iMessage Chat is a new app for Android, which claims to be able to send iMessages from Android devices. And surprisingly, it works. But this has raised a lot of security concern among the users and the developers.
We all know that iMessage is a service which is owned by Apple, and is designed to work only on Apple devices like the iPhone, iPad, iPod Touch and the Macs. But then, a developer has built an app for Android, which passes all the messages which are sent via the App to the developers’ server, which is located in China.
The server then fakes the requests to Apple’s servers as if they’re coming from Mac Mini, and the message gets delivered. While this might sound exciting, and a lot of Android users have already tried this app out from the Google Play store, this issues with the app are still risky.
Famous iOS hacker, Jay Freeman, reveals how the app handles the requests:
I don’t know if anyone else has seen this program yet, but as far as I can tell the way it works is that the client does directly connect to Apple, but the data is all processed on the developer’s server in China. This not only means that Apple can’t just block them by IP address, but also that they get to keep the “secret sauce” on their servers (and potentially just run Apple code: there are some parts of the process in Apple’s client code that is highly obfuscated).
This is not all. Saurik also reveals that the developer has got some direct control over the users’ Apple ID and Password, which involves a lot of credit card transactions and other personal data. These data might be at risk right now with the developer. The app does nothing much other than to just act as a middle man between Apple and the Android devices.
Link to this app at your own risk. I’d be quick to re-flash and format any device it touches. That’s just me, though
— Steve T-S (@stroughtonsmith) September 24, 2013
The only freedom that allow developers to publish such apps on the Play Store is the lack of approval process. We’re not sure if Google will get involved in these kinds of apps and fix things up.
Update: The app has now been pulled from the Google Play Store.