I don’t understand why the article writes that iMessage is the only way for encrypted messaging between Android and iOS. I can thing of several off the top of my head:
- Matrix
- Signal
- Facebook Messanger (very soon)
- Threema
- Telegram
- Viber
- Line
- Skype
And there are surly more …
cause of lazy iOS users that can’t be bothered to use anything else
Then why are we shaming Apple and not the iOS users? I think Apple is totally reasonable here.
Most of those are proprietary. My list:
- Matrix
- Session
- Signal and signal clients
- Simplex Chat
- Jami
- Briar (android only)
- Nextcloud talk (needs nextcloud)
- probably a lot more
telegram is not encrypted by default, and does its best to make you forget to enable it for each individual contact. if you want to do a group chat, you’re out of luck.
Telegram is only (partially) secure for pedantic power users, which most people aren’t.
telegram is encrypted, but not end to end encrypted by default
so, relative to pretty much all other messaging services, it might as well not be.
You’re saying “by default not everyone can read your messages, only you, the recipient, telegram themselves and anyone who they might decide to share them with, with neither your consent, nor knowledge”
When compared to “nobody except you and the recipient” that becomes effectively equivalent to “nothing”.
also, not end-to-end ever when it comes to group chats
Almost all services in that list are closed source, so even if they use end-to-end encryption nothing stops the client from sending all your messages to anyone they like after decrypting (in fact some of them already have it as a built-in feature in the form of backups).
that would be very quickly caught by a network sniffer, because it would have to be sent from your own device. Otherwise they’d just be sharing the undecryptable ciphertext you sent to their servers
Just encrypt it before sending it to their servers. How would you tell that apart from any other traffic it sends? (E.g. to check for new messages, to update who of your contacts is online, etc)
what does that have to do with anything? if you have to encrypt your messages manually yourself, that kind of proves the point that the service itself is not secure. And it’ll still show up on a network sniffer that they’re sending it to two places
Technically, yes, this is a solution.
Socially, no. This is not a solution. People are just too lazy.
I assume that if people are too lazy to switch to a solution which works for every one then they are not very interested in talking to you anyway.
Except it’s not a solution that works for everyone. It’s 9 solutions. If it were one it would be a lot easier.
7 once you take out the ones owned by Facebook.
XMPP
Apple protecting it’s precious garden.
Oh look, a weed slipped through.
Must eradicate it.
For the safety and security of our users!
takes out flame thrower
If only there was a secure and open standard that would work on any platform, regardless of ecosystem…
Oh well!
Signal
The problem is actually getting people to use it since they’re all too busy arguing over the color of a message
our walled garden*
Aside from the obvious reasons of competition, Beeper also used Apples infrastructure, that Beeper was then going to monetize. Not too surprising they shut it down.
No, they were charging money as they had their own APN to BPN bridge. Plus the usual cost of development and more.
To keep Beeper Mini running, Beeper uses a Beeper Push Notification (BPN) service to connect to Apple’s servers and notify you of new messages.
And it uses Apples gateway service for setup.
Yes. I did mention APN (Apple Push Notifications) to Beeper Push Notifications which then routes via FCM for Android. The whole setup does require active server cost + time to work on the app to bring it to parity with iMessage Features.
deleted by creator
That’s true, but it would be more Applelike to develop their own app. They obviously know how to do it, then they could have 100% of the profits and not have to deal with a partner. But Tim Cook said they re not interested in doing anything like that.
our shareholders*
We took steps to protect or users by forcing them to communicate to Android phones using unencrypted channels. After all, those peasants are not iPhone users, they deserve to be spied.
At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe.
At Apple, we build our products and services with industry-leading vendor locking tactics to distance our brand from other lesser ones.
We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage.
We’re not letting anyone breach this walled garden, but nice try.
These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users.
By using these tactics we can keep our users away from solutions that have any interoperability whatsoever and keep promoting decade-old features as new, as our
sheepahem user base don’t know any better.x
Funny how the EU just recently found them to NOT be gate keepers.
Text messaging market in EU is totally different from in the United States. This is because US texting was cheap always— not so with the EU.
TBF Europeans just went wild with SMS. Omg. Nowadays it’s all WhatsApp, which I am not happy with.
They’re not gatekeepers in Europe because nobody uses iMessage over there. Their predominance in the US market is outside of the new EU laws.
So many of these comments are pulling up the other encrypted alternatives that you can use between iPhone and other platforms. But few seem to actually be addressing the problem of actually getting other non-tech savvy people to use this stuff because they don’t actually see a problem with what they have.
You may not realize it, but not everyone is thinking about whether or not their messages are encrypted. My own family looks at me like “🤨” when I try to convince them to use something encrypted, like I’m trying to hide a crime or something. And I’ve only gotten my parents to use other services (WhatsApp and Facebook Messenger with end to encryption turned on) by digging my heels to get them to stop using SMS. I still haven’t convinced my almost 16-year-old sister (she doesn’t really message me that much anyway. But she’s in that phase where she thinks she’s all independent, and her first places are the simple stuff she knows).
