Leaf&Core

Beeper’s on its Last Leg and Apple’s Not to Blame, Though Some Disagree

Reading Time: 8 minutes.

Beeper and Apple logos clashing, darker, grainier The game between Beeper and Apple may be nearing its end. Today, Beeper announced a new fix for Beeper Mini, to enable iMessage one last time. They say if Apple finds a way to block this method, they’ll back away from the fight, making no more attempts to bring iMessage to Beeper Mini. However, that doesn’t mean the fight is over. Beeper might not try to wriggle their way onto iMessage through clever coding again, but there may be a legal or legislative angle they’re pursuing.

Beeper has made bridges that connect various chat networks into one protocol, the Matrix protocol. This allows them to use cloud-based servers to intercept messages and transmit them to devices. They also allowed iMessage users to bring their own Macs to serve as a bridge, effectively bringing iMessage to Android. However, they introduced a new product, Beeper Mini. This was able to sign up for iMessage in the same way an iPhone would, because it tricked Apple into thinking it was a newly-registered Apple device. This started a game of cat and mouse, with Apple finding new ways to block Beeper’s progress at every turn.

Beeper may be on their last leg, but legislators may have picked up the baton. Lawmakers are asking the Department of Justice (DOJ) to investigate Apple for “potentially anticompetitive conduct.” Could we see the end of iMessage exclusivity? What would that mean for the larger tech industry?

Beeper Mini: Only Mostly Dead

For a brief moment, we had blue bubbles on Android

Beeper’s subreddit is abuzz. It’s been incredibly active as users desperately try to ensure their connection to iMessage. They got a taste of blue bubble life and don’t want to go back. It’s possible that Beeper, inadvertently, gave Apple the best iPhone marketing they’ve seen in years, a free sample of the good life.

Users are desperate to get their phones working on iMessage again, but it’s not simple anymore. Previously, a user could sign up for Beeper and gain access to iMessage. Now, it’s far more complex. Users of Beeper had to first get access to a Mac, and, now, an old jailbroken iPhone. Yes, the solution to getting iMessage working on an an Android device is an iPhone.

Buy yourself an iPhone, as Tim Cook might say.

Getting the Blue Bubbles Back

Beeper announced a solution they admit is “not ideal.” The requirement is a Mac or old iPhone. Either has to be online at least once a week to maintain the registration with iMessage. Beeper Cloud users will be able to use a Mac to re-register. You can get a friend who has a Mac, however, they state that only 10-20 Beeper users can safely register with the same data. They don’t seem to know if there’s a hard limit, so try it at your own risk.

For Beeper Mini, the service that turns your Android phone’s messages blue, you’ll need… an iPhone. That’s not a cheeky way of telling you to just buy an iPhone already. You’ll need an old iPhone, from the iPhone 6 to the iPhone X, and a Mac or Linux computer. Then you’ll need to jailbreak the iPhone, install a Beeper app on it, that will generate an iMessage registration code, which you’ll copy over to your Beeper Mini app on your Android device, then register. Next, “Leave the iPhone plugged into power, at home, connected to wifi.”

Except do not do that. You can maybe do that if you removed the battery and the phone can boot without it. However, otherwise, you’ll have an old device with an old lithium-ion battery plugged in, all the time, likely slowly swelling until it eventually cracks the glass or some other element in the device, puncturing it, and starting a fire. Do not leave old lithium ion batteries plugged in unattended.

More Challenges for Partial Wins

Beeper’s other solution is to buy or rent an old iPhone from them, which will come preloaded with their helper app. You can also use your Beeper Cloud setup to activate Beeper Mini, however, you won’t have phone number support. It’s at most a partial win, and isn’t nearly as easy to set up as Beeper Mini once was.

To help convince you to give it a shot, Beeper has made their iMessage bridge, Mac app, and jailbreak iPhone app open-sourced. They still won’t open-source the Android client, though, which is where the real security concerns lie.

