No phone claims to hack iMessage, bring Blue Bubbles to Android – Ars Technica

Zoom in / Nothing Phone 2 all lit up.

Ron Amadeo

Can Android OEMs Really Hack into Apple’s iMessage? The upstart phone manufacturer is a hard-to-believe project for “nothing,” the new “Nothing chatsAllows users to use “iMessage on Android” with a blue bubble sent to all their iPhone friends.

Nothing Chat will be powered by Sunbird, an app developer that has said it can send iMessage chats for a year, with no public release. A step The Washington Post The article, with quotes from Nothing and Sunbird’s CEOs, said Nothing will “launch” an “initial version” of Nothing Chats with iMessage compatibility on Friday. The only catch is that you’ll need the Nothing Phone 2.

Is this true or just for publicity? Apple is on record saying that iMessage on Android will only serve to weaken Apple, and it doesn’t want to do that. Of course, any Android OEM offering “iMessage” support will immediately have the project terminated by Apple.

The quotes in the Post article come from Nothing and Sunbird A dare More than anything else. Nothing CEO Carl P. told the paper, “There is nothing illegal about this system. I think whatever we do is going to pass into Cupertino, but we’re so small that it would be really bad if Apple made any move. Sunbird CEO Danny Mizrahi added, “We don’t see a scenario where Apple is trying to block or prevent these messages. Apple’s focus is clearly on providing a better experience for their end users and both NothingChats and Sunbird help with that.”

It’s hard to believe something like this will be a long-term service, and it looks like it’s going to be discontinued soon.

Sunbird’s many red flags

Sun bird It has long said it can send iMessages on Android, missed its launch deadline and generally hasn’t come off as a serious company. During a press conference in December 2022, the company announced itself to the world with the promise of iMessage on Android. I attended this meeting and didn’t write about it because Sunbird’s questionable presentation didn’t meet my standards for a story. To me, the purpose of a press conference like this would be to dispel skepticism about the claim that you can permanently hack iMessage without breaking into it. Being honest with the press would have helped, but Sunbird refused to ask the obvious questions in its big debut. Sunbird’s PR person agreed and asked all the questions, the Zoom chat was disabled, and the company didn’t answer one of the basic technical questions.

See also  A NY grand jury investigating Trump is expected to break for most of April, source says
Sunbird's app, which has yet to be launched.
Zoom in / Sunbird’s app, which has yet to be launched.

Sun bird

How does Sunbird work? Why should people trust Sunbird with their most important Apple account credentials, which some people have their entire online lives and sometimes even a direct bank account? How is this evidence protected? Are they stored somewhere on Sunbird’s servers? Isn’t hacking iMessage with a third-party client a violation of Apple’s terms of service, which can lead to account bans? Does Apple stop this as soon as you launch it? These are all important and obvious questions were I asked a few of the crowd and not all of them were answered. Instead, the Sunbird people focused on how great it would be if the entire world held hands and shared access to blue chat bubbles. It’s not just ridiculous – the company completely fails to convince the skeptical listener that it’s true or have any doubts to overcome.

Even today, almost a year later, the company has not answered these questions Its FAQ. There is a sunbird”Privacy & Security“A page that doesn’t answer anything about the privacy or security of your Apple credentials. This company prefers to hand-wave any concerns. To me, it seems hard to do that without the company providing public, detailed explanations of Apple ID security. Take it seriously.

The Nothing Chats FAQ at least asks the important question of where is your Apple ID, but then quickly switches messages to: “Are any of my messages or Apple ID credentials saved?” “No, nothing is powered by Sunbird, and Sunbird’s architecture provides a system for delivering a message from one user to another without storing it at any point in its journey. Messages are not stored on Sunbird’s servers, only live on your device. Once a message is delivered, it can only be retrieved locally from your personal device.”

See also  Seahawks trade for Commanders QB Sam Howell, sources say

When Sunbird announced itself in December 2022, it gave select members of the press access to the app, and reports said the app worked. The Washington Post article says the service works, though it doesn’t go into any technical details how One Android Authority The article came closest to even the slightest passive explanation of what was going on:

Sunbird has no plans to open source its technology to bring iMessage to Android. So, we’re not asking for a detailed report on how this app works (or at least should work).

However, from what the company said, it looks like it’s taken the beeper method — connecting an Android phone to an Apple-based computer — a few steps further. First, not every user needs their own connected hardware. Sunbird has found some way to connect thousands of users to one machine. Second, the company has also found a way to secure end-to-end encryption with this method, something companies like Beeper can’t offer (at least not yet). Again, Sunbird doesn’t disclose how it does either of these things.

“Beeper” is an open-source app that connects your iMessage to iMessage by sending it through a Mac (some such services already exist). Beeper lets you host this on your own Mac, or you can do it via a Mac in Beeper’s data center. It’s fair to raise your security concerns because Beeper uses an Apple ID, but Beeper is a great example of how to do things in a way that doesn’t feel like a phishing scam. It’s there A clear explanation Here’s how it works, specifically, “We run a set of Mac servers that are used to relay messages between iMessage and Beeper. Each Beeper user is assigned a Mac OS user account on the same Mac server.” It sounds like a bad business, it doesn’t scale, but at least there’s a monetization plan, and eventually “Beeper Plus” will go down to a $5–$10 monthly fee. So Beeper is a 1:1 data center Mac-to-iMessage forwarding service, while Sunbird has somehow figured out how to set up “thousands” of iMessage accounts on a single Mac, according to Android Authority.

See also  Danish Queen Margrethe has announced her surprise abdication after 52 years on the throne

Sunbird has already narrowly missed its launch deadline. In December 2022, Sunbird began taking “waitlist” reservations to access the app And promised, “Sunbird will gradually issue invitations to join the closed beta user group starting in late 2022,” in other words, later that month. I don’t think there’s any way to know if any beta testers actually got access (I’ve certainly never heard of one), but By April, the company boasted that there were 100,000 registrations on the waiting list. The company also claimed that the additional daily sign-up rates are “2,500+ per day” and that we are “offering Sunbird to 200 Android app alpha testers at a time.” While only adding 200 accounts “at once”, waitinglist growth of 2,500 users per day and “beta” testing now turning into “alpha” testing can’t add much. There’s also the eyebrow-raising line “Sunbird has a 93% hit rate for iMessage” — does that mean 7 percent of your messages end up in a black hole?

How the company invites people to its beta (or alpha?) testing is its own business, but that April press release also promised a “summer 2023 release,” which never happened. Even today, the waiting list exists and is still growing. Now, it’s still unclear if these people will ever get access, with Sunbird’s CEO telling The Washington Post, “The only way to get Sunbird for the next few months is to have a nothing phone (2).”

Let’s see on Friday, assuming something happens on that date. Given how poorly Sunbird has demonstrated itself, Apple has a solid argument for shutting down the entire project in the name of security. So don’t give your Apple username and password to random companies, especially if they don’t seem to understand and/or respect the security version of the Pandora’s box they’re opening.

Leave a Reply

Your email address will not be published. Required fields are marked *