuff like secure enclave and end-to-end encryption as known quantities. With Beeper, you have to give your Apple ID to a third-party app, which they then proxy through a server of some kind (https://techcrunch.com/2023/12/11/beeper-mini-is-back-in-ope... "signing in with our Apple ID generated an Apple prompt that noted our ID was being used to sign in with a device “near Los Angeles, CA” (where we are not located.)")

I don't see how you could describe that as anything other than a security hole.

I know that HN is not one homogeneous opinion, but it always comes up in these Apple threads that all this device attestation and secure enclave stuff is unambiguously good because Apple does it, but when it comes to TPM key escrow or Web Environment Integrity suddenly everyone is up in arms about how it's a total violation of a user's freedoms to do what they want with their device.

You shouldn't defend something that's inherently consumer hostile just because it happens to be for something you like.

It can be both a security issue and something that doesn't optimize user freedom.

I'm OK with titrating skepticism on a proposal based on the motivations of the proposer.

To Godwin a bit, I'd treat "we should make the trains to Auschwitz run more on time" differently depending on if it's being proposed by the German government in 1942 or the Polish government in 2023.

With Beeper, you have to give your Apple ID to a third-party app, which they then proxy through a server of some kind (https://techcrunch.com/2023/12/11/beeper-mini-is-back-in-ope... "signing in with our Apple ID generated an Apple prompt that noted our ID was being used to sign in with a device “near Los Angeles, CA” (where we are not located.)")

I think they have another primary product of the same name that operates this way, but Beeper Mini never sends your credentials off anywhere other than Apple’s servers [0][1].

[0]: https://blog.beeper.com/p/how-beeper-mini-works

[1]: https://github.com/JJTech0130/pypush

From your first link:

To work around this limitation, we built Beeper Push Notification service (BPNs). BPNs connects to Apple’s servers on your behalf when Beeper Mini Android app isn’t running. We can do this while preserving user privacy thanks to Apple separating the credentials needed to connect to APNs to send and receive content (the “push” credentials) and the keys needed to encrypt and decrypt messages (the “identity” keys). Push credentials can be shared securely with the Beeper Push Notification service, and BPNs can connect to APNs on your behalf. Whenever BPNs receives an encrypted message that it won’t be able to decrypt, it simply disconnects from APNs and sends an FCM push notification to wake up the Android app, which then connects to APNs, downloads, decrypts and processes the incoming message. BPNs can only tell when a new message is waiting for you - it does not have credentials to see or do anything else.

Bepper still connects on your behalf to run notifications while the app is not running.

My link is specifically talking about Mini; they indicate this behavior was on "the updated version of Beeper Mini".

This is incorrect. They're using a legacy, less secure protocol - not in the sense of encryption, but in the sense of the need to generate auth tokens per user.

They're on the wrong side of history.

Say that to their market cap. Seems a lot of people appreciate what comes with that drawback. Revealed preferences can be a sonuvabitch.

I will say that to their market cap. Such an insane capitalization on digital sales can only be achieved by extinguishing the alternatives your platform can host. It's a regressive featureset that can (apparently) only be reversed through legislative demands a-la Digital Market Act.

Many, many companies have had huge market caps while funding anti-humanist or exploitative processes. Given Apple's scale you almost have to assume that they're abusing something lucrative.

Such an insane capitalization on digital sales...

Apple's market cap is built on something like 80% hardware sales by revenue.

Yep, this is an unpopular HN opinion, but I actually like Apple's walled garden. It's safe, it's friendly and I don't have to worry.

This is in fact the most popular HN opinion that always comes up on every Apple thread.

yep. And GP themself is an example of why this works. Their practices sold an iphone and converted a fanatic Android user!

If you want privacy a de-googled android phone is far better than apple.

Yes, but a truly de-googled Android phone is a huge pain. Many apps rely on play services, and the open source alternatives still don't fully work.

I've been using LineageOS with microg for over 2 years without much pain, other than initial setup.

I believe this to be true, but to be honest, back when I made the switch, I was also considering the convenience factor.

The way Apple tries to lock you in though while stifling competition is extremely disappointing. They’re on the wrong side of history.

Fascinating that you say this when you literally switched to iPhone yourself.

How is it fascinating? Apple exerts pressure on customers to buy their products, and then further pressures to keep them integrated with Apple's ecosystem. Here, a customer gave in to the first pressure and is disappointed by the artificial friction Apple uses to upsell their customers.

So... are we shocked that iPhone customers don't de-facto agree with everything Apple does? Or the fact that OP would be willing to criticize something they paid for and supposedly identify with?

It's really not fascinating at all. It reads like a perfectly level-headed and candid criticism of an ecosystem by someone who isn't invested in the success of one particular company. It's almost too lucid for HN.

SMS is spammy enough -- I don't want to see spam via iMessage. These third-party clients make spam much more viable.

I love open standards, open source, whatever, but I want some things in my life to just work well without caring about the details. My phone is one of those things.

while stifling competition

How? Lock-in, sure - but unless you do a lot of market gerrymandering (which Epic tried but got laughed out of court), how does anything apple do stop people competing?

It’s not e.g. paying google large sums of money to avoid making its own competitor. Being big isn’t itself anticompetitive.

And on this exact topic - there is a whole ecosystem of messaging apps that exists. They just have to build their own userbase.

As far as I understand, in order to talk to Apple iMessage services/backend (and all auth pieces) you need a "legit" Apple ID and legit Apple hardware model #s / serial #s

If you don't have that, how are they able to get auth tokens / send messages around without basically "exploiting a hidden hack that might get patched"?

AFAIK they are using a reverse-engineered Apple binary that does the real iMessage - and since Apple doesn't update apps outside of iOS updates, Apple can't, in theory, patch it without also breaking iMessage on older iPhones.

I'd have assumed there'd be something more going on in iMessage, like each device has a private key that needs to sign the messages, and Apple can ban any private keys that leak -- but in theory couldn't they even be prevented from leaking by secure enclave?

I'm just speculating on what would have made sense, but I'm guessing that's not how it's working since Beeper Mini exists. It begs the question: why isn't that the way they do it?

You're asking why cryptographic attestation isn't a requirement to use a service that still supports >10-year old x86 Macs?

Yeah? Asymmetric cryptography has been around a lot longer than a decade.

That's the foundation of attestation, not attestation itself. Macs did not ship with a TPM, and had no facilities for hardware chain-of-trust until the T2 chip in 2017.

