Pluralistic: An adversarial iMessage client for Android (07 Dec 2023)

Originally published at: Pluralistic: An adversarial iMessage client for Android (07 Dec 2023) – Pluralistic: Daily links from Cory Doctorow



Today's links



A screenshot of an early iMessage setup dialog showing that iMessage was a multiprotocol client.

An adversarial iMessage client for Android (permalink)

Adversarial interoperability is one of the most reliable ways to protect tech users from predatory corporations: that's when a technologist reverse-engineers an existing product to reconfigure or mod it (interoperability) in ways its users like, but which its manufacturer objects to (adversarial):

https://www.eff.org/deeplinks/2019/10/adversarial-interoperability

"Adversarial interop" is a mouthful, so at EFF, we coined the term "competitive compatibility," or comcom, which is a lot easier to say and to spell.

Scratch any tech success and you'll find a comcom story. After all, when a company turns its screws on its users, it's good business to offer an aftermarket mod that loosens them again. HP's $10,000/gallon inkjet ink is like a bat-signal for third-party ink companies. When Mercedes announces that it's going to sell you access to your car's accelerator pedal as a subscription service, that's like an engraved invitation to clever independent mechanics who'll charge you a single fee to permanently unlock that "feature":

https://www.techdirt.com/2023/12/05/carmakers-push-forward-with-plans-to-make-basic-features-subscription-services-despite-widespread-backlash/

Comcom saved giant tech companies like Apple. Microsoft tried to kill the Mac by rolling out a truly cursèd version of MS Office for MacOS. Mac users (5% of the market) who tried to send Word, Excel or Powerpoint files to Windows users (95% of the market) were stymied: their files wouldn't open, or they'd go corrupt. Tech managers like me started throwing the graphic designer's Mac and replacing it with a Windows box with a big graphics card and Windows versions of Adobe's tools.

Comcom saved Apple's bacon. Apple reverse-engineered MS's flagship software suite and made a comcom version, iWork, whose Pages, Numbers and Keynote could flawlessly read and write MS's Word, Excel and Powerpoint files:

https://www.eff.org/deeplinks/2019/06/adversarial-interoperability-reviving-elegant-weapon-more-civilized-age-slay

It's tempting to think of iWork as benefiting Apple users, and certainly the people who installed and used it benefited from it. But Windows users also benefited from iWork. The existence of iWork meant that Windows users could seamlessly collaborate on and share files with their Mac colleagues. IWork didn't just add a new feature to the Mac ("read and write files that originated with Windows users") – it also added a feature to Windows: "collaborate with Mac users."

Every pirate wants to be an admiral. Though comcom rescued Apple from a monopolist's sneaky attempt to drive it out of business, Apple – now a three trillion dollar company – has repeatedly attacked comcom when it was applied to Apple's products. When Apple did comcom, that was progress. When someone does comcom to Apple, that's piracy.

Apple has many tools at its disposal that Microsoft lacked in the early 2000s. Radical new interpretations of existing copyright, contract, patent and trademark law allows Apple – and other tech giants – to threaten rivals who engage in comcom with both criminal and civil penalties. That's right, you can go to prison for comcom these days. No wonder Jay Freeman calls this "felony contempt of business model":

https://pluralistic.net/2023/11/09/lead-me-not-into-temptation/#chamberlain

Take iMessage, Apple's end-to-end encrypted (E2EE) instant messaging tool. Apple customers can use iMessage to send each other private messages that can't be read or altered by third parties – not cops, not crooks, not even Apple. That's important, because when private messaging systems get hacked, bad things happen:

https://en.wikipedia.org/wiki/2014_celebrity_nude_photo_leak

But Apple has steadfastly refused to offer an iMessage app for non-Apple systems. If you're an Apple customer holding a sensitive discussion with an Android user, Apple refuses to offer you a tool to maintain your privacy. Those messages are sent "in the clear," over the 38-year-old SMS protocol, which is trivial to spy on and disrupt.

