• chiisanaA
    link
    1911 months ago

    Beeper is also responding to Apple’s initial statement that its app, which is based on a reverse engineering of the iMessage protocol, comes with potential risks to user privacy and security. “We deeply object to the allegation,” the company wrote, and it’s willing to share Beeper Mini’s entire codebase “with a mutually agreed upon third-party security research firm” to analyze the app for any issues.

    Beeper is kind of missing the point here. Apple is not shutting it down because Beeper could do anything bad to its users — these are Android users that might not even own an Apple device. Rather, Apple is shutting it down because other people could use similar exploit (the POC appears to use an unsigned device certificate for device authentication) to send phishing / spam messages to the Apple iOS/macOS users at large. With the exploit taken away, it is harder for bad actors to leverage the same channel to attack regular users because without third party means to do this, bad actors would have to find other ways to automate attacks on a much more restricted device.

    • Ghostalmedia
      link
      fedilink
      English
      1211 months ago

      Exactly.

      If you want to be mad about Apple not opening iMessage up, be mad that they don’t have an SDK, API, etc for non-Apple developers.

      Don’t be mad that they’re plugging exploits that people decided to turn into a product.

      • kick_out_the_jams
        link
        fedilink
        2
        edit-2
        11 months ago

        If you want to be mad about Apple not opening iMessage up, be mad that they don’t have an SDK, API, etc for non-Apple developers.

        There might have been anger in the beginning but after 10+ years it’s just kinda disappointment.

        The only reason anybody is trying to make it a product is because there is demand and they think people will pay if they can deliver.