But you don't have to have everything in place to do the basics. Use private keys stored normally on the device. If they get stolen or leaked, brick iMessage on those devices and show a message saying, "Your system has been compromised and can't use iMessage until you visit an Apple Store or call 1-800-..." Then just hand out a new private key at the store or over the phone with little friction, but track which customers are given new keys and how often. If there's a trend of someone receiving a bunch of new keys, investigate them before issuing more.

Or just allow a user to obtain a new private key via their iCloud account and associate the key with that account so that it can't be used to send messages unless you're signed into that account.

Newer devices that can protect their keys don't need that, and you phase the old process out over time.

Oh, so what you're saying is equivalent to "Apple should have cryptographically signed serial numbers/UUIDs, instead of accepting user-generated values"

But they already have a record of which serial numbers were actually sold (at least since some point), signing a device token/private key would be redundant and allowing user-generated serials to sign in with degraded trust is a policy choice.

Got it. Well that makes sense for older devices.

Messages has existed longer than the Secure Enclave has.

Secure Enclave doesn't have to exist for the rest of the system to work as I described. (And once Secure Enclave does exist, it can be used to further secure the private keys generated after that date.)

Without Secure Enclave, remote parties (the servers) can't know where the key material came from. I'm assuming because old devices pre-SEP have to be supported, Beeper is exploiting this since there's no required residency or provenance attestation for the keys.

The hackintosh community has tools to generate those #s. e.g. https://dortania.github.io/OpenCore-Post-Install/universal/i...

But why is it Apple's responsibility to accept a non-legit/unknown serial #?

But why is it Apple's responsibility to accept a non-legit/unknown serial #?

I don’t think anyone is arguing that it’s Apple’s responsibility to accept fake serial numbers.

The serial number is an implementation detail and not the core issue, which is Apple’s intentional degradation of the non-iMessage experience, and their stance against interoperability.

If this was all about security, they could accept something other than an Apple serial #, and provide a UX that makes it clear the user is interacting with a non-Apple user. This would address most spam/abuse issues.

But we know that this is about lock-in and not security.

I don’t think anyone is arguing that it’s Apple’s responsibility to accept fake serial numbers.

Can we confirm if that's what is happening here or not? How else is Beeper Mini able to work given Apple's requirement "iMessage auth + read/write requires valid_serial_number"?

The “How Beeper Mini Works” post from a few days ago doesn’t mention the serial number, so I don’t know.

But whether this is happening or not is immaterial to the broader philosophical issues being raised.

For sake of argument, let’s say they’re faking a serial number to make the app work. How does that change the impact of Apple’s anti-interoperability stance?

Again, if the real issue is security, nothing stops Apple from providing a secure alternative. And again, this takes us back to: this isn’t about security.

It’s not, and they don’t. This is a cat and mouse game. Apple is free to block these and people are free to keep trying to get around it. Everyone should be acting in good faith

It’s not, and they don’t.

they don't

They (Apple) don't accept requests without a valid serial #, but Beeper Mini is working (for users without iDevices), so there's some kind of exploit, no?

Maybe they generate legit-looking fake device serial numbers, that just happen to match real devices most of the time?

How does Apple not know a database of real serial #s that match products it has sold? Why would an API that goes to the lengths of expecting a serial # not validate and instead accept a fake "real-looking" serial # instead of a known- matched-in-the-database real serial #?

Well, Apple does not actually know which serial numbers have been sold. You can still buy Apple products outside of an Apple store, and even at an Apple Store, knowing which serials are sold is logistically difficult.

They could probably implement a process at Apple stores but to do it for third party stores would be more difficult. To avoid simply adding a step for a user to claim a serial number as sold when they set up their Hackintosh or HackiPhone (can we coin this?), you'd probably need a way to authenticate as the store when you mark one off. But there's nothing stopping stores who have excess inventory from selling it off at cost or even a discount when a particular product isn't doing well- and at that point those purchasers will need to be able to mark off serial numbers when they sell those devices.

It's not impossible but it's not terribly likely, at least any time soon.

Well, Apple does not actually know which serial numbers have been sold.

What about "serial numbers manufactured?"

I'm going to guess "Beeper Mini stealing manufactured-but-not-yet-sold serial #s for themselves" will be shut down super quickly. If you are a user who finally gets a device with a serial # "stolen" by Beeper Mini... that seems like bad luck/bad user experience?

That kind of collision is very unlikely to happen.

It is comparable to someone stealing your Windows license key by guessing randomly.

More on collision: https://stackoverflow.com/a/23253149/

Are Apple device serial numbers hashes, though? Suppose you look through a factory-packed box of iPhones, the kind that Apple resellers get delivered, would their serial numbers not be sequential or at least numerically close to one another?

I wonder why Apple lawyers don't go after Beeper with the CFAA?

It would be a mis-use of the act.

Maybe they will… but, also, I bet they can change their systems faster than the court system.

CFAA

Computer Fraud and Abuse Act (CFAA)

Some useful history, the AOL/MSN chat wars: https://www.nplusonemag.com/issue-19/essays/chat-wars/

AOL finally "won" that one by making a buffer exploit in their own client part of the required protocol. Later a court required them to allow messaging interop (as part of the Time Warner merger). They never implemented it.

Did AOL really win in the end though?

My youth was in the late 90s and 2000s and I don’t know a single soul that used AOL, ICQ, or Yahoo. I imagine all of them must have been hoping for the reverse at that point, access to MSN.

Yeah, what? I grew up (in the same era) using AIM and Yahoo, ICQ was a little before my prime. Everyone I talk to about those days used them as well. MSN was fine but AIM and Yahoo were where it was at for the bulk of my early years of instant messaging with friends. At one point a friend even made me an AIM account because I was using MSN and they wanted to chat with me but didn't want to do it through MSN.

Obviously just 1 anecdote but I just wanted to share that my experience and your experience were dramatically different.

Back then the networks weren't so locked down to the clients, so it wasn't as big of an issue to have friends on various networks either. I have to call out IRC too.

I definitely look back on those as the "good old days" of chat.

Especially with software like Miranda IM or Trillian, you didn't have to care which network your friends were on, you just had the one client.

I definitely miss IRC too

Like today, it was highly regional. The talk about Beeper Mini sounds ridiculous in the UK because literally nobody uses iMessage.

IIRC AIM was popular in America and MSN was popular in Europe.

Correct. Same with South America: everyone used MSN Messenger.

Plenty of people implicitly (and likely unknowingly) use iMessage in the UK, because iPhones are quite popular here.

But indeed no one uses it for group chats. That's what WhatsApp is for.

