Sunbird Shuts Down iMessage App for Android Over Security Concerns

[4ppleJack]

Pretty confident still. As this is a cause and effect. They (EU) want Apple to open up, and 3rd parties will jump on it. This is an expected outcome for what the laws will enable to happen. And worse.

Before the EU rules Apple could work to shut this type of thing down if it became a problem. Now, the EU wants this type of thing to exist without Apple being able to prevent it or "fix" it. They want them to "make it work".

You're shifting the timeline around to fit your narrative that the EU is some sort of boogeyman and this is a cause and effect situation of the EU wanting "...Apple to open up".
The solution used by BlueBubbles, Sunbird and others existed long before this and wasn't a result of the EU but rather people wanting to cross-platform a closed messaging service.

If the database was encrypted on the VM/Container, by Apple by default. That only protects the data itself. Not the ability for this process to work.

Specifically, and by all means technically, why not?

I wouldn't say unfortunately. If they didn't get caught. Others may have tried to use this method without any due diligence as well.

Others already do.

 

[djphat2000]

You're shifting the timeline around to fit your narrative that the EU is some sort of boogeyman and this is a cause and effect situation of the EU wanting "...Apple to open up".
The solution used by BlueBubbles, Sunbird and others existed long before this and wasn't a result of the EU but rather people wanting to cross-platform a closed messaging service.

If you say so. I haven't seen anyone or group promoting iMessage to "something" else abilities in the US. This is literally the first marketed solution I've heard of. And it didn't last very long. Whom else is offering something like this? Can you provide any links? You mentioned BlueBubbles, but that looks like something "you" have to run to make work.

Specifically, and by all means technically, why not?

Encryption hasn't anything to do with making this work. You can encrypt the traffic while in flight (in transit) and or at rest (on disk). The DB can be encrypted fairly easily. I don't personally use FireDB, but M$ SQL is just a button click to enable, even per table (maybe FireDB doesn't allow for this?). Obviously you would do all of this. If you can containerize "just" the iMessage piece on a server (not something I have heard of doing, guessing you need the whole OS). Your AppleID will only see your data from phone to iMessage container to whatever destination it needs to go to. All the way through the chain you should have encrypted data going to the end destination.

"Now", If the process has to translate it from iMessage to something else. I'm sure there could be some formatting discrepancies between 3rd party messaging solution(s) and or RCS to iMessage. Then that in flight moment between the two could have your data open (just a guess but definitely leaning towards that being the case). Since not every feature would be like for like on each platform. Something would have to translate that so it looks right on both ends. As long as that part was dissolved after use, then I guess no biggie there. And if it needed to be stored, it could be re-encrypted within the DB.

The issue with this though is that since Apple isn't involved in this. And you would currently need a middle MacOS (Container) to act as the go between. Either you hosted it or this 3rd party does it. It's not cheap and well, inefficient to run how many iMessage containers? Since you can only legally do that on Apple hardware. You could buy up a lot of old intel Mac Pro's and max out the hardware specs. Run a hypervisor on it and be "legal". But, that's not a permanent solution. Not aware of any bare metal hypervisor support on Apple's M series chips yet. So, you would be stuck on intel based Mac's. This isn't a good idea if you're trying to make any money.

Others already do.

Same question as the first above. Anyone doing this "right" and for free?

 

[mazz0]

Green bubble friends are part of our group chats and they can participate just fine?

What? How? SMS doesn't support group chat.

Let's say you and I are on iPhone and Alice is not, she's using SMS. She sends a message to the group, ie to both of us. That's two independent messages - the SMS you receive doesn't include any information saying it was also sent to me, and the one I receive doesn't include any information saying it was also sent to you, because SMS doesn't support that metadata, so our phones don't know it's part of a group chat, so they can only show it in a single direct conversation with Alice.

Are you saying that's not what you see - you see it as part of a group chat? I don't know how that's happening if so, has never happened for me and I don't see how it could.

 

[seek3r]

If you say so. I haven't seen anyone or group promoting iMessage to "something" else abilities in the US. This is literally the first marketed solution I've heard of. And it didn't last very long. Whom else is offering something like this? Can you provide any links?

Beeper’s been around and successful for quite a while… https://help.beeper.com/chat-networks/imessage

 

[djphat2000]

Beeper’s been around and successful for quite a while… https://help.beeper.com/chat-networks/imessage

"Beeper is free to use. We will also have an optional paid subscription called Beeper Plus, which includes additional features like larger chat history backup, access to unlimited network connections, and more.

For now, everyone has access to all the features of Beeper Plus for free. At some point in 2023, we will begin charging $5-10 per month for Beeper Plus. We will give you a warning before that begins and switch everyone by default to the free plan."

