Monday, December 11, 2023

Apple Blocks Beeper Mini

John Gruber:

I installed Beeper Mini on my Pixel 4, and it worked like a charm. In addition to working seamlessly — including support for group chats, tapbacks (albeit substituting animated emoji in place of Apple’s monochromatic badges), undoing sent messages, and editing recent messages — it’s just a really nice chat app. It looks a lot like what I’d imagine an official iMessages Android client from Apple would look like. Just like with an iPhone, Beeper Mini even worked without requiring you to sign in to an iCloud account. Beeper Mini reverse-engineered the way that Apple creates a new implicit iMessage account based on your phone number, via a one-time exchange of keys sent through SMS. But, if you wanted to use your existing iCloud account with Beeper Mini, you were able to sign in — which, unlike Beeper Cloud, worked with an app-specific password. When I tried Beeper Mini, I used a secondary iCloud account that I use for testing and product reviews, but even with that account, I would not have signed in if Beeper Mini didn’t support app-specific passwords.

Migicovsky told The Verge and Nelson that Beeper believed Apple would be unable to cut off their technique without also breaking iMessage for a significant number of iMessage users on actual Apple devices. I found that hard to believe, given that part of Beeper’s technique involves masquerading as a legitimate Apple device, re-using device identifiers.

Ben Schoon:

Many reports across Reddit and other platforms confirm that Beeper Mini is currently unable to send or receive messages for many users. Some also report that Apple ID sign-in is currently not working if the app is re-installed or activated on a new device.

Sarah Perez (Hacker News, MacRumors):

However, Beeper CEO Eric Migicovsky responded to TechCrunch’s inquiry about Beeper Mini’s status by pointing us to the X post acknowledging the outage, and providing more detail. Asked if possibly Apple found a way to cut off Beeper Mini’s ability to function, he replied, “Yes, all data indicates that.”


In a statement shared with press, Apple said:

“At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users.”

The company said that it’s unable to verify that messages sent through unauthorized maintain end-to-end encryption.

Chris Welch:

The belief — or I suppose the hope — among Beeper’s developers and users was that it would be such an ordeal for Apple to block the Android app that doing so wouldn’t be worth the hassle. Apparently, it was easier than anyone expected.


Reached for comment, Beeper CEO Eric Migicovsky did not deny that Apple has successfully blocked Beeper Mini. “If it’s Apple, then I think the biggest question is… if Apple truly cares about the privacy and security of their own iPhone users, why would they stop a service that enables their own users to now send encrypted messages to Android users, rather than using unsecure SMS? With their announcement of RCS support, it’s clear that Apple knows they have a gaping hole here. Beeper Mini is here today and works great. Why force iPhone users back to sending unencrypted SMS when they chat with friends on Android?”

David Pierce (Hacker News):

When I ask Migicovsky if he’s prepared to do battle with Apple’s security team for the foreseeable future, he says that the fact that Beeper Cloud is still working is a signal that Apple can’t or won’t keep it out forever. (He also says Beeper’s team has some ideas left for Beeper Mini.) Beyond that, he hopes the court of public opinion will eventually convince Apple to play nice anyway. “What we’ve built is good for the world,” he says. “It’s something we can almost all agree should exist.”

Malcolm Owen:

In posts to X first reported by Engadget, Beeper is working on a fix that is “still in the works.” The fix itself is apparently “very close, and just a matter of a bit more time and effort.”

Beeper says that it has deregistered phone numbers of users from iMessage so they can still receive text messages, albeit as a dreaded green speech bubble to iOS users. However, as the iPhone messages app “remembers” the blue bubble status for between 6 hours and 24 hours before returning to SMS, Beeper warns “it’s possible that some messages will not be delivered during this period.”

John Gruber:

What I meant by it being “untenable” for Apple to look the other way at Beeper Mini wasn’t that Beeper made legitimate use of iMessage insecure. That’s part of the point of end-to-end encryption. But it was untenable perception-wise for Apple to allow unauthorized client software on a messaging platform heralded first and foremost for its privacy and security. Apple had even lost control over new account signups.