Might I add that digging your heels at every attempt for someone to use SMS isn’t socially acceptable. I’ve only done it because they’re family and I love them
Gotta protect your users from fake blue bubbles, I get it I get it
Serious question since I don’t use iMessage whatsoever, what’s going on with the iMessage stuff? Seems like multiple companies recently have tried to make apps that connect to iMessage, but there’s nothing I’ve heard about Apple opening that up. Did something happen for this to suddenly pop up more frequently?
Someone (possibly recently?) figured out the protocol and how to register a phone number without needing an apple device. Older versions of stuff like this required having a Mac virtual machine and routing messages through it using a user’s AppleID, so this was much easier. I saw a video that was bragging about how this new method would be very difficult to block because doing so could affect regular users, and I just kinda laughed at the naivety.
In the US it’s the messaging standard because they are too lazy to install a cross platform messenger like everybody else in the world. So Android has a 40% market share there, which is the minority but not a crushing minority like Windows–Linux but for whatever reason American society rather focuses on iMessage than just to install Signal or whatever.
Pretty much it’s the Beeper devs and one other. But the initial setups were really nothing more than using a Mac on the backend with a an adapter to Android.
Beeper and one (maybe two) other were pretty effective at it.
Beeper Mini is a different thing altogether. It uses a service to translate ANP (Apple Notification Protocol?) to GCM (Google Cloud Messaging), which are the respective notification handlers.
The Android client is able to comm directly with iMessage servers, unlike the original Beeper and the other ones.
Lots of sarcastic comments in here, but Beeper’s method was to literally spoof the serial numbers and whatnot of real machines. Do people really not see how that would be a problem?
Do people like relying on service that requires their real device’s serial number to function?
You can use any apple device to use iMessage, your account isn’t only usable on your device. They were effectively stealing people’s machine IDs to provide this service. That’s fucked up.
“Effectively stealing” means the original machine ID can’t be used by the original machine after it’s stolen, right?
Former Apple engineer here. This architecture isn’t ideal if you intend the service to be portable - but we didn’t! Knowing the messages can only originate from a sealed application on a first party device eliminates a whole class of spam and security problems.
Beeper’s implementation spoofs Mac keys and requires you trust them with your Apple ID credentials if you want to be able to take full advantage of iMessage.
It’s just pointless. A huge security risk for Apple users and to zero benefit for Android users. Let Apple implement RCS as they promised and move on. Isn’t everyone on Telegram or WhatsApp anyway…?
but we didn’t!
Well maybe that was a mistake.
Knowing the messages can only originate from a sealed application on a first party device eliminates a whole class of spam and security problems.
It conveniently appears to also eliminate some amount of responsibility. Seriously? Was it not known that it’s possible to debug even 1st party apps? Was it not already obvious that walled gardens are only good before they got cracked?
A huge security risk for Apple users
I wish engineers would stop using the word security just because they like it. Apple should try to prevent threats like pegasus instead of telling everyone that blue bubbles are a security risk.
and to zero benefit for Android users
Yeah, it’s more useful for apple users so they wouldn’t need to resort to unencrypted messages when talking to Android users.
Let Apple implement RCS as they promised and move on. Isn’t everyone on Telegram or WhatsApp anyway…?
Heh. I wish to see apple say the same in their statement of decision to shut down iMessage.
It’s just pointless.
Yeah. Apple doesn’t understand the community concerns, it only understands court decisions. Though sometimes these two have some connection.
not surprising, but super disappointing. Beeper Mini was a dream come true
You need to dream bigger. That should be the companies (Google, Apple, carriers, etc) working together and using a non-proprietary standard (an open RCS). Mini Beeper, to me, was just a proof of concept to show something akin to what Apple could do.
Obviously I want RCS. But I’m realistic in what I have right now. And right now what I got was working group chats
For those not in the loop, why? It seems like people who want to use Apple products would just buy a iPhone.
Those of use who have friends or groups of friends that use iPhones but us ourselves do not. In the US, iMessage is the #1 way to create a group chat, and if you don’t have an iPhone you’re often just excluded and rely on someone else to update you about plans, etc.
If I had friends that would rather exclude me from communication than either use a different app or find some way to include me then I would absolutely not want those people in my life.
You can create a group chat using standard MMS. I have never heard of this being a problem.
Like I said, maybe I’m out of the loop or just lucky.
Some of us like control over our hardware but still want feature parity with our friends and family.
I think everyone saw this coming
Beeper already fixed iMessage on Beeper Cloud and is working on restoring Beeper Mini. Might take some back and forth but it still wouldn’t be surprise if it makes their reimplementation more resilient to Apple tampering.
Until Apple will inevitably litigate them to death when they figure out they can’t out engineer them
They spelled “profits” wrong.
