Apple’s Nonsensical Attack On Beeper For Making Apple’s Own Users Safer
from the weakening-security-to-lock-up-users dept
Apple has spent the past few years pushing the marketing message that it, alone among the big tech companies, is dedicated to your privacy. This has always been something of an exaggeration, but certainly less of Apple’s business is based around making use of your data, and the company has built in some useful encryption elements to its services (both for data at rest, and data in transit). But, its actions over the past few days call all of that into question, and suggest that Apple’s commitment to privacy is much more a commitment to walled gardens and Apple’s bottom line, rather than the privacy of Apple’s users.
First, some background:
Back in September, we noted that the EU had designated which services were going to be “gatekeepers” under the Digital Markets Act (DMA), which would put on them various obligations, including regarding some level of interoperability. Apple had been fighting the EU over whether or not iMessage would qualify, and just a few days ago there were reports that the EU would not designate iMessage as a gatekeeper. But that’s not final yet. This also came a few weeks after Apple revealed that, after years of pushing back on the idea, it might finally support RCS for messaging (though an older version that doesn’t support end-to-end encryption).
Separately, for years, there has been some debate over Apple’s setup in which messaging from Android phones shows up in “green bubbles” vs. iMessage’s “blue bubbles.” The whole green vs. blue argument is kind of silly, but some people reasonably pointed out that by not allowing Android users to actually use iMessage itself, it was making communications less secure. That’s because messages within the iMessage ecosystem can be end-to-end encrypted. But messages between iMessage and an Android phone are not. If Apple actually opened up iMessage to other devices, messaging for iPhone users and the people they spoke to would be much more protected.
But, instead of doing that, Apple has generally made snarky “just buy an iPhone” comments when asked about its unwillingness to interoperate securely.
That’s why Apple’s actions over the last week have been so stupidly frustrating.
For the past few years, some entrepreneurs (including some of the folks who built the first great smartwatch, the Pebble), have been building Beeper, a universal messaging app that is amazing. I’ve been using it since May and have sworn by it and gotten many others to use it as well. It creates a very nice, very usable single interface for a long list of messaging apps, reminiscent of earlier such services like Trillian or Pidgin… but better. It’s built on top of Matrix, the open-source decentralized messaging platform.
Over the last few months I’ve been talking up Beeper to lots of folks as the kind of app the world needs more of. It fits with my larger vision of a world in which protocols dominate over siloed platforms. It’s also an example of the kind of adversarial interoperability that used to be standard, and which Cory Doctorow rightfully argues is a necessary component of stopping the enshittification curve of walled garden services.
Of course, as we’ve noted, the big walled gardens are generally not huge fans of things that break down their walls, and have fought back over the years, including with terrible CFAA lawsuits against similar aggregators (the key one being Facebook’s lawsuit against Power.com). And ever since I started using Beeper, I wondered if anyone (and especially Apple) might take the same approach and sue.
There have been some reasonable concerns, about how Beeper handled end-to-end encrypted messaging services like Signal, WhatsApp, and iMessage. It originally did this by basically setting up a bunch of servers that it controls, which has access to your messages. In some ways, Beeper is an “approved” man-in-the-middle attack on your messages, with some safeguards, but built in such a way that those messages are no longer truly end-to-end encrypted. Beeper has taken steps to do this as securely as possible, and many users will think those tradeoffs are acceptable for the benefit. But, still, those messages have not been truly end-to-end encrypted. (For what it’s worth, Beeper open sourced this part of its code so if you were truly concerned, you could also host the bridge yourself and basically man in the middle yourself to make Beeper work, but I’m guessing very few people did that).
That said, from early on Beeper has made it clear that it would like to move away from this setup to true end-to-end encryption, but that requires interoperable end-to-end encrypted APIs, which (arguably) the DMA may mandate.
Or… maybe it just takes a smart hacking teen.
Over the summer, a 16-year-old named James Gill reached out to Beeper’s Eric Migicovsky and said he’d reimplemented iMessage in a project he’d released called Pypush. Basically, he reverse engineered iMessage and created a system by which you could message securely in a truly end-to-end encrypted manner with iMessage users.