Again, I wish Apple would release an iMessage client for Android. (But what I really wish is that they’d done so a decade ago, before current platforms had gotten so entrenched, country-by-country around the world.) But I don’t buy the argument that Apple is under any sort of ethical obligation to do so.

The bottom line is that it would be better for Apple’s customers if they could use iMessage everywhere, but (Apple thinks) it would be better for Apple to keep it exclusive.

My own experience is, I guess, an outlier, but I’ve had such terrible problems with messages not being delivered and with the app itself that I often wish iMessage would just go away.

Nick Heer:

I am not falling for Migicovsky’s play-dumb act here and, I am certain, neither are you.


There are plenty of end-to-end encrypted messaging apps available for iOS and Android, like Signal and WhatsApp, so the premise that “iPhone users can’t talk to Android users except through unencrypted messages” is also complete nonsense.

The issue is that, at least in the U.S., iMessage is dominant, and there’s no way to get everyone you communicate with to switch to something else. Practically speaking, it’s as if the alternatives don’t exist.

Eric Migicovsky and Brad Murray (via Hacker News, MacRumors):

We’ve created an updated version of Beeper Mini that fixes an issue that caused messages not to be sent or received.

I wonder how long this arms race will last.

We’ve made Beeper free to use. Things have been a bit chaotic, and we’re not comfortable subjecting paying users to this. As soon as things stabilize (we hope they will), we’ll look at turning on subscriptions again.


We—of course—expected a response. What we didn’t expect was 1984-esque doublespeak. The statement is complete FUD. Beeper Mini made communication between Android and iPhone users more secure. That is a fact.

More secure both because the messages were encrypted and because Beeper prompted Apple to fix some latent bugs.

Many people have asked, ‘why don’t people just use Signal or WhatsApp?’. The answer is that Messages App is the default chat app for all iPhone customers. Not only is it the default, iOS makes it impossible to change the default chat app.

I am, of course, in favor of being able to change the default chat app, but I doubt that would make much difference.


Update (2023-12-22): John Gruber:

In other words, what remains broken is the implicit creation of an iMessage account based on the cellular phone number of your device. I described this process in broad terms in a footnote on my column yesterday. It’s a magically-invisible-to-the-user process that’s been part of iMessage since it first debuted as an iOS-only feature in iOS 5.


If Android SMS users were interested in installing a third-party app to enable better cross-platform messaging, wouldn’t they be suggesting to their iPhone-using friends and family that they be the ones who install WhatsApp or Signal or something?


It is true that Apple does not allow third-party apps to handle anything related to your cellular account. So cellular phone calls only go through the built-in Phone app, and SMS messages only go through the Messages app. Messages isn’t merely the default handler for SMS, it’s the only handler for SMS. But there is no default for “chat”.

Adam Demasi:

I really commend JJTech and Eric for taking on iMessage with a serious and privacy-conscious implementation, but Beeper Mini’s implementation of iMessage seemed problematic to me from the outset for two reasons:

The iMessage protocol is well-documented, and has been pretty much since it was introduced in 2011. The challenge with iMessage has never been on the side of actually sending and receiving messages - the challenge is authenticating a user to their Apple ID, so they can even send or receive a message at all.


I hope they have more tricks up their sleeve, because it would be a shame to let 3 days of iMessage utopia be the end of it. But if you’re ever curious why nobody has successfully brought down the walled garden of iMessage/FaceTime in any way that doesn’t involve keeping a Mac always running at home or giving up your privacy to a 3rd-party (like Nothing and Sunbird’s security disaster of an app), this is why. It’s designed to be as close to impossible as it can possibly be. It frustrates me even as an iPhone user, because I feel iMessage becoming ubiquitous on Android will have an effect on how much the public (including the biggest Apple fans) believe Apple’s “but privacy!” excuses, but this is still the reality of the situation.

