[jlarocco]

> On the contrary, third-party clients is a gigantic security hole, since Apple can't even know if a client app is spying on users.

Security isn't about Apple knowing if an app is spying on users, but about THE USERS knowing that nobody is spying on them.

At best a third party iMessage client can only be as secure as iMessage itself because the back end is still closed and has no transparency, so it's the weakest link. If Apple (or a third party) is spying on the back end then no client can be safe.

> How would third-party clients _increase_ security (other than indirectly, by people using SMS less)?

They can increase security by breaking a single target into multiple targets, by increasing competition around security and privacy issues, by having more people use and work with the protocols and able to spot potential problems, by encouraging more transparency around issues when they arise, and by having alternatives readily available if one of the clients is found to be compromised or insecure.

And of course open source clients can be verified and validated by other developers and security professionals.

[dwaite]

> They can increase security by breaking a single target into multiple targets, by increasing competition around security and privacy issues, by having more people use and work with the protocols and able to spot potential problems, by encouraging more transparency around issues when they arise, and by having alternatives readily available if one of the clients is found to be compromised or insecure.

I believe you are speaking to transparency, not third party clients.

Beeper Mini actually bundled binaries that they didn't understand to bootstrap registration. They could only attempt to be compatible with messages that they have received, and verify messages they send show up correctly - they cannot know they covered all available options.

I speak to this as someone who reverse engineered MSN Messenger back in the early 2000s for an XMPP gateway - you'd occasionally find an entirely new type of message (requiring an entirely new parsing code path for their undocumented/bespoke messaging protocol) because someone registered for a stock ticker or the like.

There was no fuzzing the official servers or clients to see if they were robust or secure - the goal was to have a salable product. In fact, we saw other messaging systems where we had significant concerns based on our understanding of the protocols through reverse engineering, and we saw one vendor exploit a security vulnerability in their own shipping product in order to verify authenticity and block third party clients (which worked for a period of time)

From what I saw of the iMessage system, third party support is not going to be feasible even with a documented protocol without partnership, because there is an assumption of attestation of real, unique hardware as part of registration to prevent mass abuse.

[person3]

I don’t know a lot about how it works, so forgive me if this is a silly idea. I wonder if attestation could be done using real Apple devices, while leaving the private key on the user’s android. So similar to the old beeper to get the signed attestation, and send the result to the phone. Still could be secure since you can keep the private key used to encrypt messages local on the users device. I guess the issue might be a cat and mouse game if detecting beepers flock of Apple hardware to try and disable them all… (given many people would be using the same Apple devices)

[dwaite]

I think iMessage is still using older attestations, but generally an attestation of this sort (App Attest, Play Protect API) represent a chain of the hardware, boot process, OS and application.

So iMessage is not going to be willing to hand out private keys or negotiate them for a third party application, and Beeper will not be trusted to register a private key itself.

Android iMessage support would be weird because there is no iMessage application - there is an application which lets you send SMS and to upgrade to MMS or iMessage when available. So, if there ever was an official Messages app for Android, I would somewhat expect it to also offer to take over being the default application for SMS/MMS.

[Grustaf]

> Security isn't about Apple knowing if an app is spying on users

Clearly, what matters to Apple is what _they_ believe is secure, and they of course trust themselves more than they trust Beeper.

> At best a third party iMessage client can only be as secure as iMessage itself

Exactly, they can never be safer, and given that Apple, or we as users, know very little about the company behind the client, third-party clients are much less secure.

[poisonborz]

> Security isn't about Apple knowing if an app is spying on users, but about THE USERS knowing that nobody is spying on them.

True, but Apple caters specifically to a consumer base that can't know this and does not want to think about this. Whether this is health or sustainable in the future is another matter.