"Today, we are making Beeper free for everyone. - March 2023

* Most chat apps are offered at no-cost to you, but come with dubious associated business models (harvesting your data to show ads, hardware ecosystem lock-in, etc)."

- Kind of what I expected to see from anyone "not" charging for this function. -

"Beeper’s web service consists of a Matrix homeserver and infrastructure to run open source bridges that connect to 15 different chat networks."

I mean. They could be doing things on the up and up. "I" personally would never use such a service. SMS works fine for me with those on Android, and I don't use WhatsApp or really any other messaging service. RCS may make this somewhat of a moot point, but then all the other services will have to use that as medium of exchange between them. Which in the end just replaces SMS with something much better. And still allowing every platform to innovate with "their" app independently.

Thanks.

 

[seek3r]

"Beeper is free to use. We will also have an optional paid subscription called Beeper Plus, which includes additional features like larger chat history backup, access to unlimited network connections, and more.

For now, everyone has access to all the features of Beeper Plus for free. At some point in 2023, we will begin charging $5-10 per month for Beeper Plus. We will give you a warning before that begins and switch everyone by default to the free plan."

"Today, we are making Beeper free for everyone. - March 2023

* Most chat apps are offered at no-cost to you, but come with dubious associated business models (harvesting your data to show ads, hardware ecosystem lock-in, etc)."

- Kind of what I expected to see from anyone "not" charging for this function. -

"Beeper’s web service consists of a Matrix homeserver and infrastructure to run open source bridges that connect to 15 different chat networks."

I mean. They could be doing things on the up and up. "I" personally would never use such a service. SMS works fine for me with those on Android, and I don't use WhatsApp or really any other messaging service. RCS may make this somewhat of a moot point, but then all the other services will have to use that as medium of exchange between them. Which in the end just replaces SMS with something much better. And still allowing every platform to innovate with "their" app independently.

Thanks.

I’m not sure what your point is? You asked if anyone else is doing this, I posted one option that exists (which, btw, I believe can be self hosted too if you wanted to avoid their hosted services). I’m not recommending its use, I’m just responding to your assertion that there werent other similar services

 

[ApAx]

What? How? SMS doesn't support group chat.

Let's say you and I are on iPhone and Alice is not, she's using SMS. She sends a message to the group, ie to both of us. That's two independent messages - the SMS you receive doesn't include any information saying it was also sent to me, and the one I receive doesn't include any information saying it was also sent to you, because SMS doesn't support that metadata, so our phones don't know it's part of a group chat, so they can only show it in a single direct conversation with Alice.

Are you saying that's not what you see - you see it as part of a group chat? I don't know how that's happening if so, has never happened for me and I don't see how it could.

Perhaps I am misremembering. But in 13 years of owning an iPhone, there was never an issue with group chat text messages. No one I know here in the U.S. needs third party messaging apps. We all use native messaging apps and manage without issue. Maybe it's because iPhone has the majority market among my contact groups?

 

[seek3r]

What? How? SMS doesn't support group chat.

Let's say you and I are on iPhone and Alice is not, she's using SMS. She sends a message to the group, ie to both of us. That's two independent messages - the SMS you receive doesn't include any information saying it was also sent to me, and the one I receive doesn't include any information saying it was also sent to you, because SMS doesn't support that metadata, so our phones don't know it's part of a group chat, so they can only show it in a single direct conversation with Alice.

Are you saying that's not what you see - you see it as part of a group chat? I don't know how that's happening if so, has never happened for me and I don't see how it could.

My group chats with android users in the mix dont have that problem… the major frustration is degradation of media (photos are sent to handle lowest common denominator), etc, as well as lack of encryption, but the actual group chat part works just fine… and I’ve never heard anyone else have a problem like that either

This sounds like a problem with your own config

 

[4ppleJack]

If you say so. I haven't seen anyone or group promoting iMessage to "something" else abilities in the US. This is literally the first marketed solution I've heard of. And it didn't last very long. Whom else is offering something like this? Can you provide any links? You mentioned BlueBubbles, but that looks like something "you" have to run to make work.

Someone else beat me to it with Beeper but i wasn't discussing commercialised products but rather than the solution used by the likes of Sunbird, BlueBubbles etc existed prior to the EU wanting "...Apple to open up" and wasn't a cause effect situation you think it is.

Spoiler: Guff

Encryption hasn't anything to do with making this work. You can encrypt the traffic while in flight (in transit) and or at rest (on disk). The DB can be encrypted fairly easily. I don't personally use FireDB, but M$ SQL is just a button click to enable, even per table (maybe FireDB doesn't allow for this?). Obviously you would do all of this. If you can containerize "just" the iMessage piece on a server (not something I have heard of doing, guessing you need the whole OS). Your AppleID will only see your data from phone to iMessage container to whatever destination it needs to go to. All the way through the chain you should have encrypted data going to the end destination.

