Apple has shut down the Beeper Mini’s iMessage service for Android

On Friday afternoon, Beeper Mini on Android stopped working, and Apple confirmed today that it “has taken steps to protect our users by blocking technologies that exploit fake credentials in order to access iMessage.”

In a statement to 9to5MacApple said the Beeper Mini’s technologies “pose significant risks to user security and privacy.” Beeper’s first app — now called “Beeper Cloud” — worked by routing iMessage through a Mac. Earlier this week, it introduced Beeper Mini as a new Android app that taps directly into iMessage. As we reported:

…The new app connects directly to the Apple service. This means you’re not logging in to your Apple ID on a remote Mac or through Beeper’s servers — you’re just logging in through Apple directly. From there, messages and media are delivered directly from your device to Apple. The company says there are no Beeper (or anyone else’s) servers running here.

Apple this evening specifically pointed to the “potential for metadata exposure and enabling spam, spam, and phishing attacks.” While Beeper, who used the work of a security researcher who published a proof of concept On GitHubis merely providing iMessage for Android, the statement hints at the potential of other parties with nefarious intentions.

Additionally, Apple tells us it can’t verify that fake “iMessages” sent via Beeper are only accessible by the intended sender and recipient, or that they maintain end-to-end encryption.

Finally, Apple says it will “continue to make updates in the future to protect our users,” with the introduction of iOS 17.2 Check iMessage connection key.

As of Saturday morning, Beeper Cloud has been re-enabled, but Beeper Mini remains down, though the company said it continues to work on a fix. Beeper has also taken the step of de-registering Android phone numbers on behalf of its users, and has extended the 7-day free trial for another week so that users won’t be billed ($2 per month) while the Beeper Mini is down.

Apple’s full statement is below:

At Apple, we build our products and services with industry-leading privacy and security technologies designed to put users in control of their data and keep personal information safe. We’ve taken steps to protect our users by blocking technologies that exploit fake credentials to access iMessage. These technologies posed significant risks to user security and privacy, including the potential for revealing metadata and enabling spam, spam, and phishing attacks. We will continue to make updates in the future to protect our users.

Pepper had What’s next to say after Apple’s statement:

We stand behind what we built. Beeper Mini keeps your messages private and enhances security compared to unencrypted SMS. For anyone who claims otherwise, we will be happy to give our entire source code to a mutually agreed-upon third party to evaluate the security of our application.

Updating…