Apple blocked Beeper Mini’s iMessage Android app, but Beeper will keep pushing

 

Beeper Mini, the Android app born from a reverse-engineering of Apple's iMessage service, is currently broken, after Apple took measures to block it.

 

Beeper desktop users received a message from co-founder Eric Migicovsky late on Friday afternoon, noting an "iMessage outage" and that "messages are failing to send and receive." Reports had started piling up on Reddit around 2:30 pm Eastern. As of 5:30 pm, both Beeper Cloud on desktop and the Beeper Mini app were reporting errors in sending and receiving messages, with "Failed to lookup on sever: lookup request timed out."

 

Migicovsky suggested to The Verge and TechCrunch Friday that Beeper's data indicated action on Apple's side to block the service. Late on Saturday, Apple offered a statement to The Verge stating that it had indeed done so. Apple "took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage," the statement read. Citing "metadata exposure and enabling unwanted messages, spam, and phishing attacks," Apple stated it would "continue to make updates in the future to protect our users." (Ars has reached out to Apple for comment on the specifics of this message and will update this post with new information).

 

Migicovsky, reached by phone Sunday, took exception to Apple's statement, particularly the claims of security concerns. "In fact, [Beeper Mini] has increased security and decreased exposure for Apple's users," Migicovsky said, especially compared to standard SMS. Migicovsky said Beeper did not allow for unwelcome messages, spam, or phishing, and also said that Beeper does not use "fake credentials." Migicovsky said that Beeper's core iMessage technology has its source code available on GitHub, and that, with escrow provided by a third-party research firm, his company would offer its Android source code to Apple or other involved parties.

 

Migicovsky also questioned why Apple, which typically provides few public statements about such matters to the press or public, would seem to go out of its way to comment on its attempts to counteract Beeper.

 

Beeper Cloud, the multi-service desktop chat app which recently switched to use the same tools as Beeper Mini for iMessage service, was working as of Sunday morning. Migicovsky said that work continued Sunday to bring Beeper Mini for Android back online.

 

Responding to a post on X (formerly Twitter) Saturday asking if restoring Beeper Mini's function would be an "endless cat and mouse game," Migicovsky wrote: "Beeper Cloud and Mini are apps that need to exist. We have built it. We will keep it working. We will share it widely." He added that such an attitude, "especially from people in the tech world," surprised him. "Why do hard things at all? Why keep working on anything that doesn't work the first time?"

 

Beeper's ability to send encrypted iMessages from Android phones grew from a teenager's reverse-engineering of the iMessage protocol, as Ars detailed at launch. The app could not read message contents (nor could Apple), kept encryption keys and contacts on your device, and did not require an Apple ID to authenticate.

 

The app did, however, send a text message from a device to an Apple server, and the response was used to generate an encryption key pair, one for Apple and one for your device. A Beeper service kept itself connected to Apple's servers to notify it and you about new messages. Reddit user moptop and others suggested that Beeper's service used encryption algorithms whose keys were spoofed to look like they came from a Mac Mini running OS X Mountain Lion, perhaps providing Apple a means of pinpointing and block them. Beeper employees have stated on Reddit and elsewhere that an explanation of what was blocked, and how it was worked around, should be forthcoming.

 

Beeper Mini's iMessage capabilities, for which the company was planning to charge $1.99 per month after a seven-day trial, were more than a feature. The company had planned to build additional secure messaging into Beeper Mini, including Signal and WhatsApp messaging, and make it the primary focus of its efforts. Its prior app Beeper, temporarily renamed Beeper Cloud, was marked to be deprecated at some point in favor of the new iMessage-touting Mini app.

 

This post was updated at 12:50 p.m. on Saturday, Dec. 9, to reflect restored function to Beeper Cloud (desktop), and Migicovsky's social media response after the outage. It was updated again at 12:35 p.m. Sunday, Dec. 10, with Apple's statement on its efforts to counteract Beeper, and Migicovsky's comment on the same.