Beeper reverse-engineered iMessage to bring blue bubble texts to Android users

i had no idea that having green chat bubbles upset people so much.

The issue isn't so much the message color. It's the ability to send videos that aren't potato quality and other media.
- Which should go away anyway once Apple bakes in RCS support
- oh, can't android users receive high-quality videos and photos? after 16 years of smartphones, you'd think they'd have that figured out...
I've seen a lot of people complain online about getting dropped by a tinder date/etc because they swapped numbers and the other person realized they didn't have an iPhone from the green text. Probably best not to date someone who would drop you over that, but there's a weird elitism over blue/green texts.
- Attempting to get a date in the current US scene was hard enough without this petty bullshit. While it was certainly disheartening to see another one slip away, knowing I was dodging a bullet was worth the time. I did enjoy (only once) getting "ugh green bubbles? Srs?" And sliding back "yeah sorry I have a Fold#, iPhones r for brokies" and blocking the contact
  
  (People are free to own iPhone and you're free to make your own descicions or debate the merits of android/iphone, I am more just intolerant of the fan elitism - not iPhone owners in general, hope you have a nice day)
- Weird, is that an excursively US American thing? I am European and have never experienced "phone racism".
- I've never heard of that, that's kinda hilarious and really helps them dodge a bullet.
  
  Apple has spent a significant amount of effort over creating a sense of elitism for using its products but that's largely unique to the western world. Most of the world uses android devices by far.
- Nah bro, if they bought an iPhone that means I can't trust them with money. Screw that noise
In the US, every millenial is a communist until a green bubble shows up in the group chat... then the poverty jokes commence
I think they're hated because they're synonymous with broken group chats and low res photos. Hopefully EU forcing rss adoption fixes these instead of having to download an app to 'fit in'.
- why should the EU have anything to do with who "fits in"? maybe i misunderstood what you're saying here...
Doesn't bother me at all.
People are dumb af
It’s all the other features in iMessage that android users “ruin” in group chats. Things like read receipts, typing indicators, reactions, animated/spoiler text messages, sending media in full quality, etc… A single android user is enough to downgrade an entire group chat, so apple users tend to be a little bit resentful.

It’d be a little bit like if one person on a Discord server disabled all the fun parts of Discord, and it killed the functionality for everyone on that server. Now nobody in the server can add fun little reactions to messages, or start threads, or send embedded gifs. All because that one person decided they didn’t like it.
- All because that one person decided they didn’t like it.
  
  More like "all because Discord decided to remove those things from anyone not using Windows"
  
  Nothing in this scenario is in the users hands, it's all Apple, what any given user likes or want makes no difference.
- This shit seems like a perfect target for an antitrust suit, no?

It’s not just about the color of the bubbles. I have Wi-Fi at work but poor cell signal. Because I have an iPhone and my husband has an android, we have to use another chat client to text while I’m at work. No cell signal means no texting android phones for me, because I can only text people with iMessage over Wi-Fi.

Plus, remember: kids have phones. They do get bullied over chat bubble colors, just like I got bullied for wearing clothes from Walmart in school. It doesn’t have to be this way, it’s Apple’s fault for making iMessage a walled garden.

Is it even a garden though? I don't see any benefit in using it over something like Signal other than it coming pre-installed on your phone.
- Sure, but they wont. The insidious thing about iMessenger is that it isnt iChat. It is the apple default text messaging app. Which is good because it means that all your messages are in one place, and you dont have to try to convince your older family member to install a 3rd party chat app. You just have a chat app. This tricks users not into thinking that texting is just better on apple.
  
  But its bad because it only works between other apple products and users. This is objectively Apple's shortcoming, however there are enough iPhones in the wild and enough people in the US who defaulted to just hitting the sms/mms icon instead of downloading a chat app that the odd man out might be the android user. And it's not just about the green bubble being green. If you invite an a green bubble to a group text then all your rich chat messenger features go away and it turns into an MMS thread. Which is objectively bad.
  
  But yes they could just download and use whatsapp,line, telegram, signal, facebook messenger(and in the early days things like aim/yim/msn) But they dont. The fact is their default messenger app works, and it works well with most people they talk to so the problem is the green text.
  