Perhaps it’s geographically correlated, I’m from The Netherlands, which would be West+Central Europe in terms of cultural zeitgeist. Would map neatly to the iMessage / WhatsApp divide too, if for different reasons.

Also from NL, was using ICQ at first then everyone switched to MSN. I do remember using AIM a little bit to chat with some Americans. This was the late 90's.

ICQ was a little before my prime

Huh? Most people associating ICQ with the 90s is so strange to me. In Russia we used ICQ so much it pretty much became synonymous with the concept of instant messaging itself. That was in the late 00s. Skype was also prominent. Then everyone gradually switched to VKontakte, when they introduced instant messaging and group chats, and then Telegram. At no point did we even try to get into AIM, Yahoo, or MSN.

Fun fact about our ICQ use: almost no one used the crappy official client. For most people it was QIP or Miranda.

Yeah honestly I wondered if my timeline was accurate when writing this. I just recall it being mentioned and people talking about ICQ numbers and never personally having one and thinking "Nah I've got AIM and Yahoo and MSN I'm good"

You must have been very young in the 90s because AOL dominated the late 90s. And it carried over into the early 00s with AIM even as people started to drop AOL as an ISP.

MSN was more of mid-00s thing. The 90s were all AOL though. I knew people who used ICQ (it was definitely more of a nerd thing) and Yahoo Messenger too.

My friends were all on ICQ and MSN, ca 2001-2007 was when I heavily used those.

Everybody was on all three for me. That being AIM and ICQ then later MSN. I don't remember much Yahoo messenger usage, just gaming on Yahoo, but everyone was on ICQ.

Y!M was used by niches as is Telegram to Discord, I found.

Unless you actually sign up you tend not to find anyone using it. But when you do, it all appears out of nowhere.

Same as when you buy a car and suddenly everyone has the same colour/model.

I used Y!M for NeoPets stuff when I was 14, and MSN for school but never ICQ or AIM.

Those time's were specially magical.

In the US everyone used AIM, in Brazil everyone used MSN. Never met anyone using yahoo. ICQ was big before that (mid-90s).

Clients could probably hook/trap a fake buffer exploit for protocol compatibility without the security concerns. This ends up becoming a game of cat and mouse resulting in even more intricate technical workarounds and hacks.

That would be pretty hard in general because you’d have to read the code they sent and figure out what’s safe to execute.

Thank you. I've been needing to read something retro like that for a while now. You scratches that itch.

That story has been playing on loop in a dark corner of my brain the last few days. It's as close to an identical circumstance as I can imagine.

Beeper has caught a ton of media attention in recent weeks but I truly do not understand it. The SMS protocol has been around for decades and works perfectly fine with iPhones. If you want rich media and other bells and whistles, use WhatsApp. How often does someone whine so loudly about insisting on using the closed, Apple-proprietary protocol that their friends need to pay a monthly subscription for a third party interop app?

I tell you what, if you're a young person you can be publicly shamed for having the wrong color bubble, or outcast by being excluded from a group chat. To you and I that probably doesn't make sense, but for a big portion of the young, phone using population being unable to participate in the iMessage ecosystem is a huge deal socially. You are essentially excluded from the friend group, you're excluded from conversations, and it carries over into real life because you've been excluded and that carries an impact -- you're an outcast. It doesn't have to be rational to be true.

Being excluded from a group chat has a huge social impact for younger people.

Those young people are probably doing themselves a favor by disassociating from peers who are shallow and prejudiced enough to exclude someone for, of all things, not using a specific (proprietary!) chat app.

Oh come on, are you claiming you don't have arbitrary actions/clothing/language that you treat as a status signal amongst your in group? Have you forgotten what it was like to be a teenager?

If you are a young person you can be publicly shamed for literally anything. If not this then a million other things.

I've experienced this first hand, even as an adult (well 20 something). I'd be left out of group chats because MMS breaks everything. I'd even missed events because it was all planned in the group chat, and assumed someone would mention it in person to me.

So many reasons not to use SMS: No indicators that the message was actually received (2023 and SMS is still flaky on deliveries), no read receipts, no presence notifications, no typing notifications, no encryption in transit or rest, no escaping group chat spam... that's just the high points.

All those real-time features are antipatterns that do nothing but create anxiety and a false sense of urgency. We use Slack at work, and the typing indicators/presence detection/etc. drive me (and many others) downright insane.

I agree that encryption in transit and rest are important, but there are open and verified solutions like Signal. It seems like extremely poor security hygiene to take Apple's word that their closed-source chat service is actually secure as they claim for it to be.

All those real-time features are antipatterns that do nothing but create anxiety and a false sense of urgency. We use Slack at work...

...and I use other apps to keep in touch with family in different time zones. For me knowing somebody is online in real time is quite comforting. Knowing they got my message and then that they read it, even if they don't reply, is also useful.

I see your point but there is valid usage outside of a corporate setting.

No indicators that the message was actually received (2023 and SMS is still flaky on deliveries)

Long time ago when I was actually sending SMS messages to real people, then-current phones had a "delivery notifications" setting you had to turn on. Then you would receive a notification when your message has been delivered.

The SMS protocol has been around for decades and works perfectly fine with iPhones.

It's not that simple, you get discriminated against for having a different color bubble and using up people's SMS allocation.

We should whine about (communication) interoperability, it's critically important for everyone. Purposefully or negligently creating incompatibilities is anticompetitive and generally toxic.

you get discriminated against for having a different color bubble and using up people's SMS allocation

It's really not about either. It's about UX. SMS and MMS message UX is terrible.

You're obviously not a teenager desperately trying to fit in.

It's a USA thing. No ones uses WhatsApp. Everyone has an iPhone. If you're using Android everyone knows it and they'll shame you for it.

SMS is fundamentally insecure. I don’t want to use WhatsApp.

If you want rich media and other bells and whistles, use WhatsApp.

People in America don't use WhatsApp. There's no reason for me to switch when none of my friends/family/contacts have it.

How often does someone whine so loudly about insisting on using the closed, Apple-proprietary protocol that their friends need to pay a monthly subscription for a third party interop app?

Enough that people don't date people who use Android

If Apple insists, we would consider adding a pager emoji to metadata on all messages sent via Beeper Mini. This would make it easy for Messages App to filter out any messages from Beeper Mini users.

As an iPhone user I would love for them to do this so I can not communicate with these users. The green/blue bubble gives me an indication of the encryption being used, and presenting a blue bubble while the messages are being MITMed (how Beeper works) is something I want to be aware of.

Beeper Mini does not MITM messages. E2EE is maintained throughout. More so than iMessage actually, which sends all your encryption keys to Apple in the most common configuration (iCloud backup). Where's your concern about that?