"Now", If the process has to translate it from iMessage to something else. I'm sure there could be some formatting discrepancies between 3rd party messaging solution(s) and or RCS to iMessage. Then that in flight moment between the two could have your data open (just a guess but definitely leaning towards that being the case). Since not every feature would be like for like on each platform. Something would have to translate that so it looks right on both ends. As long as that part was dissolved after use, then I guess no biggie there. And if it needed to be stored, it could be re-encrypted within the DB.

The issue with this though is that since Apple isn't involved in this. And you would currently need a middle MacOS (Container) to act as the go between. Either you hosted it or this 3rd party does it. It's not cheap and well, inefficient to run how many iMessage containers? Since you can only legally do that on Apple hardware. You could buy up a lot of old intel Mac Pro's and max out the hardware specs. Run a hypervisor on it and be "legal". But, that's not a permanent solution. Not aware of any bare metal hypervisor support on Apple's M series chips yet. So, you would be stuck on intel based Mac's. This isn't a good idea if you're trying to make any money.

You've gone off on a wild tangent about infrastructure and E2E when originally i stated that Apple could make it a lot harder (for starters, minimise access to 'chat.db') for third-parties to deploy a relay-type solution used by the likes of BlueBubbles (their Github repo shows exactly how this works), Sunbird etc.

Either way, this has dragged on for a lot, lot longer than it needed to so have a good-one

 

[djphat2000]

Someone else beat me to it with Beeper but i wasn't discussing commercialised products but rather than the solution used by the likes of Sunbird, BlueBubbles etc existed prior to the EU wanting "...Apple to open up" and wasn't a cause effect situation you think it is.

Ok, but at the end of the day this is what the EU wants. Even with companies that stared up before the rules. They didn't seem to take that into account as to the possible side effects of the laws. Or didn't care.

You've gone off on a wild tangent about infrastructure and E2E when originally i stated that Apple could make it a lot harder (for starters, minimise access to 'chat.db') for third-parties to deploy a relay-type solution used by the likes of BlueBubbles (their Github repo shows exactly how this works), Sunbird etc.

You asked. "Specifically, and by all means technically, why not?"

Either way, this has dragged on for a lot, lot longer than it needed to so have a good-one

Cheers.

 

[djphat2000]

I’m not sure what your point is? You asked if anyone else is doing this, I posted one option that exists (which, btw, I believe can be self hosted too if you wanted to avoid their hosted services). I’m not recommending its use, I’m just responding to your assertion that there werent other similar services

I posted what they "beeper" stated as to how their product works. Pointing out that it would have cost the end user to use this service. They later changed it so they have a free tier. And that other companies would sell your data to cover their expenses in hosting the service. They claim not to, but there would be very little in terms of a point to provide this type of thing for free. It's an entirely inefficient process.

I guess I gave too much information.

 

[seek3r]

I posted what they "beeper" stated as to how their product works. Pointing out that it would have cost the end user to use this service. They later changed it so they have a free tier. And that other companies would sell your data to cover their expenses in hosting the service. They claim not to, but there would be very little in terms of a point to provide this type of thing for free. It's an entirely inefficient process.

I guess I gave too much information.

I'm *still* not sure what point you're trying to make.... Cost wasnt the question, existence of the service was. Sunbird wasnt actually free either, you get that, right? You had to buy the nothing phone to get it for "free", the fee structure was handled by you buying the phone and nothing paying sunbird.

 

[djphat2000]

I'm *still* not sure what point you're trying to make.... Cost wasnt the question, existence of the service was. Sunbird wasnt actually free either, you get that, right? You had to buy the nothing phone to get it for "free", the fee structure was handled by you buying the phone and nothing paying sunbird.

Yeah mate I get it. As stated, just trying to point something out.

 

[seek3r]

Yeah mate I get it. As stated, just trying to point something out.

Ok… what are you trying to point out? Try a single summary sentence, it seems like you go on very random tangents when it gets longer than that

 

[mazz0]

My group chats with android users in the mix dont have that problem… the major frustration is degradation of media (photos are sent to handle lowest common denominator), etc, as well as lack of encryption, but the actual group chat part works just fine… and I’ve never heard anyone else have a problem like that either

This sounds like a problem with your own config

I think we must be talking at cross-purposes, because if you’re saying what I thought you were saying then I really don’t see how it can be true.

