They use a Mac mini somewhere to route these messages. So you’re logging into that Mac mini with your iCloud credentials. Sounds like a privacy/security nightmare and creepy as fuck.
It seems like all efforts to “bridge” imessage to anything outside apple software work this way - there’s a Matrix bridge and a dedicated open source app and they both rely on the imessage client on a mac. Is there a legitimate reason for it not being reverse-engineered yet?
Is there a legitimate reason for it not being reverse-engineered yet?
The actual protocol isn’t a secret. It’s that the authentication of the device relies on a hardware key, and that key is fully locked down by Apple (as it also secures the user’s biometric logins, keyring, financial information in Apple Wallet, etc.).
If it relies on a hardware key then why is it that I can get the same setup working with a macos virtual machine?
Using [BlueBubbles] (https://bluebubbles.app/) for anyone wondering.
I use beeper (a version of these apps that is actually released but kinda shit) and it’s perfectly fine. Their solution would be better because it runs locally on the phone, however it’s only on supported phones which is most likely just nothing phones.
More likely just a Linux VM
iMessage only runs on Apple products
…or a virtualized Apple product on a Linux machine. iMessage doesn’t know the difference.
They’ve stated that they are using Mac minis as relays. They claim that they do not store messages or credentials, but I don’t see how that’s possible if it relies on a Mac or iOS relay server that they control.
deleted
They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.
That would likely still give them a capability to MitM but it’s plausible that they couldn’t passively intercept the messages.
You give them the credentials for your Apple account. The security concept is “trust me bro” and that’s really the best they can do unless Apple helps them (which they have no reason to)
“Trust me bro” is always the security concept of any service where you don’t control the client - that includes regular iMessage (you have to trust Apple) and Google’s RCS (you have to trust Google). They can always instruct or update the client apps on people’s phones to start doing something they weren’t previously doing.
That being said, I would not trust some random sketchy company with something so important. Even if you trust their intentions, you cannot trust their competence in preventing breaches. Stuff gets hacked and leaked all the time.
deleted
Absolutely. The iMessage network isn’t some unknowable beast, it “just” requires an Apple device be involved and activated to work. In order to spoof that far, you’d essentially need to emulate quite a bit on device.
deleted
They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.
They’d need to control the app on both phones in order to control what it’s encrypting/decrypting. Their system only works because they’ve got a device in the middle separately decrypting/re-encrypting each message. Google’s Messages app can’t read iMessages; Apple’s Messages app can’t read Google’s proprietary encrypted RCS messages.
Of course if you want universally cross-platform messaging, complete with full-resolution photos and available with end-to-end encryption, there’s this crazy new technology called “email.” I feel like there’s a missed opportunity for making setting up S/MIME easier.
deleted
If it’s anything like Beeper 's Matrix bridge then it’s E2EE Matrix encrypted between your device and the bridge server and then using Apple’s iMessage encryption between the bridge server and Apple/the other user.
The weak point is always going to be the bridge software as by necessity the message must be decrypted there to re-encrypt for iMessage.
At least in Beeper/Matrix the bridge software is open source and one can host their own bridge while continuing to use the existing Beeper/Matrix main server.
Doing so gives you no-trust security since the Beeper/Matrix host cannot decrypt the messages between you and the bridge you control and rubbing your own bridge eliminates that weak point.
Solving the “blue bubble” problem is easy. Stop giving a fuck about what iPhone users care about.
Or Apple can stop being a bitch and just change the hex code.
They want iPhone users to have want they want and need when switching to Android. I think it’s not a bad idea. Personally, I find MMS to be horrible. Not because of lack of features but because it is different for everybody in one group chat. The messages become out of order, things don’t send but say they do, etc. iMessage isn’t the best solution, but if I’m being kicked out of group chats because I’m that one person making it MMS, then I’m all for iMessage on Android.
I am wondering if there is any other alternative to SMS and MMS that works on all mobile & desktop platforms. Hmmm, let me think… Hmm… Probably not. 🙆
No. Just no. Apple does not get to unilaterally make new protocols for the world.
I don’t want them to either but we both know rcs will not be supported on Apple. At least not easily.
deleted by creator
They bitch about it constantly
I’m an adult, and I deal with family members bitching at me that are over 50. I explain to them every time that this is 100% Apple’s designed problem, and they like to roll their eyes in response.
Apple users CAN be really fucking annoying to deal with. In my admittedly limited experience, most of them are this way.