That is not true. iMessage content is encrypted in iCloud with keys stored in your keychain only accessible to your devices. When you add a new device to your account it learns the keys from one of your existing devices and requires touch/face ID approval. In an "all devices lost" situation the keychain is backed up to iCloud but encrypted using a key stored in an HSM that requires authentication using things only you know but are never transmitted to Apple using https://en.wikipedia.org/wiki/Secure_Remote_Password_protoco...

You have been misled. The truth is that the iMessage keys stored in iCloud are accessible to Apple unless you have enabled the non-default Advanced Data Protection (ADP) feature. This is clearly documented by Apple themselves[1]. And even if you do enable it, your messages are still accessible to Apple in the iCloud backups of the people you are messaging, since they likely didn't enable a non-default feature like ADP. Defaults matter!

[1] https://support.apple.com/en-us/102651

From that page: "For additional privacy and security, 14 data categories — including Health and passwords in iCloud Keychain — are end-to-end encrypted. Apple doesn't have the encryption keys for these categories, and we can't help you recover this data if you lose access to your account." The page goes on to list iMessage as always E2E. Other types of data like Calendar are only encrypted in transit and at rest so they can do server side processing.

You may also find their legal explanation a bit clearer: https://www.apple.com/legal/privacy/data/en/messages/

Specifically: "We designed iMessage to use end-to-end encryption, so there’s no way for Apple to decrypt the content of your conversations when they are in transit between devices. Attachments you send over iMessage (such as photos or videos) are encrypted so that no one but the sender and receiver(s) can access them."

The page goes on to list iMessage as always E2E

It does no such thing. I'm sorry, Apple's wording is precise but quite confusing. The link again is: https://support.apple.com/en-us/102651

You are likely being misled by Apple's confusing naming. In the "Data categories and encryption" table, "Messages in iCloud" is listed as always end-to-end encrypted, with a footnote. However this is not telling you that all iMessage messages are always stored end-to-end encrypted. In fact "Messages in iCloud" refers to an optional feature of iMessage. The table is telling you that if you enable the "Messages in iCloud" feature, your messages are end-to-end encrypted. But wait, remember that footnote! Follow the footnote reference to find out that in fact, as I said, the end-to-end encryption is broken by iCloud backup unless the optional ADP is enabled. This line of the table is extremely misleading to say the least.

But what if you don't enable the "Messages in iCloud" feature? Then your iCloud backup simply includes your messages, which again are not end-to-end encrypted unless you enable the optional ADP. That's covered under the "iCloud Backup (including device and Messages backup)" line in the "Data categories and encryption" table. Note that in this table "In transit & on server" means "not end-to-end".

The other page you link states that messages are "encrypted" in iCloud backups; it does not state that they are end-to-end encrypted in iCloud backups, in contrast to the following sentence which specifically calls out end-to-end encryption. The page seems designed to mislead, but it is technically not incorrect because it does not specifically claim end-to-end encryption of iCloud backups. The iCloud documentation I linked, on the other hand, is confusing but definitive and unambiguous if carefully read.

Beeper Mini does not MITM messages - it's a reverse engineering of how iMessage works, and runs entirely on-device, without putting messages thru Beeper's servers. It talks directly to Apple and pretends to be an iPhone.

You're thinking of Beeper Cloud, which does iMessage thru a Mac Mini in the cloud.

Beeper Mini does not MITM messages - it's a reverse engineering of how iMessage works, and runs entirely on-device, without putting messages thru Beeper's servers. It talks directly to Apple and pretends to be an iPhone.

It doesn't matter. It's closed source and not easily audited - they could easily just be doing a naive solution and piping every message back to themselves after it's decrypted by the client.

iMessage is also closed source, and iOS (as documented by Apple) backdoors the encryption in iMessage by including the cross-device “Messages in iCloud” endpoint iMessage sync keys in the non-e2ee iCloud Backup (as documented plainly in Apple’s own HT202303).

This means Apple can read the iCloud Backup contents, and Apple has the Messages in iCloud device endpoint keys, and Apple can decrypt the iMessages sent to or from the device in realtime.

iMessage is, in practical terms, not really e2ee.

It’s not fair to level these sorts of potential/speculative security concerns at Beeper Mini when iMessage’s first-party implementation has way worse problems that are actually documented.

It’s not fair to level these sorts of potential/speculative security concerns at Beeper Mini when iMessage’s first-party implementation has way worse problems that are actually documented.

Apple has a proven track record of not handing over all your messages to russian and chinese intelligence, something that beeper is almost certainly doing (as their business model revolves entirely around MITMing your email and chat)

You sound like a fifth columnist.

Even if it is done on device, the Beeper app is an effective MITM on what should be communications between official clients. It could have security issues, be logging everything to disk, or include a third party analytics SDK that is snarfing data for marketing. Like I said, if they want to flag the communications as being from an unofficial client I am ok with that.

Living in the country where absolutely no one uses iMessage, the whole kerfuffle about the colour of the message bubble leaves me completely flabbergasted.

I mean, probably the curvature of the Earth is involved, but from here this looks like a very small hill to die on.

iMessage is not about the color of the bubble. While the color is what's most noticeable to the end user, a non-iMessage chat means:

  1. Unable to rename group chats
  2. Photo sharing quality is lowered  
  3. Video sharing quality is abysmal
  4. Messages traverse carrier networks in plain-text
  5. Loss of undo send and delete
  6. Loss of inline replies
  7. Loss of typing indicators and read-receipts (if enabled)

Just to name a few.

I won't doubt the fact that you know that other cross-platform messaging apps exist.

My mom, in her 70s, barely gets iMessage -- half the time I receive "text" messages from her as an email! Throwing in Whatsapp or Telegram would just confuse her.

My grandma in her late 80s managed to learn a non-iMessage messaging app just fine, and she’s the most active one in my family group. If grandmas all over the world can use something else, your mom can, too. I’m sure she wasn’t born with the ability to use iMessage.

I'm just going to say that everyone's parents have different abilities. She can quilt like crazy, but the phone isn't her thing.

I’d add that photo and video sharing might not be free as even today it depends on your carrier plan.

… So it’s an extremely useful signal to tell you to use a different messaging app with this person. Glad we sorted that out!

It's not the color of the message, for me. If an Apple user sends me a video it comes through as an extremely low resolution and highly compressed video. Look at the unwanted grackles at my mom's bird feeder: https://i.imgur.com/7gBt22i.png

Fantastic, right?