Apple sacrifices its users' security and integrity in the hopes that they will put pressure on their friends to move into Apple's walled garden. As CEO Tim Cook told a reporter: if you want to have secure communications with your mother, buy her an iPhone:

https://finance.yahoo.com/news/tim-cook-says-buy-mom-210347694.html

Last September, a 16-year old high school student calling himself JJTech published a technical teardown of iMessage, showing how any device could send and receive encrypted messages with iMessage users, even without an Apple ID:

https://jjtech.dev/reverse-engineering/imessage-explained/

JJTech even published code to do this, in an open source library called Pypush:

https://github.com/JJTech0130/pypush

In the weeks since, Beeper has been working to productize JJTech's code, and this week, they announced Beeper Mini, an Android-based iMessage client that is end-to-end encrypted:

https://beeper.notion.site/How-Beeper-Mini-Works-966cb11019f8444f90baa314d2f43a54

Beeper is known for a multiprotocol chat client built on Matrix, allowing you to manage several kinds of chat from a single app. These multiprotocol chats have been around forever. Indeed, iMessage started out as one – when it was called "iChat," it supported Google Talk and Jabber, another multiprotocol tool. Other tools like Pidgin have kept the flame alive for decades, and have millions of devoted users:

https://www.eff.org/deeplinks/2021/07/tower-babel-how-public-interest-internet-trying-save-messaging-and-banish-big

But iMessage support has remained elusive. Last month, Nothing launched Sunchoice, a disastrous attempt to bring iMessage to Android, which used Macs in a data-center to intercept and forward messages to Android users, breaking E2EE and introducing massive surveillance risks:

https://www.theverge.com/2023/11/21/23970740/sunbird-imessage-app-shut-down-privacy-nothing-chats-phone-2

Beeper Mini does not have these defects. The system encrypts and decrypts messages on the Android device itself, and directly communicates with Apple's servers. It gathers some telemetry for debugging, and this can be turned off in preferences. It sends a single SMS to Apple's servers during setup, which changes your device's bubble from green to blue, so that Apple users now correctly see your device as a secure endpoint for iMessage communications.

Beeper Mini is now available in Google Play:

https://play.google.com/store/apps/details?id=com.beeper.ima&hl=en_US

Now, this is a high-stakes business. Apple has a long history of threatening companies like Beeper over conduct like this. And Google has a long history deferring to those threats – as it did with OG App, a superior third-party Instagram app that it summarily yanked after Meta complained:

https://pluralistic.net/2023/02/05/battery-vampire/#drained

But while iMessage for Android is good for Android users, it's also very good for Apple customers, who can now get the privacy and security guarantees of iMessage for all their contacts, not just the ones who bought the same kind of phone as they did. The stakes for communications breaches have never been higher, and antitrust scrutiny on Big Tech companies has never been so intense.

Apple recently announced that it would add RCS support to iOS devices (RCS is a secure successor to SMS):

https://9to5mac.com/2023/11/16/apple-rcs-coming-to-iphone/

Early word from developers suggests that this support will have all kinds of boobytraps. That's par for the course with Apple, who love to announce splashy reversals of their worst policies – like their opposition to right to repair – while finding sneaky ways to go on abusing its customers:

https://pluralistic.net/2023/09/22/vin-locking/#thought-differently

The ball is in Apple's court, and, to a lesser extent, in Google's. As part of the mobile duopoly, Google has joined with Apple in facilitating the removal of comcom tools from its app store. But Google has also spent millions on an ad campaign shaming Apple for exposing its users to privacy risks when talking to Android users:

https://www.theverge.com/2023/9/21/23883609/google-rcs-message-apple-iphone-ipager-ad

While we all wait for the other shoe to drop, Android users can get set up on Beeper Mini, and technologists can kick the tires on its code libraries and privacy guarantees.


Hey look at this (permalink)



A Wayback Machine banner.

