Show HN: Beeper Mini – iMessage client for Android (beeper.com)

1521 points by erohead ↗ HN
Hi HN! I’m proud to share that we have built a real 3rd party iMessage client for Android. We did it by reverse engineering the iMessage protocol and encryption system. It's available to download today (no waitlist): https://play.google.com/store/apps/details?id=com.beeper.ima and there's a technical writeup here: https://blog.beeper.com/p/how-beeper-mini-works.

Unlike every other attempt to build an iMessage app for Android (including our first gen app), Beeper Mini does not use a Mac server relay in the cloud. The app connects directly to Apple servers to send and receive end-to-end encrypted messages. Encryption keys never leave your device. No Apple ID is required. Beeper does not have access to your Apple account.

With Beeper Mini, your Android phone number is registered on iMessage. You show up as a ‘blue bubble’ when iPhone friends text you, and can join real iMessage group chats. All chat features like typing status, read receipts, full resolution images/video, emoji reactions, voice notes, editing/unsending, stickers etc are supported.

This is all unprecedented, so I imagine you may have a lot of questions. We’ve written a detailed technical blog post about how Beeper Mini works: https://blog.beeper.com/p/how-beeper-mini-works. A team member has published an open source Python iMessage protocol PoC on Github: https://github.com/JJTech0130/pypush. You can try it yourself on any Mac/Windows/Linux computer and see how iMessage works. My cofounder and I are also here to answer questions in the comments.

Our long term vision is to build a universal chat app (https://blog.beeper.com/p/were-building-the-best-chat-app-on). Over the next few months, we will be adding support for SMS/RCS, WhatsApp, Signal and 12 other chat networks into Beeper Mini. At that point, we’ll drop the `Mini` postfix. We’re also rebuilding our Beeper Desktop and iOS apps to support our new ‘client-side bridge’ architecture that preserves full end-to-end encryption. We’re also renaming our first gen apps to ‘Beeper Cloud’ to more clearly differentiate them from Beeper Mini.

Side note: many people always ask ‘what do you think Apple is going to do about this?’ To be honest, I am shocked that everyone is so shocked by the sheer existence of a 3rd party iMessage client. The internet has always had 3rd party clients! It’s almost like people have forgotten that iChat (the app that iMessage grew out of) was itself a multi-protocol chat app! It supported AIM, Jabber and Google talk. Here’s a blast from the past: https://i.imgur.com/k6rmOgq.png.

901 comments

[ 0.37 ms ] story [ 351 ms ] thread
It's really impressive that a high school student [1] has managed to reverse engineer iMessage. What I'm wondering is:

1. How stable is it; would it be trivial for Apple to patch this?

2. If it's as simple as reverse engineering the protocols, how has it taken this long?

[1] https://github.com/JJTech0130

Its more a commentary on how amateur it is in my respectful view. iMessage is a fundamentally unserious "product" in search of enough collateral flaws to harm those foolish enough to depend on it for anything.
How so? Other than the security issues that get exploited by NSO group from time to time (that appear to be mitigated fairly well by lockdown mode if that's something that's important to you) or the obvious flaw that you can't talk to anyone that doesn't have an iPhone it seems to be a perfectly good platform. The alternatives either have worse encryption (Telegram, RCS), worse privacy (WhatsApp), or the same platform lock-in as iMessage (Google's RCS).
iMessage is the LastPass of messaging apps. This has been endlessly discussed and I want people to use their curiosity to help direct them to why I would comment in this way. In practice (not whitepaper or the ideal implementation), it is no more secure than sms (actually worse)
The joke will be when they increase iMessage security to prevent these solutions from working well ;)
That's the thing tho: it will never be secure because its the skeleton key. It was never truly intended to be secure. Same reason why only WebKit's allowed on all billion+ iPhones. Access is only guranteed if its monocultural.
This is absolutely not true. iMessage is a full E2E implementation; it’s nothing like SMS.
"E2E" is a joke when Apple holds the encryption keys to the vast majority of all messages, and uses them to respond to law enforcement requests. (It's how iCloud backup works by default and we know people don't change defaults. This is documented by Apple, not a conspiracy theory.)
It’s still a substantial upgrade over SMS or unencrypted (non-Google) RCS, where anybody can snoop on conversations with little effort.
Last time I checked, everyone knows SMS is cleartext and can't take over your phone in the profound way built-in 1st party apps/services you emphatically cannot remove (only toggle) can seize the means of production so to speak.
“Everyone” may be overly broad… just about everybody with any technical inclination knows yes, but for many years now the overwhelming majority of smartphone users have not been particularly technically inclined, and as such I would not expect most of them to be aware of the security and privacy implications that come with use of the various messaging services.