Because it's sent as MMS. Apple implementing RCS next year will mitigate that.

RCS lacks end to end encryption.

Me too. But rather than the colour of the bubble, what leaves me flabbergasted is the fact that there is a country where people seem to associate a stigma to owning a phone of a brand perceived as being "less luxurious", and even take some pleasure in inflicting some annoyance on those in the outgroup. And all this because, hear, iMessage is the default app. Not because of some choice, or because alternatives aren't available. No, because default.

Relying on the assumption of an “authorized client” is fundamentally not a reliable security or anti-spam mechanism, as this Beeper saga demonstrates. A curious 16 year old casually figured out how to make a client be “authorized”, and a motivated party just demonstrated basic interference from Apple can’t stop it from continuing to practice guerrilla interoperability. Apple might be able to sue Beeper out of existence, but lets not pretend this approach is any meaningful defense against spam.

Do we know that beeper wasn’t cut off by e.g. an automated spam algorithm?

I saw lots of technical discussion in previous threads that stated that they were using the same faked hardware ID for all messages… that would seem an obvious red flag.

Beeper Cloud was running for years before, and Apple released a statement at the time they blocked Beeper Mini. This was not automated.

Beeper Cloud was running on actual Apple hardware until October 2023, which is when they switched to the software emulation approach that Beeper Mini is also employing.

Yes, but if Apple's complaint is truly about security then they should have blocked it even harder before, because the cloud version wasn't E2EE. Their behavior reveals that security is not their real concern here.

Structurally, the cloud version was you logging into your iMessage account on a friend's computer. How could Apple possibly prevent that?

I think it actually makes a pretty strong case for Apple opening up a better interface that lets people achieve the same outcome they clearly desire so much, they'd even compromise their own security to achieve it.

Apple had plenty of ways to detect a datacenter full of Mac minis logging into iMessage accounts from all over the world, multiple on each machine, with custom software automating message sending, which I believe is even open source so Apple could look at it.

I'm dying to know the technical details, but I wouldn't advise Beeper to disclose because it will just make it easier for Apple to block them.

The only thing this really demonstrates is that non-update-able software DRM doesn't work and Apple didn't introduce a robust hardware attestation mechanism early enough.

Relying on the assumption of an “authorized client” is fundamentally not a reliable security or anti-spam mechanism, as this Beeper saga demonstrates.

That's fundamentally false given how Apple is a hardware company, and going forward they can ship a cryptographically secure hardware attestation mechanism. The issue is simply that older Apple devices were shipped without this capability, and Apple doesn't want to break them to prohibit Beeper.

But make no mistake, in a few years when those older devices are fully deprecated, there is nothing preventing Apple from shipping essentially uncrackable hardware attestation.

Why are people obsessed with “breaking into” Apple’s walled garden? There are already secure cross platform messaging services like Signal or WhatsApp that has feature parity with iMessage. This is a solved problem that doesn’t need another solution.

US Americans love iMessage, nobody knows why.

Lots of Americans have iPhones, iMessage is the default messaging on the platform, and it's actually quite a good messaging system.

Holdover of them being obsessed with SMS for some reason too.

I remember having to pay 20c per SMS and 50c per MMS before IMs on phones became a thing. Wasn't hard for literally everyone to want to change to the first available client which for most people was WhatsApp, 2 years before iMessage was even released. Guess messaging was so cheap in the US that they didn't have a good enough reason to hop on the IM train for years.

tl;dr

Most people in the US use iPhones. They also like to use the default messaging app, which most of the time is iMessage. Some people like to use Android phones (privacy, cost, freedom), but still want to message their peers who use the Apple-only iMessage.

This is the best and most concise summary on the thread.

The equivalent would be if Microsoft, when they had the largest market share of email clients in the US in the late 1990s with Outlook Express (OE), decided to make it so OE-sent group rich text emails with attachments could only be received by other OE users, whereas non-OE users only received plain text emails with image thumbnails and downscaled video attachments. People would have lots of good reasons to use a different email client, like forthcoming Thunderbird, Gmail, or Apple Mail clients. But they'd find they couldn't communicate well with Microsoft OE users.

If Microsoft had made this change early enough and also made it so non-OE responses were color coded with a green background to indicate they are "lesser emails," we'd be in a world of Microsoft Outlook Express users would wonder why everyone doesn't just switch to Windows (the majority OS, at that moment) to make everyone's lives easier. And friends/family would exclude non-Windows users from an email thread as not to "degrade" the thread.

Communication via text with friends and family should be an open standard. Barring the availability of such a standard (e.g. RCS), at a minimum, the chat clients to communicate with friends and family should be x-platform (like Signal, Telegram, WhatsApp, and LINE all manage to be).

Ergo iMessage should, at least, have an Android app, even if such an app requires an Apple ID.

Because its the Hacker ethos. People need to be able to modify any software to suit their requirements and not have to blindly follow the prescription of a company whose interests may not align with yours.

Some people are finding themselves excluded from their social group because of platform choice - basically not being able to use iMessage (sometimes) means people don't want you in the group chat (because mixing iMessage and SMS messages makes a bad experience.)

It is incredibly difficult to get a social group to change messaging platforms, especially if that social group's shared interest isn't "using a good messaging platform"

The easiest solution is to conform to the existing messaging platform in the group. In the case of a bunch of iOS users, that might mean leaving Android for iOS. People don't want to do this (For a variety of reasons.) So being able to participate as a first-world-citizen of the platform has its appeal.

He mentioned their reason in the blog — that Messages is the default messaging app on iPhone and that it is also not a replaceable default.

From what we can tell, Beeper Mini was the fastest growing paid Android application launch in history. In the first 48 hours, it was downloaded by more than 100,000 people.

These numbers seem very low. I would have expected numbers in the millions.

Every consumer facing tech company with a paid product (physical or digital) I've worked at had Android as <10% of conversions. This includes just retail browsing from their phone shopping. Android users make no one money

Unless they're trying to join iOS group messages I guess

Our conversion from download to paid subscription is hovering around 50% fwiw

congrats eric, that's HUGE! A real pain point y'all are solving - long live Beeper!

Edit, forget what I said. I missed the keyword 'paid'.

Threads earlier this year apparently got 70 million user signed up the first 48h. I would assume this leads to at least >1m Android users?

First example I came to think about, might be much better examples out there. Regardless, something with "more than 100,000 people" in 48h is probably not the fastest growing Android app.

https://edition.cnn.com/2023/07/07/tech/meta-social-media-do...

If it was a free app sure, but in the paid category those numbers drop quite a bit.