I’m an iPhone user and I don’t care about this. Not everyone who has an iPhone gives a shit about what phones other people use. Use whatever phone you want and whatever computer you want and whatever OS you want and stop giving a fuck about what other people use like it’s some sort of crime.
My problem with that is that a lot of them then insist on using an outdated standard that lacks encryption and high resolution media instead of just downloading something like WhatsApp, Signal, or Matrix.
The stupidest thing about this is cultural identification with the message apps “bubble” color.
Isn’t it the fact that there will be features missing if someone doesn’t have iMessage? I genuinely don’t think anybody would care if it were just the color of the bubble that was different and nothing else.
I think green bubbles (non iPhone) means it’s using SMS so it can cost people money to send messages, especially images which would be sent as MMS I guess.
I’m an Android user though so I don’t really know. Also I’m in Europe where nobody cares and just uses Signal, WhatsApp or Telegram.
it’s using SMS so it can cost people money to send messages
This is basically the historical and cultural reason why the US uses SMS and MMS: basically every phone plan has unlimited SMS before smartphones became popular, so any smartphone OS needed to seamlessly support it for adoption. Apple successfully bridged that SMS interface into a proprietary messaging protocol and app even while maintaining backwards compatibility with SMS and MMS, but not the new standard that came out after the iPhone.
The kids care. Even in Europe. My nephew and niece had to get iPhones, and soon my son will have to get one or be socially left out. It’s a serious crisis made by greedy corporations is what it really is.
Not one single person on this planet ever had to get an iPhone
Sounds like an opportunity to educate your kids, and by proxy, others.
Kid’s bubble-shaming is no different than any other stupid shit kids have always done.
Don’t feed into it.
And if you really want to have some fun, host something like the iMessage-Matrix bridge mentioned above, or other messaging apps. When your kid shows up as a blue bubble, but friends notice he’s on Android, they’ll be confused…another learning opportunity.
Kid’s bubble-shaming is no different than any other stupid shit kids have always done.
It’s called harassment.
Don’t do it man. Don’t let them get your son.
Yes. The iPhone to MMS connection has filesize limits that basically make sending video horribly compressed, and even still images are visibly limited in quality.
And then message reactions aren’t directly supported in MMS, so it becomes a clunky communications experience between iPhone and Android texting.
There’s also delivery confirmation, read receipts, and other indicators in an iMessage chat that aren’t supported in MMS.
The color of the bubble is a subtle UI indicator of what features are supported in the chat.
*exceptional 'murican identification with the blue bubble.
And the same enlightened kids who are so aware about discrimination and gender fluidity (which is good) are the ones discriminating against others because they don’t have an iPhone.
It’s a status symbol, sure… it may be stupid and primitive as a trophy around a caveman’s neck… but we are just wired like that.
Nothing special here.
No, we are wired to be programmed by giant companies to believe that the ways they influence us are just “toward the natural”.
How is it not natural to want a status symbol? However I agree that companies abuse that to gain power and profit, I’m not questioning that.
It may be natural to want a status symbol (although that drive probably varies wildly between individuals), but I find it sad that having an iPhone is equated to status.
“Look at me in my expensive walled garden!”
Disclaimer: I also dislike Google’s business practices in different ways
I feel you. I dream of the day Linux phones become a thing, but they are not ready yet, although great progress is being made.
Only poor people think a smartphone is a sign of wealth
Only spoiled children would say something like that
Yet no single wealthy person would dare whip out an Android.
This is a figment of someones imagination and demonstrates the entire trope is backed by people with no intelligence, but lots of competitiveness.
Your statement is not correct. Bill Gates uses Android phones:
There are Android phones that are more expensive than the most expensive Apple phone you can get.
Samsung Fold is 2150€ for example.
Only the wealthy people who gained none of that wealth themselves.
It’s not at all, and only the most purile idiots would ever think that, and completely proves my point
RCS sucks ass. I have had more missed messages and fucked up communications due to it NOT USING SMS FALLBACK. other person isn’t available via IP? Then FUCK YOUR MESSAGE.
Want a different app? FUCK YOU
Wanna sort your messages, or filter them, or run an automation? FUCK. YOU.
I don’t blame apple for not implementing this shit.
Also, fuck bubble shaming
I haven’t used SMS for anything besides receiving auth codes and maybe sending some short info to a stranger (for example a contractor). But then again, I live in Europe.