With that in mind, I’d say that most messaging apps don’t go far enough to make that distinction clear. Any app handling SMS or any other unencrypted messages should have ever-present, readily visible warnings when conversations aren’t encrypted.

Didn't mean to sound so bratty, I just get frustrated by this topic. My apologies if I was a bit testy. I just mean that iMessage is extremely misleading and overly-technical in what it takes to truly have a chance at making it secure and private to the extent it extolls itself.

This shit matters now that people aren't able to receive proper reproductive care and education and other grey areas where Apple is setting its users and itself up for terrible and unjust outcomes that depend on everyone but Apple having flawed/imperfect information and Apple pretending 'Saul Goodman...

Ok, but you can change yours, yes? Just like Signal isn’t installed by default on your phone and if you want what it offers you can use it.
But unless everyone you talk to also changes it then Apple still holds the keys to your conversations. If you care, it is best to avoid software with bad security defaults altogether.
> It's how iCloud backup works by default and we know people don't change defaults

Are you referred to Advanced Data Protection being opt-in?

If I'm using ADP then these concerns are moot, right?

No, when you sign into iCloud/your account in Settings, it sets a bunch of insane defaults like iMessage and Facetime and every app you add is opt-out for iCloud storage. Defaults are end-runs around true explicit and informed consent and open people to implications they didn't knowingly understand
I'm curious how Apple implements Keychain in the sense that they claim it is also e2ee but they also use e2ee for ADP and its absolutely not (or at least not zero knowledge), rather it is convergent encryption which is not zero-knowledge and also allows for knowledge of filenames and hashes cuz "de-dupe" is so important for people with TB of cloud storage at the expense of their privacy.
Pretty sure they use a different implementation, iCloud Keychain long predates Advanced Data Protection.
> the obvious flaw that you can't talk to anyone that doesn't have an iPhone

That's because iMessage is a first and foremost a marketing tool that Apple compels users to rely on.

Do you somehow think complexity is the opposite of amateur - that is, complex = professional?

Because I have bad news for you. If iMessage is simple that means literally the opposite of what you think it means.

(comment deleted)
This is incredibly awesome. You really don't think Apple is going to attempt to crack down on this?
Very interesting. I was under the impression that Apple used hardware keys to validate iMessage accounts. But it seems that this is able to talk directly to Apple without and Apple hardware? In the post it just says that you need to send and receive a SMS to register.
I would have also made that assumption, but I have to admit I'm not surprised it doesn't. IIRC, iMessage was introduced with iOS 5, which supported iPhone 3GS. The secure enclave didn't show up until iPhone 5S which shipped with iOS 7.
ah interesting, so Beeper's days may be numbered by when Apple drops support for older devices. But if they can grow quick enough then they'll have enough users that Apple can't quietly nail them and stuff their body into a dumpster.
Perhaps. They didn't start including the SE with Macs until the first TouchBar Mac in 2016. So there are many millions of non-SE devices in use right now. Of course, Apple could still decide to unilaterally drop support for iMessage on older devices, but doing that risks pissing off and probably losing for life tens of millions of users to prevent, let's be realistic, several hundred thousand users (this is a paid app, this isn't free) from using iMessage on Android using this method.

I wouldn't put it past Apple and other reverse-engineering routes might have to be taken but I don't think this is as easy of a "Apple will instantly shut this down" scenario as many others seem to.

If it realistically stayed with just several hundred thousand users, I would agree.

My suspicion though is that there will now be a rush of apps doing imessage on android or windows etc, and probably also spam on iMessage will go up which might stoke the fire a bit.

I guess we'll see what happens!

