Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Unofficial iMessage App for Android Surfaces in Google Play Store Amid Significant Security Concerns [Update: Gone]

Jessica Lares

Jessica Lares

macrumors G3
Oct 31, 2009
9,612
1,056
Near Dallas, Texas, USA
I'm just saying that a majority of Android users are very quick to do stupid things like download the latest thing without thinking about it. It's all, me, me, me, me, me. I want it, so I'm going to have it.

They destroyed the launch of BBM for Blackberry. These weren't even people who were going to use it after two weeks anyway, but now they've given them the extra work that will be pointless in a month's time when people jump off the bandwagon.

And they're downloading an app that they *think* is from Apple themselves. Yet Apple didn't even announce it, nor is it mentioned anywhere on their site. I mean, why think that Apple wouldn't e-mail us about this to begin with, considering it would be HUGE news?

It is a end user problem more than it is a Google or Apple problem. I mean, honestly, how many of these people might have moved away from Apple stuff in general, but still have credit card information stored? It's like giving the keys to your house to a stranger.
 
Iconoclysm

Iconoclysm

macrumors 68040
May 13, 2010
3,121
2,545
Washington, DC
rmwebs said:
If this really works it basically means ANYONE can read your iMessages. Even if you have to log in - its the fact that someone has found a publicly accessible API to gain access to accounts.

Apple really are pissing me off now with their sheer stupidity when it comes to real security and reliability.

However, on the other hand. I highly doubt someone DID get access...meaning this is just being used to harvest Apple ID usernames and passwords which can then be used to purchase stuff.
Click to expand...

So on the other hand there's no reason to call Apple stupid, insecure, and unreliable?
 
JGIGS

JGIGS

macrumors 68000
Jan 1, 2008
1,818
2,075
CANADA!
Jessica Lares said:
I'm just saying that a majority of Android users are very quick to do stupid things like download the latest thing without thinking about it. It's all, me, me, me, me, me. I want it, so I'm going to have it.

Ummm this isn't just andriod users this is pretty much everyone of this generation. Newsflash, we are living in the era of instant gradification and me me me. I'm just as bad as everyone else. iOs users are just as bad if not worse than Android users wanting the latest ios version, jailbreak or an app. If there was a leak of BBM for ios there would have been plenty of iphone, ipad users installing it.


They destroyed the launch of BBM for Blackberry. These weren't even people who were going to use it after two weeks anyway, but now they've given them the extra work that will be pointless in a month's time when people jump off the bandwagon.

Again ios users would have done the exact same thing. I'm current an ios user and would have installed it if I could have to try it out.

The blame belongs to whoever leaked it from blackberry not the users. Tsk Tsk.

And they're downloading an app that they *think* is from Apple themselves. Yet Apple didn't even announce it, nor is it mentioned anywhere on their site. I mean, why think that Apple wouldn't e-mail us about this to begin with, considering it would be HUGE news?

The only press this app got was that it was third party and it appears to have been yanked from google play. They state who the publisher of the app is so people would be able to tell that it wasn't from Apple. If they don't look at that then its there own for not looking.

It is a end user problem more than it is a Google or Apple problem. I mean, honestly, how many of these people might have moved away from Apple stuff in general, but still have credit card information stored? It's like giving the keys to your house to a stranger.
Click to expand...

Not sure what you mean but ios or android/ google play but both parties have your CC. Not sure why one should be trusted with it more then the other.
 
Winni

Winni

macrumors 68040
Oct 15, 2008
3,207
1,196
Germany.
\-V-/ said:
If you're dumb enough to give this shady-as-hell app your login-in details, then you deserve whatever crap that ensues. Don't touch this app with a 40 foot pole.
Click to expand...

Calm down. The NSA gets everything they want directly from Apple, and that's at least as bad as using some service that is running on a Chinese server. I live in Central Europe, and I cannot trust either British, American or Asian products or services anymore. You guys over there created a surveillance machinery that even Orwell couldn't imagine.
 