If you want to understand the gory details, and why this setup is actually secure (and not just secure-like), Snazzy Labs has a great video:
Over the last few months, Beeper had upgraded the bridge setup it used for iMessage within its offering to make use of Pypush. Beeper also released a separate new app for Android, called Beeper Mini, which is just for making iMessage available for Android users in an end-to-end encrypted manner. It also allows users (unlike the original Beeper, now known as Beeper Cloud) to communicate with iMessage users just via their phone number, and not via an AppleID (Beeper Cloud requires the Apple ID). Beeper Mini costs $2/month (after a short free trial), and apparently there was demand for it.
I spoke to Migicovsky on Sunday and he told me they had over 100k downloads in the first two days it was available, and that it’s the most successful launch of a paid Android app ever. It was a clear cut example of why interoperability without permission (adversarial interoperability) is so important, and folks like Cory Doctorow rightfully cheered this on.
But all that attention also seems to have finally woken up Apple. On Friday, users of both Beeper Cloud and Beeper Mini found that they could no longer message people via iMessage. If you watch that YouTube video above by Snazzy Labs, he explains why it’s not that easy for Apple to block the way Beeper Mini works, but, Apple still has more resources at its disposal than just about anyone else and devoted some of them to doing exactly what Snazzy Labs (and Beeper) thought it was unlikely to do: blocking Beeper Mini from working.
So… with that all as background, the key thing to understand here is that Beeper Mini was making everyone’s messaging more secure. It certainly better protected Android users in making sure their messages to iPhone users were encrypted. And it similarly better protected Apple users, in making sure their messages to Android users were also encrypted. Which means that Apple’s response to this whole mess underscores the lie that Apple cares about users’ privacy.
Apple’s PR strategy is often to just stay silent, but it actually did respond to David Pierce at the Verge and put out a PR statement that is simply utter nonsense, claiming it did this to “protect” Apple users.
At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users.
Almost everything here is wrong. Literally, Beeper Mini’s interoperable setup better protected the privacy of Apple’s customers than Apple itself did. Beeper Mini’s setup absolutely did not “pose significant risks to user security and privacy.” It effectively piggybacked onto Apple’s end-to-end encryption system to make sure that it was extended to messages between iOS users and Android users, better protecting both of them.
When I spoke to Eric on Sunday he pledged that if Apple truly believed that Beeper Mini somehow put Apple users at risk, he was happy to agree to have the software fully audited by an independent third party security auditor that the two organizations agreed upon to see if it created any security vulnerabilities.
For many years people like myself and Cory Doctorow have been talking up the importance of interoperability, open protocols, and an end to locked-down silos. Big companies, including Apple, have often made claims about “security” and “privacy” to argue against such openness. But this seems like a pretty clear case in which that’s obviously bullshit. The security claims here are weak, given that from the way Beeper Mini is constructed, it seems significantly more secure than Apple’s own implementation, which puts less security on iOS-Android interactions.
And for Apple to do this just as policymakers are looking for more and more ways to ensure openness and interoperability seems like a very stupid self-own. We’ll see if the EU decides to exempt iMessage from the DMA’s “gateekeeper” classification and its interop requirements, but policymakers elsewhere are certainly noticing.
While I often think that Elizabeth Warren’s tech policy plans are bonkers, she’s correctly calling out this effort by Apple.
She’s correct. Chatting between different platforms should be easy and secure, and Apple choosing to weaken the protections of its users while claiming it’s doing the opposite is absolute nonsense, and should be called out as such.
Filed Under: adversarial interoperability, blue bubbles, end to end encryption, green bubbles, imessage, interoperability, messaging, open source, protocols, pypush, silos
Companies: apple, beeper
Comments on “Apple’s Nonsensical Attack On Beeper For Making Apple’s Own Users Safer”
Uh huh
Yeah, thanks. I’m sure Apple is now reassured that random third party blogger has assured them that random company using random code from random high schooler is definitely safe for their users, and they should definitely establish the precedent that if you can hack their security, you can build an app to sell to people.
Re:
If beeper make iMessage insecure, then iMesaage was insecure. Somebody implementing the iMessage protocols should not cause any insecurity for Apple users, and it actually make them more secure by encrypting their conversation with Android users.