Jay Peters (Slashdot):

Here we go again: After investigating reports that some users aren’t getting iMessages on Beeper Mini and Beeper Cloud, Beeper says that Apple seems to be “deliberately blocking” iMessages from being delivered to about five percent of Beeper Mini users. The company says that uninstalling and reinstalling the app fixes the issue and that it’s working on a broader fix (though that apparently won’t be in place tonight).

Kevin Purdy (Hacker News, MacRumors):

That kind of grievance is why, after Apple on Wednesday appeared to have blocked what Beeper described as “~5% of Beeper Mini users” from accessing iMessages, both co-founder Eric Migicovksy and the app told users they understood if people wanted out. The app had already suspended its plans to charge customers $1.99 per month, following the first major outage. But this was something more about “how ridiculously annoying this uncertainty is for our users,” Migicovsky posted.


10 Comments RSS · Twitter · Mastodon

What Migicovsky is omitting form this whole conversation is:

It is 100% Apple's prerogative to disallow third party applications from using their iMessage service for free for the financial benefit of themselves and the benefit of Android users everywhere. I don't think Apple runs its sevices as a charity. I bet there's some ToS somewhere that disallows this as well.

@Marcos That’s true, but I don’t know why Migicovsky would mention that when Apple itself didn’t. The ToS would only apply to Apple’s customers.

Wouldn’t the terms of service also apply to anyone who is making use of the iMessage API or iMessage servers? Even if via reverse-engineering?

I respect the hackery involved to build something like this but I would never feel comfortable using it, not even for free.

For the devs maybe they can grab some quick cash with all the publicity they are getting (assuming they aren’t compelled to issue refunds) but I don’t see how it can last. They are essentially hacking their way into a private messaging system they don’t own. This feels very different than providing a frontend for a public facing website where anyone with a browser can essentially view the same content. This feels more like using an illegal Cable Box back in the day.

"Apparently, it was easier than anyone expected"

I expected this to happen immediately, and it did. The fact that people thought it wouldn't happen is mind-blowing to me. You either have to believe that it is technically impossible, which is nonsensical, given that Apple controls both the client and the server, or you have to believe that Apple doesn't care, which is also nonsensical, given the market advantage the blue bubbles give Apple in the US.

Soooo.... the Beeper folks basically expected that acting like an asshole would be allowed by Apple because the fix would be too cumbersome. Then when Apple makes a good argument about it they act like Calimero saying yeah well 1984 style arguments.

At the end of the day Migicovsky and the Beeper folks are acting in bad faith.

Given the amount of words the official Apple blog (DF) had decided to this it must have really hurt.

"The issue is that, at least in the U.S., iMessage is dominant, and there’s no way to get everyone you communicate with to switch to something else. Practically speaking, it’s as if the alternatives don’t exist."

I dunno, I use signal for regularly talking to literally one android friend and neither of us mind. He maybe uses it with a couple other people. One app would be a little more convenient maybe, but I don't really like the idea of trying to get everybody to all switch to the same one service. Options for when there's an outage, etc.

I have been trying to understand this issue a little better by participating in discussions on ArsTechnica and r/Beeper. While there is a lot of fluff, there is slo stuff like this that's a bit more informative. (Question is by me)

The question is why can't Google build an iMessage clone and answer seems to be laws have changed around the matter significantly and Google does not want to put in the necessary work. Thoughts?

To nobody's surprise, Apple (and its apologists) continue to oppose interoperability, which clearly benefits consumers. They also pretend that iMessage is secure, when Beeper provides strong evidence that it isn't (it's secure by obscurity, not design).

For myself as a Brit and using iMessage exclusively I'd add that not everyone wants to use the dominant app (WatsApp), that in any case it is at a clear disadvantage because it can't become the default SMS handler as on Android, that Messages could but doesn't support incorporating message threads from other apps (which would be a reasonable compromise for me), and that anyway iMessage is used for more than messaging: it's the way that text message forwarding is done between devices, and you can't have text message forwarding without iMessage.

iMessage is lock-in, plain and simple. Apple are of course at liberty to block whoever they want from accessing their network. But they should be honest about their motives. They won't.

Leave a Comment