\-V-/

\-V-/

Suspended
May 3, 2012
3,153
2,688
Winni said:
Calm down. The NSA gets everything they want directly from Apple, and that's at least as bad as using some service that is running on a Chinese server. I live in Central Europe, and I cannot trust either British, American or Asian products or services anymore. You guys over there created a surveillance machinery that even Orwell couldn't imagine.
Click to expand...
I don't care what the NSA has of mine. I don't want some random person to make a bunch of purchases with my Apple ID. The NSA isn't going to go on a shopping spree with my data. They're two different things.
 
Rajani Isa

Rajani Isa

macrumors 65816
Jun 8, 2010
1,161
72
Rogue Valley, Oregon
roadbloc said:
I'd use it. If i used iMessage. And Android. But I doubt Apple will allow this to continue for long. I smell iOS 7.0.1 and an Messages OS X patch coming soon.
Click to expand...
Sorry, you don't smell 7.0.1 coming, it's already out and gone! (Device specific Day 0 patch for the 5S)
techpr said:
This is the primary reason why I don't trust Android. The Google Play Store apps are not reviewed for security threats like Apple's App Store. I have seen lots of malware apps this year.
Click to expand...
And while not frequent, as it is several app sneak things through Apple. Somewhere between ever 6 months to a year it seems like.
AWTTech said:
I did't hear anything about iMessage APIs being released, and if they are, they will not be out for Android developers, it'd be for iOS.
Click to expand...
Actually, the implication when they mentioned doing this for facetime is that it would be available for android developers, etc to use.
Iconoclysm said:
So on the other hand there's no reason to call Apple stupid, insecure, and unreliable?
Click to expand...
At the very least, not off this example. This would be similar to sending out my keys in the mail for duplication - do you trust them not to make an extra copy and give it and the address to someone who would rob you? And would it be my car companies fault or my own?
 
C

curmudgeon32

macrumors regular
Aug 28, 2012
240
1
I really do wish iMessage was one of the options on the iCloud website though. I don't want to link my work computer to my personal iCloud for many reasons, but I'd love to be able to read and respond to texts in my browser.
 
S

samcraig

macrumors P6
Jun 22, 2009
16,779
41,982
USA
Jessica Lares said:
I'm just saying that a majority of Android users are very quick to do stupid things like download the latest thing without thinking about it. It's all, me, me, me, me, me. I want it, so I'm going to have it.

They destroyed the launch of BBM for Blackberry. These weren't even people who were going to use it after two weeks anyway, but now they've given them the extra work that will be pointless in a month's time when people jump off the bandwagon.

And they're downloading an app that they *think* is from Apple themselves. Yet Apple didn't even announce it, nor is it mentioned anywhere on their site. I mean, why think that Apple wouldn't e-mail us about this to begin with, considering it would be HUGE news?
Click to expand...

I bolded comments in your post. These to me are hyperbole and/or simply your opinions. They aren't remotely facts.
 
roadbloc

roadbloc

macrumors G3
Aug 24, 2009
8,784
215
UK
Winni said:
Calm down. The NSA gets everything they want directly from Apple, and that's at least as bad as using some service that is running on a Chinese server. I live in Central Europe, and I cannot trust either British, American or Asian products or services anymore. You guys over there created a surveillance machinery that even Orwell couldn't imagine.
Click to expand...

I think the point is that maybe whoever is collecting this Apple account info from the app may use it maliciously. The NSA probably won't drain your bank account.
 
M

macsrcool1234

Suspended
Oct 7, 2010
1,551
2,130
\-V-/ said:
I don't care what the NSA has of mine. I don't want some random person to make a bunch of purchases with my Apple ID. The NSA isn't going to go on a shopping spree with my data. They're two different things.
Click to expand...

Given your avatar, the irony burns.
 
\-V-/

\-V-/

Suspended
May 3, 2012
3,153
2,688
macsrcool1234 said:
Given your avatar, the irony burns.
Click to expand...
I don't agree with anything the NSA does... but there's nothing that can be done about it. I don't see US citizens rising up against the government to take back their freedoms... and rising up against a government which strips people of their constitutional freedoms is not illegal... so why it hasn't been done yet is beyond me. I just think this country is a bunch of complacent lazy asses. My point was that giving your personal info to some random Chinese server is a recipe for disaster. The NSA isn't going to go on a shopping spree with my credit card. They're just a bunch of snoopy *******s. The NSA already has craploads of data on me... but unless the country is willing to stand up and make a change, it's only going to get worse.
 
scaredpoet

scaredpoet

macrumors 604
Apr 6, 2007
6,627
342
rmwebs said:
From what Saurik has said, the connection goes:

Android Device > China > Apple
Click to expand...