Really shows to me why so many developers end up focusing so much more on the iOS versions of their apps. I would have expected the same.

I don't believe for one microsecond that those numbers would qualify as the "fastest growing paid Android application launch in history". I do believe that their numbers are that low - I don't know a single person who would pay to... what, have text messages appear in a different colour on other peoples' phones?

Note: "paid."

Stuff like this feels petty by all parties.

Use an app that’s already universal if users are so desperate.

Playing whack a mole back and forth over a chat app as if it’s some high minded fight for speech when countless options exist is melodrama for the sake of melodrama and engagement farming

Beeper real goal is like everyone else in tech; get rich. It found the perfect marketing meme, the old David and Goliath story, to piggyback its business goals on.

I had to purchase an iPhone solely to use iMessage. Believe me, I would have loved to use any other internet-based chat app. But I just can't move my entire social circle to a different app. The network effects and friction are too high.

The only thing end users really have control over is their own client. I don't know if they'll succeed in the long run, but I'm really rooting for beeper

Are you saying everyone in your social circle willingly vendor-locks themselves by using an app that is available only on a specific device? That sounds just comically bad. Where is that? USA? I just checked, the iPhone market share appears to be around 57% in the USA, which is sure a lot, but still it means that every second person does not have the ability to use this app. So how comes it ends up being inconvenient for normal people, and not for iPhone users? Weird.

Seriously, I'm struggling to imagine that. It suddenly reminds me of when Microsoft had to offer users to choose something other than IE because of anti-monopoly legislation. What you are telling me about iPhones sounds way, way worse than that. After all, it's not like people had to use IE before that, they just didn't know better. There was no network effect and vendor-lock with IE.

Also, what's even so special about this app? I maybe could understand that, if it was unique. But come one, WhatsApp, Telegram, Facebook Messenger, plain old SMS after all… And I'm not even talking about older VoIP/messengers (Skype, Jabber), community-centered apps (Discord, Slack, MS Teams) or some fringe messengers nobody uses even though they are clearly better than everything else (Matrix). By no means there is a shortage of messaging apps and protocols…

Do you hear yourself? Using using an iPhone for communication is perfectly normal. I’m at a top 10 (biggest in terms of number of students) university in the US and I can confidently tell you the overwhelming majority of people carries iPhones. The 57% statistic use site probably skewed toward the older demographic, where older people are more likely to use flip phones and androids. I would if I knew that strange if I wasn’t a part of group chat just because I have an android. Technical users like the increased privacy and security, while more regular users like the extra features. They’re just isn’t an argument to be made for having androids in group chats. And no, nobody is using signal or telegram or WhatsApp in college

Honest question, does anybody ever consider that excluding non-iPhone users from a group chat is a dick move?

How hard it is to install a cross-platform app? Some of these apps also work in a web browser on any OS, which is a nice advantage over iMessage.

Are you saying everyone in your social circle willingly vendor-locks themselves by using an app that is available only on a specific device?

The problem is this isn't how a non-technical audience views the problem. To them, they get a fully featured chat (rich media, reactions, hi def photos, etc) with most of their social circle. They don't have to install anything, they don't have to sign up for anything, they don't even have to remember different credentials, it just works. Best of all, it just works across their ipads and macs, too.

Sure, it doesn't work for a portion of their friends, but from their perspective, their friends are the weird ones: why wouldn't you switch to a phone that has a "better" experience like this?

By no means there is a shortage of messaging apps and protocols

This is a bug, not a feature, in a world where there's no common clients that work across all those ecosystems. You go back to 2008ish and you have half a dozen clients that speak Jabber or XMPP. You can sign into GTalk or Facebook Messenger or (gods forbid) Yahoo Messenger all from the same application, and it all mostly works. Now you have a zillion apps and a zillion logins and some of them have nice features and some don't, but without interop, there's an upper limit to the number of chat apps people are willing to maintain to just talk to other people.

Especially when, for Apple users, the best one is already on their device.

I will place a bet with you, if you like, that will be very easy for you to win if you're correct in your comment.

The bet goes something like this: Pick a group chat you're in of 10 or more real-life acquaintances who all currently only use a single messaging platform, and convince them all to move the group chat entirely to a different messaging platform, and delete the old group chat.

It doesn't matter which messaging platform you're moving to, any will do, and as you mention there's many to pick from -- some of which are probably better and more feature complete than the one your group chat is currently using.

But those effects are not universal.

Not everyone is locked into iMessage.

Of course you’ve hardly been forced into hard labor in the gulag.

Can we use government for something more universal than saving you from your social groups choices?

Apple is writing their own death sentence here. Beeper Mini's case will definitely be used against them when their anti-monopoly case inevitably comes about:

1. Forcing a monopoly when they force-migrated their users to iMessage

2. Maintaining said monopoly by keeping third parties out

Best thing they could do is put third party clients into a MFI like program and loads of red tape.

A case against a monopoly with a minority market share. Good luck with that!

As far as I know, Apple has the majority of the market in the US where iMessage matters most.

Even if you limit it to the US, they have 56% which is only a very small majority. Are you trying to argue that that 44% of users not on iOS can’t message others because of that terrible Apple monopoly? Frankly, that’s just ridiculous and your fantasy case is so hopelessly going nowhere nobody is going to even start it.

Why do you think an anti-monopoly case will ever come? Europe has dropped it, and US pretty much everyone in power (and all their families/friends) is an iphone user. They're probably completely unaware that there's a problem, and even if made aware they have positive vibes for Big Gray

The EU hasn't dropped it. The consultation period is still ongoing, the news was that the EU is only tending towards not regulating iMessage, but it is not set in stone yet:

https://techcrunch.com/2023/12/06/imessage-will-reportedly-g...

It is very much possible that the current kerfuffle has some bearing on future regulation.

That said, iMessage is not really big in Europe, Whatsapp is, so it's more interesting for the EU to regulate that.

1. No one is "force-migrated to iMessage". Have you never used an iPhone before?

2. Requiring an application made by the company to access the servers owned by a company has never in history been called a monopoly before. The precedent that'd set would be pretty laughable. It'd basically make it law that everyone has free access to private servers of any company if they can reverse engineer the protocol. You could say goodbye to anti-cheat systems that block third party clients from online games.

The whole green bubble thing with Android SMS on iPhone is a problem, but the solution is to get everyone to use a different chat app. Apple will never give this up.

