Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,006
13,628



iMessage Chat, an unofficial iMessage app for Android devices, has appeared on the Google Play store to provide Android users with access to Apple's instant messaging services (via 9to5Mac). The implementation has, however, raised significant security concerns as it routes user's Apple ID information through remote servers, potentially allowing user accounts, which may be linked with iTunes Store purchases, to be compromised.

imessage_android-800x466.jpg
According to software developer Adam Bell, the app and associated servers facilitate connections to Apple's iMessage server by posing as a Mac mini, with Cydia creator Jay Freeman adding that the app forwards all communication through a server located in China.

In addition, developer Steven Troughton-Smith discovered that the app has the capability to download and install software in the background of a mobile device, which would allow for potential installation of malicious software.

As a result, while the development is an interesting one in terms of third-party interfacing with iMessage, users should be extremely wary of installing this application on their Android devices.

Update: The app is no longer available for download.

Article Link: Unofficial iMessage App for Android Surfaces in Google Play Store Amid Significant Security Concerns [Update: Gone]
 

stark93

macrumors member
Sep 18, 2012
67
29
It's kinda cool in a way. It would be neat to iMessage everyone even though they have a droid!
 
Comment

scaredpoet

macrumors 604
Apr 6, 2007
6,627
342
...routes user's Apple ID information through remote servers...


...by posing as a Mac mini...


... forwards all communication through a server located in China....

...the app has the capability to download and install software in the background of a mobile device...


Seems legit. :rolleyes:

And yet, sadly, their launch rollout probably has gone far better than BBM for iOS and Android.
 
Comment

cdolan92

macrumors newbie
Nov 18, 2009
16
0
emailaddress@gmai.com

Rigghttt.

This is going to last another 30 minutes and be shut down.
 
Comment

5t3f4n

macrumors regular
Aug 1, 2011
207
17
iMessage Chat, an unofficial iMessage app for Android devices, has appeared on the Google Play store [...]

Is it really that clever to start an article with a direct link to something that's most likely malware?
 
Comment

rmwebs

macrumors 68040
Apr 6, 2007
3,140
0
If this really works it basically means ANYONE can read your iMessages. Even if you have to log in - its the fact that someone has found a publicly accessible API to gain access to accounts.

Apple really are pissing me off now with their sheer stupidity when it comes to real security and reliability.

However, on the other hand. I highly doubt someone DID get access...meaning this is just being used to harvest Apple ID usernames and passwords which can then be used to purchase stuff.
 
Comment

kwiky

macrumors member
Aug 8, 2011
44
0
This would be awesome if we you could set this up yourself.

If someone open sourced the backend, I'd gladly run it on a mac at home to allow me to use an android phone with imessage. As it stands right now, there's no way in hell.
 
Comment

Phil A.

Moderator
Staff member
Apr 2, 2006
5,656
2,725
Shropshire, UK
It's already had between 10,000 and 50,000 downloads.

I can't think of a more blatant security risk than giving your Apple ID and Password (which is likely linked to an iTunes account) to a third party: It's nothing more than a man in the middle attack and people are freely signing up for it! What's next: A 3rd party PayPal service?

I despair sometimes!
 
Comment

Tinmania

macrumors 68040
Aug 8, 2011
3,524
1,009
Aridzona
While I would never trust this app, it does illustrate a way to use iMessage on Android via a mac.

Those of us with macs that are already on 24/7 anyway could benefit from a solution that routes iMessages through it--no third-party server involved.

As for what Apple has to say: well I can already run iMessage on my macs from my Android device by remoting into them. I can even remote in and only see the iMessage app.



Michael
 
Comment

goobot

macrumors 603
Jun 26, 2009
5,938
2,966
long island NY
If this really works it basically means ANYONE can read your iMessages. Even if you have to log in - its the fact that someone has found a publicly accessible API to gain access to accounts.

Apple really are pissing me off now with their sheer stupidity when it comes to real security and reliability.

However, on the other hand. I highly doubt someone DID get access...meaning this is just being used to harvest Apple ID usernames and passwords which can then be used to purchase stuff.

I don't understand what you are trying to say, the app its self is just an app that looks like apples iMessage. The reason it then works on the android device is because it then spoofs its self to look like a Mac mini. Obviously if you type your passwords randomly into things on the internet people will be able to get it.
 
Comment

scaredpoet

macrumors 604
Apr 6, 2007
6,627
342
If this really works it basically means ANYONE can read your iMessages. Even if you have to log in - its the fact that someone has found a publicly accessible API to gain access to accounts.

No, it doesn't mean that. It means that someone is emulating a mac mini (or, may actually have one set up somewhere, like this, in China) and that the user has willfully given them an AppleID username and password with which to send and receive messages on your behalf.

As with many things, the weakest link in this security chain is between the keyboard and the chair. The most secure, most encrypted API in the world is useless when the user freely and openly hands their credentials over. As long as you don't do that, they can't access your account, plain and simple.
 
Comment

jroadley

macrumors regular
Oct 5, 2009
124
6
Norwich, UK
I really do hate the Google Play store. More control needed.

It's the wild west in there.

(And I am a Nexus 7 owner too!)
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.