Rule one of cryptography, the security of the system should be dependent only on secure key management, and that applies even when the attacker has full access to specifications and code.
Re: Re:
If beeper make iMessage insecure, then iMesaage was insecure
Which Apple fixed by blocking the insecurity that Beeper used.
Re: Re: Re:
It wasn’t an insecurity that Beeper used. That’s where you’re confused.
Re: Re: Re:2
Sure it was.
Re: Re: Re:3
Reverse engineering the ability to talk with a secure network in a manner that remains secure is not a security vulnerability. It’s about compatibility and interop.
Don’t be stupid.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:4
Sure, it was.
Re: Re: Re:5
This isn’t an argument, this is simple contradiction!
Re: Re: Re:6
No, it isn’t!
Re: Re: Re:6
Why yes, yes it is. I don’t get into stupid term definition arguments with random internet commenters. So again:
Sure, it was.
Re: Re: Re:7
I take it you’re unfamiliar with Monty Python and so didn’t get the joke.
Re: Re: Re:5
You can keep repeating “sure it was” all you want. It won’t make you any less wrong. Interoperability and reverse engineering are not, inherently, security vulnerabilities.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:6
If you have to say “inherently” you’ve already lost the argument.
Re: Re: Re:7
You haven’t made any argument, you just say random shit. Prove this “inherently” rule.
Re: Re: Re:7
It’s become clear that you are, inherently, a troll with nothing of value to add to the conversation.
Re: Re: Re:
What insecurity, as reverse engineering the protocol should never compromise an encryption system.
Re: Re: Re:
If a company can reverse engineer a protocol to use that protocol insecurely, and the way to re-secure it is to respond to its very public announcement and use, then there are almost certainly others (who are at least as smart as a high schooler) who also reverse-engineered it for malicious purposes who didn’t go on a press tour to announce their use of the product… and therefore Apple hasn’t been able to “re-secure” it because they didn’t even know.
Point is, either what Beeper did is not a security problem at all, or Beeper’s use was insecure and iMessage is only as secure as Apple’s ability to respond, days later, to a “breach” by an attacker willing to do a press release and publish their “hack” as a #1 selling app in the Play Store.
Spoiler alert: Beeper’s use (not manipulation) of the iMessage protocol isn’t insecure at all. It is just as secure, just not endorsed by the author of the protocol.
Re: Re: Not just spoofing protocol
All the haters keep saying But they are just using Apple protocols which is 100% not true they are also spoofing authorized Apple devices to get fake credentials.
Re: Bingo...
Spot on. Also, where, exactly, does the law permit an unauthorized 3rd party to just access Apple’s own servers without permission? That’s what he was doing with his app.
I am no legal expert, but I believe that charging for an app that illegally accesses someone else’s servers is not exactly a great business plan…
Re: Re:
In order to function, the iMessage servers are necessarily exposed to traffic from the entire Internet.
If connecting to them using their own protocols from a third-party app is enough to render iMessage ‘insecure’ as Apple claims, it is already insecure and nobody should use it. If you can connect to a service such that it grants you access in a security-destroying way, the problem is not with the 3rd party.
If their only defense is “that’s illegal according to a very broad reading of the CFAA we like when we’re the plaintiffs!” then that’s just further admission that their protocol is insecure.
But it’s probably not insecure. They just don’t want to lose a market-entrenching edge and are willing to buy their interpretation of the law to defend that.
Re: Re: Re: Don't be ridiculous
Well, yes. Bugs and loopholes exist in just about every kind of software — including messaging ones. When Apple was made aware of one by Beeper using it, they closed it. What are you complaining about exactly? That software is imperfect? Welcome to the real world.
Re: Re: Re:2
Way to turn that on its head. Good propaganda / belief system, faulty argument.
Re: Re: Re: I fail to see a proper rebuttal here
So where does it say that a 3rd party is allowed to access Apple’s own servers and then charge a fee for doing so? How is that in ANY way legal? You never answered my question, you just came up with other BS to spout about “security”. Security isn’t the issue. The ISSUE is that a 3rd party was accessing Apple’s servers illegally, then charging a fee for their “service”.