Google could be leading that charge and providing a world beating chat app that works across all phones and all desktop devices. They have every reason to provide the best chat app in the world and yank iPhone users over to it. Instead they have given up on chat. The Google Hangouts/Meet chat situation is a disaster on iPhone and on desktop. They don't even try. It's proof that they are lost.

but the solution is to get everyone to use a different chat app

And how do you do that?

Google could just leverage the very popular Gmail app and start piping people into chat from there. They don't even try. Their Hangouts/Meet app on iPhone is a withered husk.

The whole green bubble thing with Android SMS on iPhone is a problem, but the solution is to get everyone to use a different chat app. Apple will never give this up.

There are so many competitors in this space, you really can't claim it's for lack of trying.

Defaults are powerful, especially for Apple users.

It's not just that defaults are powerful, it's the network effects. When WhatsApp was purchased by Facebook, there was a strong movement in Europe to move to other messengers. But it never really got off the ground because everyone is on WhatsApp. Trying to live without WhatsApp in some European countries only leads to social isolation (a bit like trying to live without iMessage in the US).

The funniest outcome with this whole “Apple vs. Beeper” saga would be if Apple said, “Fine use the iMessage protocol. We won’t break interoperability and you can even have full feature parity…

BUT… Any messages sent this way will still show up as the dreaded “Green Bubble”.

(I hope Eric and the Beeper team can pull through!)

Messages sent via SMS or iMessage already look identical to the recipient, the only distinguishing feature is a small header at the top of the conversation that says either "Text message" or "iMessage".

SMS doesn't support emoji reactions, read receipts, typing indicators, high quality pictures/video, or groupchats over 10 people. These are deal-breaker for anyone that texts regularly

If the green bubble (or teal bubble or whatever) works with iMessage, I will be happy. It's about the functionality, not the status symbol.

For many people, it is about not looking like a brokie to their peers, and that's what apple counts on.

Apples response:

These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks.

Didn’t it recently come to light that apple have been “exposing” that metadata to government agencies for years? Maybe they should stop exposing metadata rather than blaming others for replicating their implementation!

How does a 3rd party implementing their API mean there will be “unwanted messages, spam and phishing attacks”? Are they accusing the 3rd party of doing that, or do they believe 3rd party software is inherently inferior to their own (which constantly needs security updates).

Because by abusing an older style auth method, they skip a lot of the checks required to start iMessaging people currently.

This methodology can be abused by SMS scammers, phishers, etc to easily target the iMessage network that users may often feel has a higher default level of trust.

You can't imagine how exposing a new, automatable interface might increase spam?

Man, what an absolute waste of engineering talent.

I don't understand those in this thread celebrating the "hacker spirit." The real "hacker spirit" would be something like, I don't know, building a better alternative to iMessage. This is just a game of whack-a-mole, destined to lose.

Making a competitive alternative to iMessage is a game of whack-a-mole that you will always lose, too. Apple would never give a third-party the same level of control they have to integrate with iOS.

So, Beeper's approach here at least makes sense to me. They aren't representing the "hacker spirit" like Torvalds or Stallman, but they are highlighting how arbitrary some software limitations can be. Their efforts here, wasted or not, will be cited when iMessage finds itself in court next time. And to Beeper, a company founded on the idea of unifying all messaging clients, that may be a worthwhile business investment.

iMessage isn't dominant because it's "better". It's dominant because it's the default. Doesn't matter how good a chat app is, iMessage users aren't going to switch

No, it's not. I don't get the 2FA code. It never worked before for me. Never worked with Beeper proper either.

Do you get 2FA codes when logging in from am actual Apple device? Because it might be an issue with how your apple account is set up to do 2FA that has nothing to do with beeper

Yes, I do. I only have issues with Beeper and Beeper Mini. In fact, months ago, when I tried to set up Beeper, my Apple ID got into an "account lock" endless loop for over a month - every few minutes, I would get a popup that my account is locked, I go through the unlocking process, and a few minutes later, the whole thing repeats meanwhile asking me to rest my password.

In the past, I tried creating an app password as well, but it didn't work either. Now, it fails to create an app password, but you still can't log in with an app password.

Time should be well spent by creating meaningful apps that can solve world hunger, poverty, water shortages and all that shit. All this circus for a blue bubble is just so hard to comprehend.

If we’re going to solve all hunger, poverty, water shortages and all that shit before we ever do anything more, then we’ll never do anything more.

...that can solve world hunger, poverty, water...

Ah, but no profit there. Not being cynical, have witnessed ngo's first hand in war zones.

Is it possible to install macos in a virtual machine and use iMessages?

not anymore

Yes it is. Hackintosh users have no problem using iMessage or FaceTime.

Totally tangental but now that iPhone users are using RCS the chances of successfully sending them a message feels like its dropped by half to me-- that is about half the time my messages aren't getting through, to multiple individuals.

iPhone is not using RCS yet. It has only been announced, to be launched some time in 2024. See eg https://www.forbes.com/sites/kateoflahertyuk/2023/11/17/appl...

Weird, I'm getting the RCS bits in Android from some iPhone people. I don't think they're using a different messenger than iMessage.

This clearly isn't going to be solved through technical means. It makes me wonder - if Apple were to stop obstructing interoperability, how much the resulting market for competition to iMessage and other parts of the walled garden be worth? A couple billion dollars? With today's valuations, probably closer to trillions.

Why then VCs aren't willing to spend a fraction of that - say a couple billion - to invest into a crack team of lawyers and sue the shit out of Apple over this issue? When at least one side of the suit is a corporation, my understanding is that American justice system is basically the game of who can outspend whom. Surely enough VCs could outspend Apple on this while still securing some probable profit in the end?

Why is this not happening?

So much of the current tech companies derive at least part of their profits out of restricted interoperability. A legal precedent allowing adversarial interoperability would be the death of any "engagement"-based business model, aka most of tech nowadays. Alternatively clients would pop up left and right that will strip out all the "engagement" nonsense (as well as the spyware/malware), and those will no longer be stoppable by legal trolling.

Such a move would completely kill off VC's (already sick) golden goose. They would lose more than what they'd win.

In some countries it's already legal to reverse engineer software for the purpose of interoperability.

They sure are trying hard to get sued.

I suspect they are hoping for it and have a rich benefactor who's willing to see this fight to the very end, in hopes of setting a precedent.

Got myself a apple ID for fun but cannot sign in, as SMS second factor fails in Beeper Mini. Wonder if they found another way again to detect the 'fraud'.

You're way ahead of me then. Out of curiosity I tried to register a new Apple ID to use with the updated app and the registration page throws 400 at me no matter what I input.