Throwing in the Towel

“As much as we want to fight for what we believe is a fantastic product that really should exist, the truth is that we can’t win a cat-and-mouse game with the largest company on earth.”

– Eric Migicovsky, Beeper CEO, via Beeper

Beeper’s CEO announced that they believe Apple won’t go after their recent attempt to bring iMessage to Android. It’s a method they believe “Apple can tolerate existing.” It’s a difficult solution that requires access to a Mac for email-only iMessage and an old iPhone for normal iMessages on Beeper. Apple got Android users to buy an iPhone, it’s a win for them.

However, if Apple shuts down these methods, Beeper’s not coming back for another round with Apple. They’ll accept that iMessage doesn’t work on Android and leave the project behind. Instead, they’ll go back to working on adopting other services to work with Beeper Cloud, making a one-stop chat app for most chat services their priority. Their fight with Apple is done, one way or another.

Apple Should Protect iMessage

Now, this part is frustrating. Because, as an iPhone user, an Android developer, and even an occasional Android user, I want iMessage on Android. I hate receiving text messages from my Android-using friends instead of nice, secure, send once, receive everywhere iMessages. However, I don’t know how this should happen if Apple doesn’t do it themselves, and even Beeper doesn’t have a good solution for this issue. I want iMessage on Android, I just don’t think Beeper has the right way to do it.

iMessage is Only as Secure as Apple Allows It

One of the best features of iMessage is its security. The service uses end-to-end encryption so only the person you message can read what you’ve sent them. This is in contrast to standard texting, which is not encrypted, basic RCS, which is also not encrypted, and encrypted services that still may collect some metadata, like WhatsApp. It makes ease of use its primary goal, so it might not be as security-minded as Signal, but it’s secure enough for most people’s everyday conversations.

If Apple allows apps like Beeper, however, that all goes out the window. Beeper cannot make iMessage more secure, they can only make it less secure. They introduce a new entry point for hackers. At one point they even asked users to enable sideloading on their devices. All it would have taken was someone to share a decompiled version of Beeper Mini with their own tweaks to collect messages, and they could have tricked users into completely opening iMessage to anyone. Sunbird and Nothing showed just how insecure iMessage bridges and other “iMessage on Android” solutions could be. Every single unapproved app that tries to bring iMessage to Android could have security issues. Beeper hasn’t made their app open-source, making it harder to verify that it’s not doing anything nasty. We don’t know, and neither does Apple. And while Beeper has offered to make their code available to a third party auditor, they haven’t done it yet.

How Would This Even Work?

So what is Beeper asking for? “Just trust us, iMessage is secure?” Because they’ve told anyone how to crack iMessage, and then expected Apple not to block it? Of course they have to! Even if they do trust Beeper (which, of course they don’t, why would they?), do they trust anyone else who could make their own iMessage bridges? No! Beeper revealed an attack vector, Apple had to close it. Imagine your best friend shows up in your apartment one day. They say they found a way to jiggle your door knob to unlock your apartment door. They even showed a few random people outside how easy it was. Do you leave the broken lock, or do you fix it? Obviously, you fix the broken lock before a thief figures out your PS5 is a lightly shaken doorknob away.

There are two possible ways that iMessage on Android could work, and there’s a reason Beeper doesn’t want to discuss them. Neither solution works out well for Beeper.

The first is that Apple allows Beeper access to the iMessage API. They’d have to get a sort of “Made for iMessage” certification, which likely would entail sharing their code with Apple, making changes that Apple asks for, constant audits not only into their app but their other services as well, and, likely, paying for it. Beeper would likely have to pay for access to the iMessage API as well as compensate Apple for the security processes required to keep the app safe.

Right now, Beeper’s access to iMessage is free, outside of their own costs of making the app and operating iMessage bridge servers. The access to the actual API is free. It wouldn’t be under a more legitimate method. That would make their service more expensive.