Re: Re: Re:2
There’s a whole book on the legality of interoperability, interfaces, and reverse engineering. You should read it:
https://mitpress.mit.edu/9780262538640/interfaces-on-trial-2-0/
Your problem is assuming that everything needs permission. It does not. If the service is there and available and someone can figure out how to build on it, it is legal.
They are not introducing any further risk or danger, in fact the opposite.
Why is it “illegal” to access a server that is available to be accessed publicly?
Re: Re: Re:2
Why can Apple devices connect to telecom and internet systems, and websites, and stuff?
Didn’t think this one through, did you?
Re: Re:
You have this backwards. Laws make things illegal. Things that are not prohibited by law are, by default, legal. Companies have claimed in court that it’s illegal “computer abuse” to access their servers with unapproved software—for example, to “scrape” data. Courts have not generally agreed with such views, though haven’t 100% rejected them.
This whole thing, by the way, is a repeat of 25 years ago. People wrote third-party clients for ICQ, AOL Instant Messenger (AIM), and the others; the AIM people were particularly unhappy about this, and blocked MSN Messenger and other third-party programs. And people actually pushed back against AOL, legally, by challenging their Time Warner merger on anti-trust grounds due to this non-interoperability.
Ultimately, the status quo never changed. It’s considered generally acceptable for companies to use proprietary protocols and try to block unofficial access, and simultaneously acceptable for third parties to reverse-engineer protocols and evade blocks.
Re: Re:
You could have just ended the sentence there.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re: get bent
subject says it all.
Re: Re: Re:2
That’s quite the quip there! You showed up unarmed to a battle of wits.
Re:
If this product made iMessage insecure, then iMessage was already insecure. There’s no way around that.
And if you know literally nothing about programming (and you clearly don’t), maybe you should avoid sites with “tech” in the URL.
Re:
Nearly dumbest shit i’ve heard this week. Only two days in tho’.
Apple hates you. Apple is evil. Apple is not better than any other corporation.
Apple’s talking points as always are pr.
So, this iMessage hack was some sort of reverse engineering. Corporations hate that since their “Removing avoid warranty” stickers.
And since Apple don’t care that much about security (even with a complete closed ecosystem, security flaws are discovered every month, some take months to be fixed) or privacy (since their devices have access to most of user data, before they are encrypted), all their marketing are based on the principle that users have to trust the company/brand, and but trust, it’s all about blind trust (the one that no one can verify), and people pay hard cash to forget about nerdy security and try to enjoy the life.
And they may be happy about it. Ignorantly happy. Because ignorance is bliss.
Thank you . I couldn’t have said it any better. We need a solution of some sort. I’m glad this is being discussed out in the open. Maybe Beeper will start a movement as a result.
For a more balanced view on this issue https://daringfireball.net/2023/12/beeper_i_hardly_knew_her
This comment has been flagged by the community. Click here to show it.
Re:
Given that part of Beeper’s technique involved masquerading as a legitimate Apple device and re-using device identifiers, all those involved should’ve been executed or at least sent to labor camps.
Re: Re:
hello hyman hows the revenge porn going
Re:
Thanks for the link 🙂
Re:
Decent article, hardly “more balanced”.
Apple's explanation is sound, even if disingenuous.
They said, they “took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage” and that’s exactly what they did.
They coded in that check for a reason (probably to keep non-apple equipment out), and it’s reasonable for them to fix it once a way around it is letting thousands of users masquerade as one.
Who is the target?
If you are a fascist, do you want to spy on people with money (iPhone), or the poor (Android) ?
Apple sells Security Theatre. The rich buy it.
Re:
Well, I have had targeted ads result from random conversations recorded by my Android phone, and never from my iPhone. Take of that what you will, but I trust Apple a HELL of a lot more than Google these days.
This is silly
I’m surprised Tim didn’t just punt this down to the legal department.
Seriously, there are so many Messengers to choose from and so many solutions to the group messaging and encryption issues that if this really was about that then we could easily all be using WhatsApp or Signal or whatever.
We have big tech using open protocols, like XMPP, and defacto standards, like Signal, and they used to allow third parties to access their servers (see GTalk back in the day) but they don’t any more.
The fact we’re having this discussion at all answers the question.