Interestingly, in the groupchat I'm in (N=67, mostly software engineers in the Bay Area), I've noticed a high correlation between people taking Pro-Beeper and Pro-Palestine stances, and those taking Pro-Apple and Pro-Israel stances

This would be for socioeconomic factors but it maps to my experience.

Downvoters are simply butthurt that others are noticing this connection. Getting downvoted here is evidence that you’re speaking truth to (apple) power

I wonder how far I would have to dig before I found the way Google is funding Beeper Mini. They are a sacrificial lamb, getting lead to slaughter so Google can ask EU regulators to stop Apple’s anti-competitive actions.

Considering beeper is coming after Google's closed chat networks too, I doubt it.

I get why many people might want this, but open standards are the way to go, and this seems to be playing into the hands of proprietary in some ways.

Beeper's ultimate goal is to promote the Matrix protocol, and bridge proprietary networks to the open protocol

At what point does Apple start a lawsuit? I hope they don't, but I can't see them ignoring this.

What grounds can they sue them on?

I just wish Apple to get into another anti-trust case, ideally by the EU, over this.

The underlying connection method is open source, for anyone to review.

SSPL sure isn't open source and I'm certainly not reviewing this. At best it's source available. I'm all for separating the meaning of the term from OSI's opinions but this usage misses the mark.

I am not a lawyer, this is not legal advice, etc.

edit: nm, their help page explains it.

Wild the Apple pundits who were weirdly angry about this app acting completely disgusted someone would do this. So strange to see that attitude from the Apple community when some of us are old enough to remember when Apple wasn't in a position of power and we absolutely relied on these sort of projects to exist and work in a Windows dominant world.

Try as you may, you will not escape the village

https://youtu.be/op7IgFbT8l0?t=194

"We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage."

They never addressed that part of Apple's statement. I don't see how they can survive without doing so.

fwiw, updating the existing app didn't work. I had to uninstall/reinstall. After authenticating with Apple vis Beeper Mini, my iPhone says a "Mac now has access to iMessage." (via https://techcrunch.com/2023/12/11/beeper-mini-is-back-in-ope...)

Anyone got a referral code?

One thing I’m not seeing discussed in the battle of client apps, is that Apple is still paying to run the backend servers. Considering the ubiquity of iMessage, this ain’t cheap.

When Beeper charges customers subscriptions for the client app, do they kick back any money to Apple who provides server side support for iMessage?

I really want to use this but it just seems unrealistic. I don't want to start new iMessage group chats with friends, explain to them how it's possible, only for it to break 3 days later. I knew this would happen the first time which is why I didn't subscribe. And now I don't want to create an Apple ID only to have it banned and messages lost.

I love that you're pursuing this and taking on Apple, but at the same time your marketing has felt misleading and you've put a lot of users at risk by listing on the Play Store with a subscription model.

Not living in US so it's fun to see people poking at big corporations like the mouse-and-cat chase of ad-blockers and anti-ad-blockers. Unfortunately, in the end, it is usually the big companies that have both the moral and technical high grounds, just like YouTube and Reddit did.

Also funny to see HN trashes on Google for their Web Environment Integrity while Apple pulling off the biggest attestation scheme in history (they even shipped attestation in Safari for a year before anyone noticed).

iMessage is possibly the most effective vendor lock-in I've ever personally experienced. I resent it, but I don't have time to fight it. Maybe 1 of the 20 people I regularly text with use Android. The amount of video/photo sharing my wife and other family members have done throughout the years is via iMessage is downright incredible.

There ARE alternatives, as posters have noted. In an iMessage to an Android user, I shared some information. Android user said that I could share the info with third user if I were on WhatsApp, but I choose not to use apps owned by companies built upon surveillance capitalism, and soon, using customer data to train AI. (Which may include Apple). Hmmmmmmm.

Guess what? Signal locks out non-Signal users, WhatsApp locks out non-WhatsApp users (AFAICT, I don’t use others, and Signal is refusing to work on my systems for reasons I don’t know, and I can actually live well without it)

The bubble with bright white text on a bright green background hurts only ME, the Apple user with old eyes, and I have offered old Apple gear to friends so we can FaceTime, a nifty way to reuse rather than recycle gear.

I got my first iMessage spam from an email address ever. I wonder if this whole thing is related..

At some point, Apple is just going to send them a cease and desist.

Final result: Apple releases official iMessage client for android, but messages sent from it show up with a little green android icon in the corner. :)

Just got a notification that it's working again and I could log in

If nothing else it’s a fun game of cat and mouse in the most David vs Goliath way possible, to mix metaphors.

Is it likely that Apple just has an engineer working on reverse engineering Beeper to find and patch the latest method?

How is it better than, e.g. Whatsapp ?

There is no doubt that Google will refund every single customer that asks (they are way more flexible about refunds than Apple - I've known people who were able to get substantial amount of IAPs from games refunded just because they didn't like the results they got). I suspect those refunds will be net negative for Beeper.

We—of course—expected a response. What we didn’t expect was 1984-esque doublespeak. The statement is complete FUD. Beeper Mini made communication between Android and iPhone users more secure. That is a fact.

Is it? Their argument about a potential increase in spam (by removing the existing annoyance barrier of signing up to iMessage with a phone number before getting full access) is valid. And from their perspective, a third party app could be doing anything with the messages once unecrypted, despite Beeper's claims to the contrary.

Don't get me wrong, it's obvious Apple went looking for the first 'valid' reason to kill Beeper Mini. I also own a ~~Beepberry~~ Beepy, so I am a fan. But this isn't FUD at all, this is a potential risk to their userbases' privacy (as well as their bottom line).

Was really hoping to read about what Apple changed to break things, even if they won't explain how they worked around it

Oh yeah because this went so well last time.

It took them what, a lazy few days to kill it off last time, bets on about the same, along with a “don’t make me do this again” warning?

This is some ways like Youtube and adblock. Apple is completely within their right to try to kick Beeper to the curb but I also enjoy watching a scrappy company like Beeper try to circumvent Apple's attempts to shut them out.

Because of how likely it is to be killed though I don't think I shall be adopting it personally.

Your view on iMessage depends on your social network. If your social network uses other messaging apps, this whole exercise seems pointless. Many of you outside of the US fall into this category. Many of you technically-savvy commenters also fall into this category. But if you are a teenager in the US, 85%+ of your social network uses an iPhone, and you will not convince everyone you know to switch apps for you. The green bubble causes real problems, and Apple does this intentionally to coerce teens and others into buying their phones. It’s anti-competitive and immoral for a company of that size.

how is it legal to use private apis of another company in your product? does it not count as cyber attack or potential dos?