SMS Is way more common I guess in the US because you can text anyone across the US, whereas before EU carriers may have charged more for intra-EU texts?
WhatsApp became popular (in the UK) around the time when SMS was free for most. It was a huge jump over SMS because:
- group chats
- read receipts
- worked on WiFi without a phone signal
- picture / video messages
- it was fast (or it certainly felt faster anyway)
From what I recall at the time, BBM was quite popular but WhatsApp won over in the end as it was cross platform. There was a big appetite to move away from SMS. WhatsApp wasn’t even free at the time, it had a small annual fee on Android or a one off installation fee on iOS and still gained popularity. It’s kind of surprising that the rest of the world seemed to make this jump at the same time but the US seems to be stuck on SMS.
There are always four decisions at play - country of origin of sender and receiver, current location of sender and receiver.
Whenever you enter a different country, you gen an automated SMS informing you of the prices of SMS, MMS, outgoing and incoming price calls per minute.
Rule of thumb used to be - SMS receiving is always free, accepting a call with local SIM card is also free. All the other combinations are usually extra if you are currently in a different country than the SIM origin.
But, now that most of EU is either in Shengen or is a partial member with contracts (like Croatia with mobile internet), you either don’t pay as much or pay no extra at all.
But, yeah, that’s probably the reason SMS never really got off.
Asia represent!
There is a reason they don’t send it until someone is online. On iMessage, you know if someone read it, not if they actually are able to receive it. If they fix the bug where the time of the message is when it finishes sending, it will be a great feature because you know if they have access to their phone and data. It will try to send it throughout the down time. Also you can use other rcs apps and have things go through rcs messages because of desktop authentication.
Do you know of a different RCS enabled app than messages? Honest question
Most carriers either have their own app or their own rcs network for rcs. It is also possible to use the web interface of Google messages to make one, not sure if anyone except beeper has done this though.
iMessage indicates “Delivered” for messages that was received by a recipient device and switches to “Read [time]” when read.
Otherwise it’ll sit without a Delivered or fallback to SMS.
iMessage automatically goes to read if it doesn’t work correctly. Partner got a new phone number when switching providers. She has a Samsung phone, and kept it. The number they gave her came from an iPhone. All messages sent to her from iPhones were marked read on their end and never get delivered. All messages sent to iPhones appear to send, but don’t arrive. All texts from Android to Android still worked fine so we didn’t realize immediately as I had an android phone as well.
The phone number that isn’t owned by Apple is being routed to them even though they should have no part in the process. Apple’s advised solution is to acquire an iPhone to disable iMessages. Thankfully they have a website where you can remove a number from their service, but it is not intuitive to go to AT&T/Verizon/Spectrum/whoever and purchase a cellular plan and then have to reach out to a 3rd party company to shut down their invasive services on products they down own.
This is dumb. For two reasons:
- the fact that a messenging service locks users into an ecosystem.
- the fact that to use this an apple device is still used in the background. This means you log in with your apple id on a device that does not belong to you and that can possibly read all of your messages.
I think issue two is a great way to address issue one.
They have made a closed ecosystem to support their lack of innovation and address their declining sales.
But now people could be able to get into this system that otherwise wouldn’t and use it without giving apple any information, other than potentially putting actual customers messages and AppleIDs at risk.
Because the android forever people who this is for will not have anything important linked to their AppleID but the people they message likely will or at the very least now their communications are at risk given they go through a third party machine.
RCS is practically limited to android ecosystem. Many of the carriers are dependent on Google Jibe to support it.
No one except Google and approved manufacturers can make a RCS app.
It’s limited to Android because this is the only alternative to iPhone and iPhone doesn’t support it.
Many carriers rely on Google Jibe but not all of them, and they don’t have to.
That’s true and I agree that this also stupid. We should all go back to emails with pgp encryption. These are both open standards.
Teenagers today suffer unique threats to their health and wellbeing from technology. It may be super easy for you to say “who the fuck cares about the color” but that is far from the case for US teenagers. Willingly setting yourself apart from the group in high school is a precarious move in the best of circumstances.
And for the rest of us, this goes way beyond the color being used. The SMS/MMS fallback in iMessage offers a terrible experience for non-Apple users. Low quality media, inability to manage one’s own memeberships in groups, and no encryption. For those worried about the lack of e2ee: Android users participating in an iMessage conversation don’t have that today. You’re not losing anything from this solution.
