Beeper Mini Actually Brings iMessage to Android

Reading Time: 7 minutes.
Overlapped features and screenshots from the linked blogpost.

via Beeper

Nothing and Sunbird tried, disastrously, to bring iMessage to Android. They failed for two reasons. First, the relay method they were using required decryption of any messages on their servers, meaning it broke the end-to-end encryption iMessage is known for. Second, they logged every piece of those decrypted messages in plain text for anyone to see. They not only violated user privacy, they did the absolute worst thing they could do with that decrypted data. There are ways to at least try to protect this data, and they did the only thing that is utterly unforgivable. They logged everything sent through their service.

How could anyone ever trust an “iMessage on Android” solution again?

Beeper Mini is different. The original version of Beeper did use a relay service, but it allowed you to set up your own Mac as the relay point, so at least you could control your data. That’s not what Beeper Mini does. Beeper Mini isn’t a relay service. Instead, it registers your phone number with Apple’s iMessage service by making Apple think your Android device is an Apple device. They basically trick Apple into setting up iMessage on your device. Then you can send and receive end-to-end encrypted messages directly through iMessage, without anyone in-between. It’s literally iMessage on Android, finally.

What Makes Beeper Mini Different?

A fake text exchange: Hey, guess what?
We're actually just a back-and-forth between the same person to illustrate something for her blog?
Upgraded to Beeper
iMessage
No, well, yes, but...
Hold the fucking phone. Is that an iMessage?
Awww yeah!
Congrats on getting a real phone?
Nope. Well, yes. My Moto Razr is sending these!
Well, welcome to the big leagues anyway!
<Animated if of Jackie Welles from Cyberpunk in message>

The biggest difference between Beeper Mini and other iMessage services on Android is that Beeper Mini is not a relay service. There isn’t a server somewhere that is collecting and forwarding iMessages to you. Instead, your device connects to Apple’s services in the same way that any of Apple’s devices would. No one gets your encryption keys, and no one can read your messages but your recipients. Your messages are treated the same as any other iMessage, end-to-end encrypted and only sent through Apple’s servers.

Every bit of the data you want to protect stays local. You don’t even have to log in with your Apple ID to make it work, it can be 100% Android-powered. Your contacts are exclusively on your device, and never get uploaded to any servers. Your encryption keys are also only ever stored on your device. Everything sensitive stays local.

Beeper Mini works with most iMessage features, including typing indicators, read receipts, reactions, high-quality media attachments, animated gifs, and more. It doesn’t currently feature SMS and iMessage side-by-side for talking to Android users who don’t have iMessage, but that is a feature in the works. The features of Apple’s Messages app, like iMessage games, are not present yet either, but for the messages themselves, no one will even know you’re using an Android device.

For many, iMessage is the main reason they stick with iOS. Could Beeper Mini finally change that?

How Does It Work?

Screenshot of the linked explanation

via Beeper

You can read up on the full details on their technical paper here. A 16-year-old researcher made a breakthrough in reverse-engineering Apple’s iMessage. The key is getting your device registered with Apple. Usually this includes sending device information and an Apple ID. However, these could be spoofed. A standard SMS is sent to Apple, which sends data back, and is then confirmed. Once you have that step, the rest is far more easy. Just like any other iPhone, your Android phone can hit Apple’s servers to request iMessages. Just like it would on an iPhone, all messages are encrypted on your device before you send it, and all messages you receive are also encrypted. Everything is end-to-end encrypted, with no middle-man, just the way Apple intended.

But how does your device know to get messages? On an iOS device, your device just constantly listens to the Apple Push Network (APN). This tells your phone when a message is on the server, so it can download it an encrypt it. However, Android devices cannot subscribe to Apple’s push messaging service. To work around this, Beeper made the Beeper Push Network (BPN). Their servers listen for notifications on the APN for you, and then forward the notification over their BPN to your device.

Whoa. Hold on. That sounds like a middle man. And it is! However, these are only push tokens. They do not have message data. Message data is not sent over push messages. Even if it was, the data would still be end-to-end encrypted, because Beeper does not have access to your keys. All decryption happens on your device. It is impossible to decrypt messages along their path. This is just a bridge between Apple’s push network and a push network that your Android device is compatible with.

No Apple ID is required because the service sends mock data to Apple to register your phone number. However, if you want to register with your own Apple ID, you can. This data is not sent to Beeper, and is only used to connect your phone number to your Apple ID so you can receive messages on your other Apple devices. It’s useful to ensure you still get the same iMessages on your Mac as you do your Android phone. Those who have used this method state that their Android device shows up on their account as a new Mac, and it is indeed not on a server somewhere. Beeper says they had to pretend your phone was something, and making it look like a Mac was the simplest way to do that for registration.