This day in history (permalink)

#20yrsago Not to be read by Metafilter Matt https://web.archive.org/web/20031208053325/https://jonsullivan.com/thread.php?id=110&mat=8549

#20yrsago How many years does an Azeri have to work to buy a copy of WinXP? https://web.archive.org/web/20031204165358/https://firstmonday.org/issues/issue8_12/ghosh/index.html

#15yrsago How the Great Firewall of Britain works https://nock.co.uk/2008/12/08/great-firewall-of-britain/

#15yrsago Maker of squeezy arthritis-friendly handgun claims the FDA has classed it as a medical device https://www.newscientist.com/article/dn16207-company-tries-to-get-gun-classed-as-medical-device/

#5yrsago US governmental conservationists really hope that young endangered seals will stop getting eels stuck in their nostrils https://www.washingtonpost.com/nation/2018/12/07/make-better-choices-endangered-hawaiian-monk-seals-keep-getting-eels-stuck-up-their-noses-scientists-want-them-stop/

#5yrsago Every NSFWpocalypse sends users to small, indie platforms, who are threatened by the same factors that make no-platforming practical https://memex.craphound.com/2018/12/07/every-nsfwpocalypse-sends-users-to-small-indie-platforms-who-are-threatened-by-the-same-factors-that-make-no-platforming-practical/

#5yrsago Paranoid, miserable Facebook employees have started using burner phones to complain about the company to each other and the press https://www.buzzfeednews.com/article/charliewarzel/facebooks-tensions-zuckerberg-sandberg

#5yrsago PWC recommended that corporations should ask science fiction writers about the future https://onezero.medium.com/nike-and-boeing-are-paying-sci-fi-writers-to-predict-their-futures-fdc4b6165fa4

#5yrsago America’s largest sex-furniture manufacturer pays well, sources locally, and is profitable and fast-growing https://qz.com/1481545/what-the-largest-sex-furniture-manufacturer-in-the-us-can-teach-america-about-trade

#5yrsago #D5: Advice for people who just realized that Qanon is bullshit https://violentmetaphors.com/2018/12/04/your-q-anon-exit-briefing/

#5yrsago Devo’s open letter on “Drowning in a Devolved World” https://www.vice.com/en/article/qvqek5/devo-open-letter-devolution-rock-hall-trump-2018

#5yrsago Australia just voted to ban working cryptography. No, really. https://memex.craphound.com/2018/12/07/australia-just-voted-to-ban-working-cryptography-no-really/

#5yrsago Videos from the University of Chicago “Censorship and Information Control” seminar https://www.youtube.com/channel/UCeNP7NIWmB70wFBv9QolYkg

#1yrago EU to Facebook, 'Drop Dead' https://pluralistic.net/2022/12/07/luck-of-the-irish/#schrems-revenge



Colophon (permalink)

Today's top sources: Eric Migicovsky (https://twitter.com/ericmigi).

Currently writing:

  • A Little Brother short story about DIY insulin PLANNING
  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS JAN 2025

  • The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FORTHCOMING TOR BOOKS FEB 2024

  • Vigilant, Little Brother short story about remote invigilation. FORTHCOMING ON TOR.COM

  • Spill, a Little Brother short story about pipeline protests. FORTHCOMING ON TOR.COM

Latest podcast: Don’t Be Evil https://craphound.com/articles/2023/12/03/dont-be-evil/
Upcoming appearances:

Recent appearances:

Latest books:

Upcoming books:

  • The Bezzle: a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books, February 2024
  • Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025

  • Unauthorized Bread: a graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025


This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

Great article. RCS is better for longer texts and larger images but it does not have encryption built into the standard. From what I understand, the encryption we see with RCS today on Android with Google Messages is a an extra proprietary layer built by Google and only available in that app. RCS messages are still plain as day to ISPs like Verizon. Knowing Apple, they almost certainly won’t support encryption since it isn’t part of the standard.

This topic was automatically closed after 15 days. New replies are no longer allowed.