  It's especially silly when you consider the "there's an app for that" generation of user and so many things are apps but they refuse to engage on other chat channels. People download different apps to get dates, the navigate, to browse websites that shouldnt even be apps, to order food, order groceries, order taxi's, but a chat app just to talk with you? ehhhhhhhhh.
- You know honestly, now that I’ve typed that I’m not sure. I don’t do a lot of texting audio snippets or other stuff other people do, so maybe, maybe not.
  
  The problem is, I should be able to text people at default without worrying I have cell signal or if group chats are going to work correctly, instead of needing to ask people what 3rd party chat service they prefer.
In some cases you can manually select the type of service on your phone. Try changing your phone manually to 3g and see if that helps. I find it works well in areas where I have poor LTE/5G coverage.

Assuming that it’s actually reverse engineered, this is great news. If not, there’s a massive lawsuit brewing.

Why is this even a need to be solved? are people that stupidly superficial about the color of y fucking message bubble? (im not american but where im from literally nobody wiorth their salt gives a hoot)

are people that stupidly superficial

Yes.
- understandable i suppose, a good deterrent tho if they speak about it openly
The color of the bubble is only important because it helps iPhone users know who not to add to group chats, since the presence of a non-imessage user in an iMessage group chat downgrades the entire chat to grainy photos, no reactions/ read receipts, voice memos, typing indicators, etc. I don't blame them at all, many of them don't use any third party messaging apps because iMessage is built in and gives them everything that other chat apps have, with the benefit that they don't have to convince anybody to install it because all their iPhone owning friends have it preinstalled.
are people that stupidly superficial about the color of y fucking message bubble?

Yes, apparently.
Lol the world we live in

Seems like Beeper will see the cleartext of the replies, though, since they send the notifications via BPNs, right?

[edit: thanks for the replies. I see now the footnote on their BPNs diagram: “Push notification does not contain message contents” so it seems like the answer is “no they will not”]

No, they know that a message has been received, but the phone is what decrypts the message. Beeper can't see it.
No, with this new app messages are encrypted between you and Apple's iMessage servers using iMessage encryption more or less the same way an iPhone does.

The push service simply notifies your device it has a message waiting, no message content passes through Beeper servers.
I don’t know for sure, but often mobile notification protocols are more like “wake up and check your incoming messages” than “user foo says bar”. If this is true then the best they could do is collect timestamps of when you probably received messages.

It still needs Apple's servers, which tells me they will try and find a way to shut it down. Now that Apple is going to implement RCS, I care a lot less about this.

What exactly do you mean with it requiring Apple's servers? All of the services Beeper integrates with require it to communicate with the servers those services belong to.

I really want to sign up for Beeper, but the fact I have to give them my phone number to sign up for a waitlist seemed like a red flag. How is their security profile?

deleted
- They do have to run servers in order to keep the service alive. If you want to run this stuff yourself on your own server that’s possible using PyPush. The reason they have to run those servers for you is to keep the notification service alive.
- By that logic, there's nothing guaranteeing iMessage on iPhones is secure or private either because it's closed source. If you don't want to trust Beeper mini, you'll be free to run their iMessage bridge on your own Matrix stack when they open source it at some point, which they're promising to do (and you still won't know that Apple isn't scraping your messages on the iOS side). When I decide to trust a company, it's because I look at what they're transparently communicating to their end users. Every indication is that they are trying to get out of the middle of handling encrypted messages. Their first move to make this happen was allowing people to self host their own Beeper bridges (which you can still do with Beeper Cloud if you prefer and you will know that your messages are always encrypted within the Beeper infrastructure). They aren't going to release the source for their client ever because that's the only way they make any money.
- Notice how in the article they say "we're not the middle man... Any more"? That's because, up until now, Beeper has been working on a system where they operate as a middle man for your data.
  
  To be fair they never claimed otherwise and all of the code for the bridges are open-sourced and can be run on your own servers so that those servers you control (as opposed to Beeper-owned servers) act as a "middle man" and none of your messages need be trusted to a 3rd party.
  
  To put it simply: only the actual bridge on Beeper Cloud has access to unencrypted messages and you do have the option to run the bridge yourself while continuing to use the Beeper app. You can use as many or as few self-hosted bridges as you'd like.
  