Security through obscurity
Apple: We’ve developed a way to end-to-end encrypt text messages between iPhone users. It’s part of Apple’s dedication to user security and privacy.
Also Apple: If you want to message someone who isn’t an iPhone user, we’ll make sure that you’re forced to use an insecure outdated protocol with no options for end-to-end encryption. Sorry, that’s just the reality of how we developed iMessage to protect
our bottom line by forcing them to switch to iPhonesthe security of all our customers.“Migicovsky … told me they had over 100k downloads in the first two days it was available, and that it’s the most successful launch of a paid Android app ever.”
Why are you repeating this. First it’s wrong to say that the app was paid since you can download for free and what numbers does Migicovsky have backing that this is the most successful?
Yay, we’ve attracted the Appligists! One of the most clever fan clubs ever.
Re:
Yay, We’ve attracted the Applehaters! One of the least clever clubs ever.
Re: Re:
You know what’s even less clever, confirming that you are an Apple apologist by saying some really stupid shit which is entirely in line with how apologist’s come up with the most contorted and stupid reasons to defend stupid shit.
So stealing IP is okay?
While Apple leans on the security aspects, which are arguable, Beeper is charging money for a service that relies on servers they don’t have permission to use and don’t pay not a single cent for.
I might be sympathetic if they were doing this for free. But they are trying to profit off of someone else’s work and property. That’s wrong.
Re:
Just for curiosity’s sake, how much do you pay to have your comment posted on Techdirt’s servers?
Re:
Reverse engineering is not stealing IP. It’s also legal.
Accessing a publicly available server without payment is legal. Charging to build a better service on publicly available information… is also legal.
They’re not “profiting off of someone else’s work.” They built a better service and are offering it up for those who wish to pay for it.
Apple: Fights EU to get iMessage exempted from the DMA’s gatekeeper provisions
ALso Apple: Cynically kills an effort at ensuring interoperability between iMessage and Android devices
One of these things is not like the other.
Facts not in evidence
Your comment:
I agree, but probably not in the way you meant it.
The assertions are almost entirely wrong because they are speculation, not facts demonstrated to be true. Wanting them to be true, as the author claims, should lead to greater critical analysis, not less; a solid basis makes a case.
Better protected? You’ve done the comparative analysis?
Absolutely do not pose significant risks? You’ve done the security and privacy analysis?
Better protecting both? Have you explored questions like:
To reliably make the claims about betterness and risks, these and other questions should be answered (and by people with the skills to reliably provide reliable answers). It’s not enough to observe that an API got used and messages got delivered.
Quite a bit more analysis needs to done or presented to provide a basis for the claims you made.
Re: The Analysis
I can give you a comparative analysis right now. Without Beeper installed, iOS chats that contain any Android users are sent of SMS to everyone. For an Android user receiving an SMS message from an iPhone, here are the answers to those questions:
So that’s the current state for iOS and Android users. If Beeper improves on any of those metrics, it is objectively, factually, a security improvement not only for Android users but also for iOS users who are having their messages sent unencrypted to 3rd-party clients.
The analysis here isn’t hard. Even if Beeper was imperfectly encrypted, it would still be an improvement in security. I’ll go a step further, even the cloud offering of Beeper (with all of the very real caveats and risks that it exposes) presents a strict decrease in the amount of people who can spy on your messages and presents a strict increase in security over SMS.
Apple is arguing that for the sake of security, iOS users in group chats with Android users should have their sent content transferred and stored unencrypted using one of the least secure messaging protocols possible. Beeper is obviously more secure than that. There’s very little that Beeper could do to be less secure than SMS.
And as a reminder, it’s not just Android users who are exposed to risk from Apple’s policy; if you have a group chat and one of the users is on Android, your messages get delivered to everyone unencrypted — even other users on iOS. Even if Beeper was literally as insecure as SMS, which I am going to bet is not the case, having your Android contacts move to Beeper would at least allow your messages to stay encrypted when delivered to other iOS users in the group chat.
Beeper kind of wins this comparison by default mostly because Apple has no security whatsoever for cross-device chats, refuses to add security to those chats or to care about the privacy of even its own users in those chats, and basically anything at all at this point is an improvement.