Legal disclosures prove that Apple knowingly uses iMessage in an anticompetitive fashion. It’s a moat to keep people from switching away from iPhone. They are leveraging their position in the messaging market to shore up their restrictive phone products. I wish US antitrust enforcement was stronger in this area but until then, I hope Nothing has great success in breaking down this illegal barrier.
Really interesting how different the US is. Here in central europe it’s pretty much whatsapp, telegram, signal. Most people use 2 or 3 of those. Doesn’t matter what device they are using
iPhones are really popular over there. Most people have one. For teenagers it’s something ridiculous like 85% of them using an iPhone. In Europe we have a more balanced split, so only using iMessage wouldn’t fly here.
I’ve seen a bit of an uptick in the use of Signal in the US, like it’s worth having it installed…sorta.
Personally, I miss out on a lot of group chats because all of my friends have iPhones.
They’ll create a group chat, I won’t get any messages, then suddenly I’m getting a call on Saturday saying “hey are you coming to the party?” or more often than not I don’t get notified at all and end up hearing about all of the things I miss at a later time. It’s annoying, but I really hate iOS so I deal with it.
I’ve got an iMessage server running on my NAS but it’s not perfect, it requires that the iPhone user send the message to my iMessage account associated with my email, not with my phone number.
PyPush lets you link your number to your Apple Account using demo.py if you need that. It needs a cron job to sit on it for the first few weeks but after that its fine.
Hmm good to know, but if my server goes down (power outage, hardware failure, etc.) I’m not sure how I’d receive messages lol.
How the hell do so many teens afford these??
It’s far cheaper than your first car and arguably more important. You find a way when you have to.
How is Apple keeping iMessage an Apple exclusive anticompetitive? That’s like saying Google needs to share their search algorithms because they’re “leveraging their position in the search engine market to shore up their restrictive products.”
In the end, Apple created a service that is massively popular and makes people want to use their products. The fact that US teenagers refuse to use one of their many competitors is hardly their fault. The rest of the world doesn’t give a shit about iMessage either.
Google search is available on apple devices though. Same with stuff like Gmail. Imagine if YouTube didn’t have an app for iOS and you had to use the browser. That would be worse for consumers, but Google could use it as a way to force people into Android. That’s what Apple is doing with iMessage and the whole phone ecosystem is worse because of it, whether you care or not.
[cries angrily in Windows Phone]
You can read about it here: https://www.macrumors.com/2021/04/09/epic-apple-no-imessage-on-android/
Using a dominant market segment to reduce competition in another has always been an antitrust violation. A notable example is MS leveraging their Windows monopoly to force Internet Explorer on people.
You’d have a point if Apple was in the search engine market.
This really demonstrates how apple has its customers and competitors by the balls when it comes to messaging. This OEM is putting time and resources into developing an unauthorized iMessage app using banks of mac minis as servers and requiring users to grant them access to their iCloud account, a system that apple could “break” or sue out of existence on a whim. RCS isn’t the perfect solution, but it’s better than this.
Google wants everyone’s message data, that’s why their pushing it so aggressively.
RCS is technically an open standard. But in reality it completely depends on Google’s Jibe system to make it work for many carriers.
The recent anti competitive trials has shown Google is willing to pay apple billions for people’s internet activity to go through them. With Google currently pushing anti iMessage ads to shame apple into supports RCS, Google has most likely offered Apple a lot of money to use RCS. Apple has decided it’s not worth it.
Why apple isn’t supporting RCS is unknown. But it either user privacy or user retention to their ecosystem. Either way they don’t think more exposure to Google is good for their users. This ‘open’ standard is a joke. If it doesn’t make Google money soon, they kill it like all their previous messenger projects.
RCS is e2ee…
They don’t need your message contents to harvest data. They can see who you talk to, when you talk to them and the type of messages (text/images/videos).
Connecting people together can expand the amount of advertising impressions they can sell. If your speaking to someone at the same time they are googleing a new trampoline, Google can infer your likely to be interested in trampolines as well.
They can see who you talk to, when you talk to them and the type of messages (text/images/videos).
If your speaking to someone at the same time they are googleing a new trampoline, Google can infer your likely to be interested in trampolines as well.
That’s such fuzzy data that it really doesn’t matter at all. Point is, my messages are encrypted, and Google can think I want a trampoline if they want to think that.