However, this option also opens Beeper up to competition. Apple would accept payment from other app developers, for sure. They wouldn’t make the API exclusive to Beeper. I’d be able to make my own iMessage on Android app and pay Apple for it, sending them my code for audits and staying connected to iMessage with my own app. So could anyone else. Beeper would have competition where, right now, they have a monopoly.

The other option is one Beeper would like even less. Apple could make their own Android app. They’ve already done this for Apple Music. You can listen to your Apple Music subscription on a variety of Apple devices as well as any Android device that meets their minimum system requirements. Apple could do the same thing for iMessage. They could even charge a fee for access. This would make Beeper’s work pointless, and allow Apple to capitalize on the popularity of their platform. Apple would make customers out of Android users who refuse to switch, and Beeper would lose virtually all the users who just want iMessage on Android.

Beeper wants Apple to just ignore them, but there’s no wonder they don’t suggest more concrete solutions here.

Lawmakers Write to the DOJ

A bipartisan group of lawmakers, including senators Amy Klobuchar (D-MN) and Mike Lee (R-UT) as well as representatives Jerry Nadler (D-NY) and Ken Buck (R-CO) wrote a letter to the department of justice asking them to investigate Apple’s “potentially anticompetitive conduct.” Elizabeth Warren (D-MA) wasn’t a cosigner on the letter, but she took to Twitter to voice her concerns. She wrote, “Big Tech executives are protecting profits by squashing competitors. Chatting between different platforms should be easy and secure.”

However, did Apple engage in anticompetitive conduct? They closed a security hole in their API. That’s it. Beeper was using an exploit that allowed iMessages to be sent to unverified clients. That’s a security flaw. Apple fixed it. Whether or not they continue to operate iMessage without an Android app is certainly a good question, but were they wrong to close a security breach? Absolutely not.

Previously, the Department of Commerce referred to Apple as a “gatekeeper.” The EU had used similar language when going after large companies that control platforms in Europe. Apple was able to avoid the “gatekeeper” designation in Europe, because so few people use an iPhone outside of the U.S., but other companies, like Meta’s WhatsApp, may not be so lucky. It could mean they’ll have to open their platforms up to third party apps and interoperability between messaging apps. Perhaps the fact that Apple has half of the market cornered in the United States could give them “gatekeeper” status here, forcing them to open their platforms.

Either Crack Open APIs or Move On

I’ve tried, in vain, to get more users on Signal, but it’s so hard to get anyone to download another app. I remember when you could show someone your iPhone making a fart sound and everyone would download the app in a heartbeat. But tell them an app could protect their communications between all sorts of devices, and they’re not on board. People don’t want what isn’t already the default. That lends credence to the argument that Apple has created an unfair messaging monopoly.

Apple made iMessage, and the only way to access it is through an Apple product. It’s like how Twitter and Reddit made their APIs nearly inaccessible, or how Meta doesn’t open up Instagram’s API. You can’t access the PlayStation Network from an Xbox either. Will we open that up?

Maybe we should. Maybe all APIs should be public. Companies could perhaps have their own rules about security and pricing, but maybe the answer is that every network must be open, as long as clients are up to a particular security standard set by the company and developers are willing to pay. I don’t know how the law could set a fair price for that, but it could be something worth exploring. Right now, the law doesn’t seem to support forcing Apple to open up the iMessage network, just as I can’t play Fable, Sunset Overdrive, or Hi-Fi Rush on my PS5. Maybe iMessage is for the iPhone as Horizon is for the PS5. Or maybe we can make a future where exclusive software features aren’t tied to hardware manufacturers. I’d certainly like that, but do the proponents of iMessage on Android also support the end of console exclusives? The end to software exclusives?

I’d like to boot up Elder Scrolls 6 on my PlayStation one day. I’d like to be able to use any chat network with my own, highly secure and private client that ensures encrypted messages and no metadata ending up anywhere else. A future where interoperability is common would be fantastic. But we can’t just stop at iMessage because some of us are tired of being the green bubble stinking up the group chat.


Sources/References:
Exit mobile version