Is It Secure?

Every iMessage service that uses a relay is, inherently, insecure. With the recent news that Nothing and Sunbird’s iMessage relay service was copying users’ messages to their servers, an iMessage on Android service should be met with scrutiny. Beeper seems prepared. They released Beeper Mini right after this controversy, knowing their system is completely different than Nothing’s.

First, the encryption. Beeper Mini uses the same encryption standards as an iPhone sending an iMessage. That’s to say that the message gets encrypted on your device, it never gets sent to Beeper’s servers, and it is only sent through Apple’s services, just like an iMessage from an iPhone. These messages are encrypted the entire way.

Secondly, you can look at the proof of concept. Not only does Beeper explain how their new service works on their blog, they also have the original proof of concept available online. I wish Beeper made the source code for Beeper Mini open-sourced, but they do at least show how they managed to register Android devices with iMessage, making an Android device “look” like an Apple device to Apple.

As far as data collection, there is a small amount that Beeper is performing, but it’s related mainly to diagnostics and your Google account for payment. You can read the full Beeper Privacy Policy here. Beeper says they collect: your name, phone number, IP address, device and Android version, Google and (if used) Apple email addresses, an anonymous push message notification token, and optional diagnostic information. The name, phone number, and IP address is likely for charging you, and is no more than any website you can buy things from would collect. It’s not perfect, it’s not anonymous, but then again, neither is iMessage.

It’s reasonable to be wary. Someone tries to sell you something that seems too good to be true, it typically is. However, this appears to be not significantly less secure than using iMessage on an Apple device.

Are There Drawbacks?

Yes. You’re using iMessage through a third party. Apple never wanted that. It may be going directly through Apple’s servers, but they reverse engineered a current version of iMessage. They slipped in through a flaw in Apple’s iMessage setup flow. Apple could find a way to shut it down, locking everyone out. If that happens, you’ll have to go to Apple’s website to deregister your number or deregister your number in the Beeper Mini App. Otherwise, you won’t be able to get SMS messages from iPhone users because Apple will think you can receive iMessages instead.

The other drawback is that you’ll be reliant on a third party. You’ll have to pay them $2 per month to use the service. That’s not too bad, but iMessage is free for iOS users. You may have to make sure your number registers with your Apple ID, if you ever switch.

Beeper says their solution is legal. While it involves an unintended usage of the API, they say reverse-engineering for interoperability is considered “fair use.” Apple may be able to challenge the idea that it’s fair use, but that could take time. It’s more likely they’d try to lock Beeper out through drastic API changes and updates pushed to Apple devices, but even that would be difficult, as Apple would have to update many older devices as well.

Should You Get Beeper Mini?

Screenshots from the signup flow, showing it took under a minute to sign up. It only transferred over 5 chats.

Apple could shut this all down. The way to do it may be to create a unique identifier on every Apple device, hash it, and store the hashed table on Apple’s servers. Then they could do a quick “is this an Apple device” lookup any time you try to use the service. If it’s not, it could disconnect you. However, privacy advocates wouldn’t like Apple collecting a list of unique identifiers, potentially tying them to numbers. Apple is also arguing against opening iMessage in the EU, and the presence of apps like this could help their case, while locking it down could hurt them. Apple would likely get some bad press for shutting Beeper Mini down. I wouldn’t put it past them, but it’ll be a difficult decision for Apple.

Beeper avoided copyright issues by calling iMessages “Blue Bubbles” throughout the app. They wrote their own code and used an open-source reverse-engineering project to make their app. By all means, it seems like everything Beeper is doing is legal, and they have a steady source of reliable income, with no need for scams or data collection. If you have an Android device and want to use iMessage, this looks like the best way to do it.

I will likely do a few small basic security reviews of my own phone while using the app, but nothing seems out of place. The app is from a trustworthy company who already did everything they could to protect privacy of users when their iMessage solution was a relay service. They’ve been up-front about expectations, detailed how the software works, and don’t have any reason to risk losing the trust of their users. They didn’t even want to fund the app with ads, only offering it as a subscription. By all means, it seems legit.

The only thing that makes me somewhat suspicious is that there are no open-sourced parts of their app. It wouldn’t be hard to just make parts of the app open-sourced so we can verify the security protocols in place. However, the risk of destroying their company by lying in their privacy policy and technical papers would not be worth any reward they could get from lying to users.

I downloaded it and have been trying it out for the past day. It’s a surprisingly seamless experience. I think it’s as good as, if not better, than what Apple could give us for “iMessage on Android.” If you’ve been looking to send blue bubbles from your Android phone to your friend’s devices, this is the best way of doing it. Software professionals will continue to scrutinize it, and Apple will likely try to find ways to shut it down, but, for now, this seems like a great solution.


Sources: