Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Unofficial iMessage App for Android Surfaces in Google Play Store Amid Significant Security Concerns [Update: Gone]

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,159
38,934



iMessage Chat, an unofficial iMessage app for Android devices, has appeared on the Google Play store to provide Android users with access to Apple's instant messaging services (via 9to5Mac). The implementation has, however, raised significant security concerns as it routes user's Apple ID information through remote servers, potentially allowing user accounts, which may be linked with iTunes Store purchases, to be compromised.

imessage_android-800x466.jpg
According to software developer Adam Bell, the app and associated servers facilitate connections to Apple's iMessage server by posing as a Mac mini, with Cydia creator Jay Freeman adding that the app forwards all communication through a server located in China.

In addition, developer Steven Troughton-Smith discovered that the app has the capability to download and install software in the background of a mobile device, which would allow for potential installation of malicious software.

As a result, while the development is an interesting one in terms of third-party interfacing with iMessage, users should be extremely wary of installing this application on their Android devices.

Update: The app is no longer available for download.

Article Link: Unofficial iMessage App for Android Surfaces in Google Play Store Amid Significant Security Concerns [Update: Gone]
 
Article Link
https://www.macrumors.com/2013/09/24/unofficial-imessage-app-for-android-surfaces-in-google-play-store-amid-significant-security-concerns/
It's kinda cool in a way. It would be neat to iMessage everyone even though they have a droid!
 
MacRumors said:
...routes user's Apple ID information through remote servers...


...by posing as a Mac mini...


... forwards all communication through a server located in China....

...the app has the capability to download and install software in the background of a mobile device...
Click to expand...


Seems legit. :rolleyes:

And yet, sadly, their launch rollout probably has gone far better than BBM for iOS and Android.
 
emailaddress@gmai.com

Rigghttt.

This is going to last another 30 minutes and be shut down.
 
MacRumors said:
iMessage Chat, an unofficial iMessage app for Android devices, has appeared on the Google Play store [...]
Click to expand...

Is it really that clever to start an article with a direct link to something that's most likely malware?
 
If this really works it basically means ANYONE can read your iMessages. Even if you have to log in - its the fact that someone has found a publicly accessible API to gain access to accounts.

Apple really are pissing me off now with their sheer stupidity when it comes to real security and reliability.

However, on the other hand. I highly doubt someone DID get access...meaning this is just being used to harvest Apple ID usernames and passwords which can then be used to purchase stuff.
 
This would be awesome if we you could set this up yourself.

If someone open sourced the backend, I'd gladly run it on a mac at home to allow me to use an android phone with imessage. As it stands right now, there's no way in hell.
 
It's already had between 10,000 and 50,000 downloads.

I can't think of a more blatant security risk than giving your Apple ID and Password (which is likely linked to an iTunes account) to a third party: It's nothing more than a man in the middle attack and people are freely signing up for it! What's next: A 3rd party PayPal service?

I despair sometimes!
 
While I would never trust this app, it does illustrate a way to use iMessage on Android via a mac.

Those of us with macs that are already on 24/7 anyway could benefit from a solution that routes iMessages through it--no third-party server involved.

As for what Apple has to say: well I can already run iMessage on my macs from my Android device by remoting into them. I can even remote in and only see the iMessage app.



Michael
 
rmwebs said:
If this really works it basically means ANYONE can read your iMessages. Even if you have to log in - its the fact that someone has found a publicly accessible API to gain access to accounts.

Apple really are pissing me off now with their sheer stupidity when it comes to real security and reliability.

However, on the other hand. I highly doubt someone DID get access...meaning this is just being used to harvest Apple ID usernames and passwords which can then be used to purchase stuff.
Click to expand...

I don't understand what you are trying to say, the app its self is just an app that looks like apples iMessage. The reason it then works on the android device is because it then spoofs its self to look like a Mac mini. Obviously if you type your passwords randomly into things on the internet people will be able to get it.
 
rmwebs said:
If this really works it basically means ANYONE can read your iMessages. Even if you have to log in - its the fact that someone has found a publicly accessible API to gain access to accounts.
Click to expand...

No, it doesn't mean that. It means that someone is emulating a mac mini (or, may actually have one set up somewhere, like this, in China) and that the user has willfully given them an AppleID username and password with which to send and receive messages on your behalf.

As with many things, the weakest link in this security chain is between the keyboard and the chair. The most secure, most encrypted API in the world is useless when the user freely and openly hands their credentials over. As long as you don't do that, they can't access your account, plain and simple.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back