Plus you said Google wants everyones messaging data, but they literally aren’t getting it. So no, that’s not why they are pushing it hard.
Apple can also run their own RCS servers (my carrier does). They simply aren’t supporting RCS because they LIKE that Android is shamed for having green bubbles. It would hurt Apple if their phones were more compatible with Android.
It’s not unknown, it’s clearly user retention. And it works in the US where they turned their users into salesmen pushing everyone to buy iPhones so they can use advanced features without having to install a free app.
User retention and RCS sucks. It has serious reliability issues.
Your getting downvoted for RCS issues. I’ve experienced them as well. It doesn’t reliably send messages. It also fails to inform you the message failed and fails to fall back to SMS.
RCS is far worse than this. It’s garbage, doesn’t work.
When I watched MKBHDs video on this, my first thought was whether or not we could selfhost a service like this. If I could run this through my own Mac mini server to my own / family’s phones, that would be great. I don’t think I’d ever feel comfortable logging into my iCloud account on some company’s server with just their pinky promise as a guarantee.
You can self host this already, most likely what nothing is doing https://github.com/mautrix/imessage
That is fascinating. Thanks for the link.
Well yeah it’s not. But it’s the first time something like this has been integrated onto an personal consumer device.
It’s also noteworthy that the RCS platform adopted by companies worldwide is run by Jibe, a company owned by Google. Doubtless, Apple doesn’t want to use Google’s servers any more than it needs to.
“open protocol” my ass. Google just wants control over everything.
Except companies can run their own. In Google messages it tells you who runs your server. Most carriers ran their own, but when they realised there was no benefit (e2ee) and having to maintain it, they started shifting to Google ran servers.
But can’t run my own server.
I don’t know, but that’s not what was said. The comment I replied to said Google controlled everything, and that’s false.
Just here to correct false claims.
Honestly I’m typing this on a Nothing phone and if this appears on my phone instead of them actually fixing the many bugs I’ll be quite pissed.
Every update this phone gets worse both in bugs and battery life and the company seems more obsessed with things like beer, clothing lines and now imessage than actually trying to fix anything that’s actually important.
Wife’s Nothing(1) seems just fine. My only issue with the design is how it acts like an echo chamber for the haptic motor. It actually is quite noisy at the higher settings.
Apple will just block it once they catch on
In a video from MKBHD they mentioned this problem and they said that the idea is basically that Apple will not block it because it will bring them bad PR and attention from regulators who are concerned with anti trust issues. Hard to predict what will actually happen but Apple just blocking 3rd party access and citing (legitimate) privacy and security concerns seems to be a likely outcome.
Apple should block it. It requires people to hand off their apple accounts to an organisation. Someone using an account like this should be blocked by apple’s servers. As they clearly aren’t the account owner.
Many online accounts will return a password incorrect message, even when the password is correct, if they believe your aren’t the account holder (bots, scammers etc). To allow this puts users accounts at risks.
Some bad actors are likely to mimic this setup. Advertise access to iMessage for Android users, then use the apple account to defraud or blackmail them. It will be very attractive to previous iPhone users that will have payment details, addresses and media stored with their apple account.
Dont see how they could. The servers are real apple devices. Apple has no way to know if this is a mac from a real user or somebody proposing a message bridging service to non apple users. Dont see why they’d care either as they make money from the purchased server infrastructure.
This has been around for a few years now as Blhebubble, and they haven’t blocked it.
There’s a couple other bridge services out there too, and those haven’t been blocked… Yet.
Internet has standardized instant messaging 34 years ago.
I’m still curious if this is even legal. It seems like a really good idea, but is Apple going to be able to sue over it? I almost feel like it could be covered under the reverse engineering clause, because it is meant to enable interoperability with another product. But Apple’s terms of service already seem really hamstrung on what is and is not allowed. With the macOS SLA beginning with:
For use on Apple-branded Systems
Obviously iMessage isn’t macOS, and I can’t seem to find a specific terms of service for iMessage specifically, but it is running on it. Which is what would make this integration possible. So what makes me wonder if Apple’s lawyers could find a clause there.
The reason they’re moving forward with this is because if Apple tries to sue, it could make a case for Google that Apple is trying to take control of messaging in the United States. If they don’t sue, should Google come after them down the line Apple can say “we’re aware of 3rd party iMessage and decided to not take action to increase interoperability” yadda yadda.
That’s my guess anyway.
This could easily be blocked by Apple
