[ankit219]

I think they ignored a rarely talked about but important aspect. iMessage is free for Apple users because it comes bundled with all Apple products. The cost to run iMessage and deliver millions of messages daily must be a significant number.

With beeper, they are enabling the functionality for android. That is every android user signed up with beeper will end up costing Apple some money to send messages to iphone (or to send messages to other android users using the same thing).

In my opinion, next step for Apple is to mandate having an apple device to be able to use an Apple ID as part of their TnC. They will keep closing loopholes in the meantime, but don't think Apple will let beeper win this, purely because of the can of worms it opens up.

[gruez]

I'm sure most android users would be happy if iMessage-on-Android was included as part of the $0.99/month icloud subscription.

[ewoodrich]

Yep, I already pay for iCloud, Applecare on several devices and yet I am still punished by Apple via iMessage for using Android as my main device. (I also own a newish iPhone but even that's not good enough without workarounds to use my primary phone number with iMessage).

I don't like the idea of ever being bound to a single ecosystem and Apple's lack of interoperability by design keeps me using many Google services because they offer almost everything for both iOS and Android.

[massysett]

Sounds like you're just bound to Google rather than Apple.

[shepherdjerred]

I would imagine a significant number of people would be willing to spend $5-$10/mo to be able to use iMessage + FaceTime as native Android/Windows apps (you can already FaceTime with non-Apple users via a link [0])

[0]: https://support.apple.com/en-us/HT212619

[microtonal]

This aspect is ignored, because it's clear that Apple blocks third-party clients to maintain its dominant position in the US (social unacceptability of green bubbles among teens).

If cost was the problem, they could offer a subscription.

[ankit219]

It's pretty clear why they don't want an android iMessage app.

In this case, what beeper enables (if successful) potentially is to use Apple's infra for future communication between android to android phones, or android to iMessage groups, while on Apple's infra and dime. Beeper will likely collect a fee for it as well. Thats not a position Apple would want to be in.

[microtonal]

Like I said, if that was the issue, Apple could just charge $10 per month for iMessage users that don't have an Apple product linked to their account.

The only reason is to bully people who fear social exclusion into buying an iPhone.

(I am an iPhone/Mac user, so I am not trying to bash Apple from the other side of the 'divide').

[dzhiurgis]

Or Google doesn’t want one and wouldn’t let Apple release one unless they allowed third party Siri replacement in iOS…

[sbuk]

So I'm imagining Signal, Telegram and WhatsApp on my iPhone? And the appeals to emotion really have got to stop.

People do not by iPhones because of iMessage. I'll totally accept that some, even a majority, buy them as a fashion item, in a similar way that Samsung S series phones are, but iMessage will not be a significant driver for many.

[standardUser]

Exactly, iMessage is not a product they want to sell or spread around, it is a marketing tool that loses it's potency once it's not exclusive.

[danaris]

Based on my understanding, Beeper is using false or duplicate Apple device credentials in order to authenticate with Apple as "being a legitimate iMessage endpoint".

There's no need to take the—rather draconian—step of locking out all Apple users who are using Apple IDs through the browser; all Apple needs to do is ban the false device IDs and possibly close the loophole that allows Beeper to create them.

Any time you see something that looks like a jailbreak, at its heart is a vulnerability in the device or service that is being jailbroken. That is, fundamentally, a security flaw, and fixing that security flaw is all that's necessary to prevent the jailbreak. The fact that this one is with one of Apple's services, rather than with iPhones or other Apple devices, means that they don't even have to push out some software/firmware update and hope everyone applies it: all they have to do is update their own servers, and Beeper will be locked out again.

[milkytron]

I don't think they're using false or duplicate Apple devices for this. I think that it may be likely they are using AWS resources for it: https://aws.amazon.com/ec2/instance-types/mac/

When AWS first came out with these, this was my first thought. People could spin up an EC2 instance and use it for iMessage, and Beeper came to be shortly after this feature went live in AWS.

[danaris]

Not fake devices, fake credentials. Beeper Mini is explicitly using a different method to access the iMessage system than Beeper and some other previous services; it's not spinning up virtual Macs and bouncing off them. Because of that, it also doesn't require you to hand your Apple ID login & password over to Beeper in cleartext just to make it work.

At least, from what I've read over the past few days.

[venusenvy47]

I don't think the credentials are faked. The author's blog post seems to give the details. He is publishing a public key to Apple's servers and figured out how to read the public key of other users. It seems like he is using the normal Apple encryption path from there. Although I don't fully understand the details.

https://jjtech.dev/reverse-engineering/imessage-explained/

[blitz_skull]

It’s actually really surprising to me (from a technical perspective) that this wasn’t already the case. Based on what I’ve read they’re basically spoofing the fact that they’re an iDevice which seems like it should be much more difficult than Beeper has made it look.

[hoistbypetard]

You'd think. But a great big pile of intel-based macs without TPMs are still supported iDevices. And the tail for supporting those macs (that have been on iMessage for some time) might be quite a bit longer than the tail for, say, OS updates to those macs.

So there's quite a window where spoofing that kind of iDevice will be easy.

[ankit219]

It was open sourced by a 16 year old apparently.

https://github.com/JJTech0130/pypush

They used this and added their own changes. From their communication about what they are doing, it's remarkably similar, and i would be very surprised if they did not see this before.