Actually it's more like:

Silly user giving their credentials to an unknown third party -> Android Device -> China -> Apple

That middleman is the issue. If you first connect to another server, there is nothing to stop that server harvesting login details and messages, regardless of its location.
Click to expand...


... and that's something the user must take into account before doing this. Apple cannot hire minders for every single AppleID holder to slap the device out of their hands when they do something stupid. If a user is willingly giving their info to a third party, there's little Apple can do once that info is out.

What baffles me is why this has even been possible. Whilst you can obviously run wireshark and trace where a message goes, there needs to be additional security in place to, for example tie each login down to a device or mac serial number for arguments sake - this then removes the ability for 3rd parties to get access to the API.
Click to expand...

That's... actually what iMessage does currently. But again, if someone is willingly giving their authentication credentials to someone else, then you've given them the ability to tie the MAC of their device to your account.

You cannot protect against willful stupidity. If you freely give the keys to your car to someone you don't know, and they wreck your car, you can't blame the car's manufacturer for not making a secure enough car. You gave that person the means to authenticate themselves as an authorized user, thereby bypassing the protections the manufacturer put in place.

If you REALLY need a carmaker to judge for you if you're too stupid to decide who gets to drive your car, you probably shouldn't be in possession of a car. And perhaps someone could argue that if you really can't make cogent decisions about who you give your username and password to...

By having it public there is little stopping people brute forcing the API and gaining access to accounts.
Click to expand...

There's no evidence to substantiate that there's a public API. For the millionth time: these aren't brute force attacks. These are people consciously and knowingly saying to some guys in China: "here's my username and password. PLEASE log in as me using your mac mini, and be a middleman for my iMessages!"
 
Last edited:
Y

yg17

macrumors Pentium
Aug 1, 2004
15,027
3,002
St. Louis, MO
Jessica Lares said:
I'm just saying that a majority of Android users are very quick to do stupid things like download the latest thing without thinking about it. It's all, me, me, me, me, me. I want it, so I'm going to have it.

They destroyed the launch of BBM for Blackberry. These weren't even people who were going to use it after two weeks anyway, but now they've given them the extra work that will be pointless in a month's time when people jump off the bandwagon.

And they're downloading an app that they *think* is from Apple themselves. Yet Apple didn't even announce it, nor is it mentioned anywhere on their site. I mean, why think that Apple wouldn't e-mail us about this to begin with, considering it would be HUGE news?

It is a end user problem more than it is a Google or Apple problem. I mean, honestly, how many of these people might have moved away from Apple stuff in general, but still have credit card information stored? It's like giving the keys to your house to a stranger.
Click to expand...

The pre-release Android version of BBM was leaked by someone at BlackBerry. It's their own damn fault. People like to try beta software, which is the reason why the entire summer, there were new threads popping up every hour here by non-devs asking how to install the iOS 7 beta.

I don't even see how you can make the connection with the leaked BBM app and this bogus iMessage app. They're two entirely different scenarios who only share Android in common. If this iMessage app was for Windows Phone and not Android, you wouldn't even be bringing BBM up, but hey, never pass up a good chance to trash Android and its users.
 
Jessica Lares

Jessica Lares

macrumors G3
Oct 31, 2009
9,612
1,056
Near Dallas, Texas, USA
JGIGS said:
Not sure what you mean but ios or android/ google play but both parties have your CC. Not sure why one should be trusted with it more then the other.
Click to expand...

I'm not saying that either should be trusted with it more. I'm saying that a simple password can let you do lots of things on either account. Like lead you into people's Amazon/eBay accounts to do even more damage.

Great that Google did away with it though now.
 
G

Gymgenius

Suspended
Jan 29, 2010
211
127
curmudgeon32 said:
I really do wish iMessage was one of the options on the iCloud website though. I don't want to link my work computer to my personal iCloud for many reasons, but I'd love to be able to read and respond to texts in my browser.
Click to expand...

Yes, I would love to see that too.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom