In this seemingly endless quest to give Android blue bubbles, there have been many attempts. Sunbird and Nothing came up short when the community exposed security flaws. Apple even agreed to support RCS in 2024. But that still wasn’t good enough for Android users who just want a useless status symbol. Then came Beeper.
If you didn’t know, Beeper, a Matrix-based service with a ton of application bridges to allow for communication between multiple messaging services.
Last week, it announced the launch of a new app, Beeper Mini. This app was meant to finally give what Android users crave: blue bubbles. Beeper had figured out how to send messages securely to Apple’s servers. One method was to log into your Apple ID. The other was to avoid signing in altogether. It just meant you couldn’t sync messages with other Apple products.
Both of these claims are actually amazing. Beeper claimed that if you logged in with your Apple ID, they didn’t need a Mac to send messages on your behalf. This was a big change from what Sunbird and even Beeper was doing. They even open-sourced their proof of concept. I didn’t see where they were able to just get it working with just a number, though. Smarter folks can probably find it.
After the app went live, it was downloaded 100,000 times on Google Play. It was a runaway success. And, predictably, Apple took notice.
Saturday night, Apple shutdown the party. It’s not be illegal to reverse engineer iMessages to get it to work somewhere else. That doesn’t mean the Apple can’t change something to break interoperability. Apple stated that the “potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks” as the reason they closed the hole. While not necessarily blaming Beeper, it seems they were protecting against other bad actors.
At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users.”
Apple’s statement to 9to5Google
It didn’t stop Beeper as they have the app up and running again. While it’s not in the Play Store, they have released an update that is available via sideloading. Beeper is hoping the app will be approved by the Play Store soon.
The big change in the app update is the removal of the “no Apple ID” functionality. I’d imagine that was the one hole Apple did patch. Beeper just found another way to use the Apple ID bit. It still maintains that the app is not using Mac hardware to send messages.
Another change that Beeper made was the cost of the app. While the launch version had a free trial and a $2/month subscription fee, the update makes the app free to all. All they ask is users donate to the cause.
So, there’s no telling if Apple will strike again. Beeper doesn’t seem to care. They just want to give Android users that sweet, sweet blue bubble.
Source: 9to5Google
