[al_borland]

This would be the case if it were a protocol designed to be opened up for use by 3rd party clients. As it stands, this was a clever hack which would undermine the integrity of the system if left in place. Within a few weeks we’d see 100 3rd party iMessage clients, and it would be luck of the draw if the one someone downloads is secure or not.

[jvolkman]

If the existence of a working unsanctioned client undermines the integrity of a system as prominent and security- and privacy-focused as iMessage proclaims to be, then that system has big problems.

Certainly this is not the first time some entity in the world has reverse-engineered iMessage; it's just the first time that it was publicized.

[ceejayoz]

Every system has holes that get discovered in time. Leaving those holes open is a different thing.

[danShumway]

This is also notable, because the technology that Beeper Mini is based on was public and available to potential attackers before Beeper Mini launched. Beeper didn't invent this, they contracted the developer and based the project off of their open Github repository.

Apple did leave the hole open; they left it open until it threatened their customer lock-in. Only at that point did they decide that it was a security risk.

[eptcyka]

How is using another client undermining the security of the whole system?

[al_borland]

The system wasn't designed with those 3rd party clients, and security around them, in mind. Beeper Mini is spoofing/reusing device IDs, pretending to be some random person's Mac, for example. True support for 3rd party clients wouldn't not require this kind of thing.

From what I understand Beeper Mini is interfacing with iMessage on-device, what's to stop another clients from using a server and intercepting messages? While I don't have time to look it up again, I think there was also something on how Beeper Mini is handling the push notifications when the app isn't open. While that may not leak a lot of information, and there is also the news of Apple/Google sharing push info with some governments, that's something that can at least raise some eyebrows when it comes to how private it is.

[danShumway]

> The system wasn't designed with those 3rd party clients, and security around them, in mind.

It sure as heck better have been designed with that in mind, because it sends SMS messages to uncontrolled 3rd party clients that could be stealing your information or spying on push notifications every single time you message an Android user.

I genuinely don't understand this argument. Do people think that SMS messages don't generate push notifications? Does Apple have a 1st-party SMS messenger available on Android that I'm not aware of? You're already communicating with 3rd-party clients that could be spying on you, and you're already receiving messages from those clients in the iMessage app. The biggest difference is that your messages with those clients today are fully unencrypted, so spying on them doesn't even require compromising an app.

It's weird for people to be so concerned about push notifications as if that's a decrease in security when the alternative system they're proposing is for iOS messages to be sent to Android devices fully unencrypted. Apple/Google can share all of that information with the government as well; if they're not being asked to it's only because the government can get it even more easily directly from the telcos.

[shadowfiend]

There is no iMessage app. There is a Messages app that implements two systems: iMessage and SMS/MMS. iMessage is the system whose security model is being discussed here, and the security model of SMS/MMS is mostly irrelevant to it.

[danShumway]

This is splitting straws; the overwhelming majority of Apple users don't make this distinction (if they even realize there is a distinction to make). For all practical purposes they use one app that lets them talk to their friends and some of the bubbles are green and some are blue. How many of those Apple users even realize that the green bubbles are unencrypted rather than just being a designation for Android contacts?

It also changes nothing about my comment, because you can call SMS a different system all you want, but your conversations with Android users are still being sent unencrypted and any malicious payloads you get from SMS phones are still being loaded into the same Messages app. If you're worried that a 3rd-party client on Android is going to let a company spy on conversations you're having with Android users, then I still have real bad news for you about how Apple sends messages to Android users.

Draw the lines however you want between Messages and iMessages, but the security implications of Apple's setup are exactly the same. When you write a message to an Android contact, Apple sends that message unencrypted to a 3rd-party client that could by spying on you, leaking your data, or sending malicious payloads to your iOS Messages app. It still makes no sense whatsoever to be this concerned about the security of the push notifications for your messages to Android users when the alternative being proposed is to throw security entirely out of the window for those conversations. It is still a clear security improvement for conversations between Apple and Android users to be E2EE rather than to be sent over SMS, because the risks being raised about 3rd-party messaging clients are already present within those conversations today.