In the past week, I have sent an iMessage to one friend from a command-line Python app and to another from a Pixel 3 Android phone.
Sending an iMessage without an Apple device isn’t entirely new, but this way of doing it is. I didn’t hand over my Apple credentials or log in with my Apple ID on a Mac server on some far-away rack. I put my primary SIM card in the Pixel, I installed Beeper Mini, and it sent a text message to register my number with Apple. I never gave Beeper Mini my Apple ID.
From then on, my iPhone-toting friends who sent messages to my Pixel 3 saw them as other-iPhone blue, not noticeably distracting green. We could all access the typing, delivered/read receipts, emoji reactions, and most other iPhone-to-iPhone message features. Even if I had no active Apple devices, it seems, I could have chosen to meet Apple users where they were and gain end-to-end encryption by doing so.
Powered by a teenager’s reverse-engineering discovery
Eric Migicovsky, co-founder of the all-in-one messaging service Beeper, says Beeper Mini (which should be available now) can do this because iMessage has been reverse-engineered. In an interview, Migicovsky said that Beeper was contacted last summer by a security researcher, one who had a Python script proof-of-concept repository to prove his discovery. The Beeper team was initially hesitant, having “talked to every person on Earth, it seems, who said they’d cracked it, but really only partially reversed [iMessage].”
But the script worked (and worked for me, too, as of last week), so Beeper hired the researcher and, over the last three months, completely rewrote their client into this new Mini app. It’s offered as a seven-day free trial, then costs $2 per month.
It may or may not surprise you to learn that the security researcher is a high school student. “We couldn’t convince him to drop out,” Migicovsky messaged, adding a smile emoji.
Beeper Mini is launching less than a month after Nothing and Sunbird made headlines for promising iMessage on Android, then unraveling at lightning speed as the scheme was revealed to be “a security catastrophe.” So Beeper has written up how iMessage and the company’s app work and interact on its blog, and offered a bunch of pledges up front:
- Messages are end-to-end encrypted before sending, and neither Beeper nor Apple can see them
- The encryption keys necessary for iMessage do not leave your device
- No server sits between Beeper Mini and iMessage servers
- Your Apple ID is not required
- Your contact list remains on your device
At the moment, Beeper Mini supports group chats, high-resolution images and video and voice messages, stickers and GIFs, reply threads, and sent/delivered/read/typing status. Location-sharing, message effects (like confetti falling), Facetime, and iMessage-based games are not yet supported (and the games likely never will be).