By WIRED
Beeper, a YCombinator-backed startup, initially came up with an expensive and inherently insecure method to make a beta version of its app work. This method sent every message through a relay server before arriving at the recipient’s messaging client. Then, late this summer, the company landed on a breakthrough technique, originally drafted as a proof of concept by a 16-year-old high school student in Pennsylvania. The young coder reverse-engineered the way notifications work on iPhone, found a loophole in the way credentials are registered with Apple’s servers during the notifications process, and applied that to messaging.
Beeper bifurcated its product: It kept its original relay system in place (called Beeper Cloud) and separately launched a version of its app (called Beeper Mini) that would use this new technological framework for turning Android messages into blue bubble Messages.
According to Beeper, its solution made Beeper Mini a more secure option than if an Android user were to use their phone’s default messaging app to text an iPhone user, because Beeper Mini maintained end-to-end encryption. Beeper users also didn’t have to share an Apple ID or Apple password with the Beeper Mini app in order to gain access to it. At launch earlier this month, the company charged $2 per month for Beeper Mini. It was downloaded by more than 100,000 people in its first 48 hours.
But in the days after launch, Beeper Mini suffered an app outage. At that time, Migicovsky told WIRED he believed that Apple may have cut off the technical ability for Beeper Mini to function, noting that the app outage didn’t seem to be caused by any sort of broader network issue.
Apple didn’t respond to WIRED’s requests for comment on the outage, but the company later issued a statement to The Verge acknowledging that it had taken action against Beeper. “We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage,” an Apple spokeswoman told the outlet. “These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks.”
While Beeper scrambled to get the app working again, US lawmakers took notice of what was happening. On December 10, Senator Warren tweeted on X, “Green bubble texts are less secure. So why would Apple block a new app allowing Android users to chat with iPhone users on iMessage? Big Tech executives are protecting profits by squashing competitors. Chatting between different platforms should be easy and secure.” The tweet was viewed more than 3 million times, according to X’s visible metrics system.
Discussion about this post