Beeper Mini — the app that allowed Android users into to Apple’s iMessage walled garden via some clever reverse engineering — abruptly stopped working yesterday, just three days after launching. Now it seems certain that the sudden outage is a result of an Apple intervention.
While the widely shared Apple PR statement doesn’t mention Beeper Mini directly, it’s pretty clear that’s what it’s about. “We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage,” the statement explains.
“These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks,” it continued. And while Beeper is still beavering away on a workaround, it doesn’t look like Apple is going to get tired any time soon: “We will continue to make updates in the future to protect our users."
The core criticism — that Beeper Mini “exploit[s] fake credentials” is true. As iMessage is only open to Apple devices, Beeper Mini works by pretending to be one, which is why it previously worked so well. The embedded video below from Snazzy Labs neatly explains how it worked in more detail, but the long and short of it is that Beeper Mini spoofs a legitimate Apple hardware key.
The question of whether that leads to weakened security is a less clear-cut one, however. Beeper says that the app is fully encrypted and private, and that only the sender and receiver can read messages sent via it. It’s even offered to show its source code to a third party to verify this to Apple’s satisfaction.
The irony of all of this is that by integrating directly with Apple, Beeper Mini actually appears more secure than other Android workarounds.
“If Apple truly cares about the privacy and security of their own iPhone users, why would they stop a service that enables their own users to now send encrypted messages to Android users, rather than using unsecure SMS?”, asks Beeper founder Eric Migicovsky to The Verge.
It’s a good question, and one that Apple would argue is being answered by its belated embrace of RCS messaging next year. A more cynical answer would be that Apple knows iMessage’s platform exclusivity is a great way of retaining users and attracting new ones.
That’s especially true of young users who, as the Wall Street Journal famously explored, can be a bit judgemental about the second-class texting experience Android users get on the platform: basic text, horribly compressed media and the dreaded green bubble. Apple has confirmed that Android messages will still be green, even after the integration of RCS is complete.
Indeed, the WSJ article digs out a decade-old quote from Apple’s Craig Federighi, where he says that introducing iMessage to Android would only result in removing an “obstacle to iPhone families giving their kids Android phones”.
For now, Migicovsky appears bullish about the prospects of keeping Beeper going. “Beeper Cloud and Mini are apps that need to exist,” he wrote, in response to a tweet asking if “an endless cat and mouse game” is a reliable business model. “We have built it. We will keep it working. We will share it widely.”
It may be a moot point. One thing that people need from their messaging apps is reliability, and if persistent outages become part of the experience, then it’s hard to believe users will keep paying $2 a month.
