Senator Warren calls out Apple for shutting down Beeper’s ‘iMessage to Android’ solution::U.S. Senator Elizabeth Warren (D-Mass.) is throwing her weight behind Beeper, the app that allowed Android users to message iPhone users via iMessage,

  • Dojan@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    13
    ·
    1 year ago

    Proprietary, closed source, third-party software that hasn’t been audited by a third party, that’s hooking into another proprietary protocol without the owner of said protocol’s approval.

    Sounds to me like Apple fixed a security vulnerability they were exploiting to gain access to the platform. Honestly it reminds me of Microsoft and AOL with the AIM and MSN Messenger wars. I believe AIM used a buffer overflow on purpose for authentication, despite it being a serious security vulnerability.

    • quo@feddit.uk
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      1 year ago

      Sounds to me like Apple fixed a security vulnerability

      No, the protocol to send messenges was reversed engineered. That doesn’t grant access to any sensitive information whatsoever.

      Neither Apple, nor anyone in any of these threads can name even one hypothetical reason this would be a security vulnerability.

      The 1 and only reason for Apple to do this is so that you need to give them money for blue bubbles.

      Figuring out how the chat protocol works is very different than breaking into a protected server, which many people seem to think happened.

      • Dojan@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        8
        ·
        1 year ago

        Of course Apple doesn’t want others to access the iMessage protocol. It’s part of their walled garden. They can claim it’s a secure protocol because they have full control over it. An application like Beeper gaining access undermines this.

        Beeper doesn’t access some sort of global repository of messages, but we’ve no idea what Beeper does with the conversations that are had via their clients. With iMessages you trust Apple, feel about that how you will, with Beeper you trust whoever is in charge of that.

        Beeper is never going to last anyway. If they manage to regain access to iMessages, Apple will just update the protocol to reject them again. With Apple implementing RCS there’s not really any point in applying legal pressure on Apple to open up their platform either.

        • quo@feddit.uk
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          They can claim it’s a secure protocol because they have full control over it. An application like Beeper gaining access undermines this.

          You’re not explaining how it makes it more secure, you’re simply restating the claim that it does.

          Neither Apple, nor anyone here, can give one precise example of how this would make anything more secure.

          we’ve no idea what Beeper does with the conversations that are had via their clients.

          Same for any iMessage user. I could share a secret with another iPhone user, and they could immediately screenshot it and share it.

          Apple could release their own iMessage client for Android if this were really about trusting beeper, but it’s not. It’s about using peer pressure with blue bubbles to sell more iPhones.

          • LilPappyWigwam@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Just hopping on to concur:

            “Apple could release their own iMessage client for Android if this were really about trusting beeper, but it’s not. It’s about using peer pressure with blue bubbles to sell more iPhones.”

            It’s just that simple (and offensive).

        • 2xsaiko@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          They can claim it’s a secure protocol because they have full control over it. An application like Beeper gaining access undermines this.

          Claiming their protocol is “security by obscurity” would not be the win for them you think it is.

      • Dojan@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        All of this has already played out before, some ~20 years ago. Microsoft wanted MSN Messenger to be compatible with AOL’s Instant Messenger, so they reverse-engineered the protocol, only for AOL to update it, breaking the compatibility. It went back and forth until Microsoft revealed that AOL was using a buffer overrun exploit in their client to do remote code injection in order to authenticate the client.

        Apple will never allow Beeper to exist; there’s no point investing any time or money into it as whenever they manage to sneak back in, Apple will boot them back out. Perhaps some sort of legislation will fall in place forcing Apple’s platform open, but given that they’re implementing RCS I somehow doubt it.

        Further, we know nothing about Beeper as a platform. It can/could speak with iMessages, but then what? How do we know it’s secure? Because the owner of the product says so?

        If the idea is to get secure and encrypted messaging between an iOS and an Android user, why not go for something like Signal that’s open source?