To be clear, are you saying it works like this:

1. You send a message to Alice and Bob. Alice is on iPhone, Bob is on Android.
2. Your messages shows up in your “Alice and Bob” conversation in Messages.
3. Bob replies to you and Alice.
4. Bob’s message shows up in your “Alice and Bob” conversation in Messages.

If so, could you send a screenshot (with redaction if necessary) to confirm we’re talking about the same situation?

I have never, ever, seen an incoming message, in green, in a group chat. I can *send* a message to multiple people over SMS, but when they reply they come in a direct message, just between the sender and me. That’s a limitation of SMS, I don’t see how it can be different for you. Unless there’s a different SMS standard where you live?

 

[mazz0]

Perhaps I am misremembering. But in 13 years of owning an iPhone, there was never an issue with group chat text messages. No one I know here in the U.S. needs third party messaging apps. We all use native messaging apps and manage without issue. Maybe it's because iPhone has the majority market among my contact groups?

I think you must be misremembering - I really don’t see how it can be otherwise unless the US doesn’t actually use standard SMS (I think does though).

Sorry to repeat myself but I’d really like to know the answer here so I’m going to copy paste what I just asked someone else, would be cool if you could answer:

I think we must be talking at cross-purposes, because if you’re saying what I thought you were saying then I really don’t see how it can be true.

To be clear, are you saying it works like this:

1. You send a message to Alice and Bob. Alice is on iPhone, Bob is on Android.
2. Your messages shows up in your “Alice and Bob” conversation in Messages.
3. Bob replies to you and Alice.
4. Bob’s message shows up in your “Alice and Bob” conversation in Messages.

If so, could you send a screenshot (with redaction if necessary) to confirm we’re talking about the same situation?

I have never, ever, seen an incoming message, in green, in a group chat. I can *send* a message to multiple people over SMS, but when they reply they come in a direct message, just between the sender and me. That’s a limitation of SMS, I don’t see how it can be different for you. Unless there’s a different SMS standard where you live?

 

[seek3r]

I think we must be talking at cross-purposes, because if you’re saying what I thought you were saying then I really don’t see how it can be true.

To be clear, are you saying it works like this:

1. You send a message to Alice and Bob. Alice is on iPhone, Bob is on Android.
2. Your messages shows up in your “Alice and Bob” conversation in Messages.
3. Bob replies to you and Alice.
4. Bob’s message shows up in your “Alice and Bob” conversation in Messages.

If so, could you send a screenshot (with redaction if necessary) to confirm we’re talking about the same situation?

I have never, ever, seen an incoming message, in green, in a group chat. I can *send* a message to multiple people over SMS, but when they reply they come in a direct message, just between the sender and me. That’s a limitation of SMS, I don’t see how it can be different for you. Unless there’s a different SMS standard where you live?

That is exactly what I’m saying, yes

Here’s one of my chats for ex

 

[ApAx]

That is exactly what I’m saying, yes

Here’s one of my chats for ex

@mazz0 That is what I see as well (I don't have an active example at the moment.) Group chat over SMS/MMS with mix of iPhone and android works. None of us have ever needed third party messaging apps to do this.

 

[mazz0]

@mazz0 That is what I see as well (I don't have an active example at the moment.) Group chat over SMS/MMS with mix of iPhone and android works. None of us have ever needed third party messaging apps to do this.

Tagging @seek3r.

Wow. I don’t understand how that works. Are you both US based? All I can think of is that some/all US mobile networks have implemented some extension of SMS to make this work.

What I see is a group chat labelled “Outgoing”, where I can text a group, but when anyone replies their message comes through in a separate chat, one on one.

Anybody know more about this? Could go a long way to explaining the popularity of third party apps outside the US.

Also, that’s a coincidence - my neighbours and I are currently dealing with a potential homeless cat issue right now! If he is indeed abandoned I’m inclined to invite him to live here, if my existing boys get on with him.

Edit: curiouser and curiouser: this NYT article mentions that group chat is one of the selling points of third party apps compared to SMS, which implies the NYT experience the same limitation in SMS that we in Europe have. What *is* going on?

 

[DeepWebinar]

Yup and more tech support hell for Apple when people start unwittingly installing malicious apps and getting their data stolen. Who are they going to call when that starts happening? I’m pretty sure Apple is going to update the AppleCare and limited warranty terms to exclude servicing any device that has a third party App Store and any apps installed from those stores. I would definitely do that. You want third party. Get support from them. But by doing that you void your warranty with Apple. Just like jailbreaking currently.

it’s really heartwarming to see that the company valued at just over 3 trillion dollars has someone looking out for them against these greedy and oppressive customers who hold so much power. i mean imagine if they had to pay people to explain something to the people who buy their products, they’d go out of business within months!

thank you for your service 🫡