The push to bring iMessage to Android users today adds a new contender. A startup called Beeper, which had been working on a multi-platform messaging
Beeper reverse-engineered iMessage to bring blue bubble texts to Android users::The push to bring iMessage to Android users today adds a new contender. A startup called Beeper, which had been working on a multi-platform messaging
Seems like Beeper will see the cleartext of the replies, though, since they send the notifications via BPNs, right?
[edit: thanks for the replies. I see now the footnote on their BPNs diagram: “Push notification does not
contain message contents” so it seems like the answer is “no they will not”]
No, with this new app messages are encrypted between you and Apple’s iMessage servers using iMessage encryption more or less the same way an iPhone does.
The push service simply notifies your device it has a message waiting, no message content passes through Beeper servers.
It still needs Apple’s servers, which tells me they will try and find a way to shut it down. Now that Apple is going to implement RCS, I care a lot less about this.
What exactly do you mean with it requiring Apple’s servers? All of the services Beeper integrates with require it to communicate with the servers those services belong to.
First, the elephant in the room needs to be addressed: security. In Beeper’s start-up guide, the first thing you see is a huge alert box: “Beeper may be less secure than using encrypted chat apps by themselves.” Fundamentally, there’s no way to fix this. To use any of the chat apps, you need to link Beeper to that service using your credentials, which is inherently more insecure than logging into the app directly. Beeper is quick to defend itself by pointing out its robust privacy policy, its ethical business practices with a user-centered focus, and its use of end-to-end encryption (E2EE). However, that doesn’t protect your credentials from hackers that could gain access to Beeper and send your grandma a message through WhatsApp pretending to be you and asking to wire $1,000 to an account in China.
First, the elephant in the room needs to be addressed: security. In Beeper’s start-up guide, the first thing you see is a huge alert box: “Beeper may be less secure than using encrypted chat apps by themselves.” Fundamentally, there’s no way to fix this. To use any of the chat apps, you need to link Beeper to that service using your credentials, which is inherently more insecure than logging into the app directly. Beeper is quick to defend itself by pointing out its robust privacy policy, its ethical business practices with a user-centered focus, and its use of end-to-end encryption (E2EE). However, that doesn’t protect your credentials from hackers that could gain access to Beeper and send your grandma a message through WhatsApp pretending to be you and asking to wire $1,000 to an account in China.
My understanding is that this absolutely applies to their previous iterations, but not this – there’s no authenticating with your Apple ID, for example. It’s sending and receiving iMessage data directly between the Apple servers and your device, now.
That’s about beeper, not beeper mini. Mini was just launched, that’s older information that only applies to the MITM version (beeper which is now beeper cloud).
Beeper mini talks directly to the services you use, no MITM, which is why they plan on adding more services to mini until it can replace the older Beeper (cloud).
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
English
removed by mod
Seems like Beeper will see the cleartext of the replies, though, since they send the notifications via BPNs, right?
[edit: thanks for the replies. I see now the footnote on their BPNs diagram: “Push notification does not contain message contents” so it seems like the answer is “no they will not”]
No, with this new app messages are encrypted between you and Apple’s iMessage servers using iMessage encryption more or less the same way an iPhone does.
The push service simply notifies your device it has a message waiting, no message content passes through Beeper servers.
Assuming that it’s actually reverse engineered, this is great news. If not, there’s a massive lawsuit brewing.
It still needs Apple’s servers, which tells me they will try and find a way to shut it down. Now that Apple is going to implement RCS, I care a lot less about this.
deleted by creator
I don’t, I want modern messaging features like typing indicators, read receipts, and videos that have more than 10 pixels total
deleted by creator
What exactly do you mean with it requiring Apple’s servers? All of the services Beeper integrates with require it to communicate with the servers those services belong to.
In exchange for security loss, is it really worth it?
Edit: the downvotes are very expected. You people need to lean about why this is important
https://www.androidauthority.com/beeper-app-opinion-3345142/
More in depth: https://www.reddit.com/r/beeper/comments/13hhx9e/transient_key_retention_a_suggestion_to_solve/?rdt=61709
What security loss, mate?
These: https://www.androidauthority.com/beeper-app-opinion-3345142/
More in depth: https://www.reddit.com/r/beeper/comments/13hhx9e/transient_key_retention_a_suggestion_to_solve/?rdt=61709
My understanding is that this absolutely applies to their previous iterations, but not this – there’s no authenticating with your Apple ID, for example. It’s sending and receiving iMessage data directly between the Apple servers and your device, now.
That’s about beeper, not beeper mini. Mini was just launched, that’s older information that only applies to the MITM version (beeper which is now beeper cloud).
Beeper mini talks directly to the services you use, no MITM, which is why they plan on adding more services to mini until it can replace the older Beeper (cloud).