  A few bridges are preconfigured for self-hosting with just a couple of clicks for free through fly.io here
This post is referring to beeper mini. It's confusing naming, but that's not the same as beeper(cloud service). Beeper mini is available to everyone on the play store and is not a cloud service. You just get it, login to Google (to pay the subscription cost) and it works. No invite needed
Want a invite code? Its just to prevent people from mass signing up
- @Merlin404@lemmy.world
  
  Can I get a code, please please?
- @Merlin404@lemmy.world
  
  Yes please, I would love an invite code
That's to prevent multiple entries by one person. Their security is very good, with audits and their products being largely open source (for this, PyPush. For Beeper Cloud, their Synapse fork and their bridges.). Only the parts that don't matter to security (the clients, mostly) are closed source.
- Btw will they continue to live as Element changed licences to Synapse and Dendrite projects ?

Are their messages from their app going to show blue to iMessage users or something? Cuz I don't see why you'd need to reverse engineer that otherwise. Even then... How hard is it to spoof a Mac address or other hardware identifier that says the message came from an iPhone?

The fact this is even an issue is just ridiculous to begin with. If you give that much of a shit: Use a different god damn messenger that treats everyone the same.

afaik, their while thing is that they do everything on-device, so your device is the only one with access to your messages

This is the best summary I could come up with:

What may hold it at bay is the Digital Markets App (DMA), a law in Europe that says big tech companies will have to have an interoperable interface for their chat networks.

In addition, Beeper uses certificate pinning, which makes network traffic analysis more difficult to perform in order to verify its claims.

To work around this limitation, the team built BPNs to connect to Apple’s servers on the user’s behalf when the app isn’t running.

When the Android phone’s battery died, however, the texts reverted to green bubbles and did not make it to Beeper’s app — they went to Google Messages instead.

The company is also hoping to gain trust by building in public, with 50-plus projects that it’s published to GitHub with the open source code that goes into the app.

Founded in 2020, Beeper comes from former Y Combinator partner Eric Migicovsky and CTO Brad Murray, previously of wholesale marketplace startup Faire and Fitbit.

The original article contains 1,306 words, the summary contains 158 words. Saved 88%. I'm a bot and I'm open source!

We literally shut down another app doing this last week because it was so sketchy

The other app was running iMessage on Macs owned by the company and relaying the messages insecurely to its Android app. What we see here is a third-party implementation of the iMessage protocol running on Android devices directly, an example of adversarial interoperability.
The article specifically address this and explained the difference.
No. This is much more impressive, useful, secure, and sustainable because it's totally different internally.

In exchange for security loss, is it really worth it?

Edit: the downvotes are very expected. You people need to lean about why this is important

https://www.androidauthority.com/beeper-app-opinion-3345142/

First, the elephant in the room needs to be addressed: security. In Beeper’s start-up guide, the first thing you see is a huge alert box: “Beeper may be less secure than using encrypted chat apps by themselves.” Fundamentally, there’s no way to fix this. To use any of the chat apps, you need to link Beeper to that service using your credentials, which is inherently more insecure than logging into the app directly. Beeper is quick to defend itself by pointing out its robust privacy policy, its ethical business practices with a user-centered focus, and its use of end-to-end encryption (E2EE). However, that doesn’t protect your credentials from hackers that could gain access to Beeper and send your grandma a message through WhatsApp pretending to be you and asking to wire $1,000 to an account in China.

More in depth: https://www.reddit.com/r/beeper/comments/13hhx9e/transient_key_retention_a_suggestion_to_solve/?rdt=61709

What security loss, mate?
- These: https://www.androidauthority.com/beeper-app-opinion-3345142/
  
  First, the elephant in the room needs to be addressed: security. In Beeper’s start-up guide, the first thing you see is a huge alert box: “Beeper may be less secure than using encrypted chat apps by themselves.” Fundamentally, there’s no way to fix this. To use any of the chat apps, you need to link Beeper to that service using your credentials, which is inherently more insecure than logging into the app directly. Beeper is quick to defend itself by pointing out its robust privacy policy, its ethical business practices with a user-centered focus, and its use of end-to-end encryption (E2EE). However, that doesn’t protect your credentials from hackers that could gain access to Beeper and send your grandma a message through WhatsApp pretending to be you and asking to wire $1,000 to an account in China.
  
  More in depth: https://www.reddit.com/r/beeper/comments/13hhx9e/transient_key_retention_a_suggestion_to_solve/?rdt=61709