Blocking it might be a cat-and-mouse thing that works with heuristics, which would of course be unreliable in both directions.
Old Macs didn't have a secure enclave so I assume this is using an old version of the protocol that was used in those days.
In the related pypush repo it mentions something about hardware serial numbers used in rate-limiting, etc. So I guess they do something?

But yes, I was expecting it to be based on some kind of hardware root of trust certificate system that comes from deep within the hardware and secure enclaves!

Wow, this is cool. Thanks everyone for their hard work.
The referenced technical write up is fascinating[0]

I wonder how well this architecture (including privacy preservation) would work for LinkedIn messaging?

Specifically the BPN service since that seems to come from a data center IP and more likely for Apple / others to have a choke point.

[0] https://blog.beeper.com/p/721485af-aad0-4962-b418-eea9bc1e8f...

The unfortunately fatalist question to ask is... how long until Apple shuts it down?
That's what I'm curious about too.

If it does manage to do a good job imitating what an actual iPhone would do though - is there any way Apple even could shut it down without breaking iMessage on old iPhones or forcing people to update?

Seems like the local implementation may be durable, but the system for backend polling (BPN) they built appears to ping Apple servers server side. I imagine that creates a block of homogeneous traffic for Apple to spot.
Besides being allegedly hard to shut down without breaking iPhones, there's also this statement given to Ars Technica:

> Migicovsky had a few different answers. The broadest one, regarding the tech behind the app, is that reverse-engineering for interoperability is legal—a fair use exemption to the Digital Millennium Copyright Act's restrictions against circumventing encryption or other protections. The app also goes out of its way to avoid trademarks like iMessage, referring instead to "blue bubbles" and the like, and the rest might be considered nominative fair use.

https://arstechnica.com/gadgets/2023/12/beeper-mini-on-andro...

It's legal. But it doesn't mean that Apple has to quietly allow it.

What is maybe more relevant is the EU talking about forcing federation. If Apple lets this live it may give them more bargaining power in those discussions. If they shut it down thatay throw jet fuel on the fire.

Or it may lose them bargaining power. This is a very real technical proof of concept, and deprives Apple of one fewer claim that opening up is a technical challenge.
Apple can easily argue that this implementation violates their security controls and doesn't count as a PoC. As soon as the last iphone without a secure enclave loses support, they can flip the switch and kill Beeper('s iMessage service) instantly
I’m curious to know if this tech requires spoofing an iPhone or otherwise falsely representing to Apple’s servers that the Android device is an iPhone. If so, I would be looking at the CFAA more than the DMCA.
Van Buren protects it from CFAA.

The only avenue that is untested is based on Terms of Service.

I did a OSS WhatsApp reverse engineering project and got a C&D from 800 billion dollar Meta's lawyers all based on violation of their Terms of Service.

As far as I'm aware, there's no precedent for interop against ToS.

Way outside my area of experience, but Van Buren itself doesn’t appear to address this issue. I was thinking more in terms of Apple framing a claim based on access through an act of fraud.
I've been told by a C-level exec at a similar company (but relating to banking) that citing Van Buren against CFAA claims gets the claimant's lawyers to back all the way off.
I give it a week, tops. The next iOS update at the latest.
They’re gonna break iMessage for the ~50% of population not on the latest version of iOS next week?
...They obviously would do it in a way that doesn't do that? Do you think this company can outsmart them in the long-run?
This is a replay of the Messenger Wars. Yahoo IM, AIM, ICQ, etc played a game of cat and mouse with clients that wanted to get all of the messengers in one spot.
Right. What is stopping Apple from requiring a valid unique device key with every request now?
Old hardware that doesn't have it. Are they gonna ban my iMac from 2009 that was before iMessage was a thing?
Yes, they are. You already don't get OS updates.
No they aren't. My iMessage still works, and so will other devices that had iMessage.
Ask someone with 32-bit Mac apps about Apple’s willingness to leave parts of their userbase behind.
They still work. Apple doesn't stop services from working or programs from functioning.
just because it works now doesn't mean it will tomorrow. You're on officially unsupported hardware / os version.
I was added to a waitlist, despite their blog post saying there's none. Is anyone else dealing with this?
I'm on the wait list for Beeper, except sometimes when I check my position I've actually gone further back in line somehow.
I can invite you if you want. I just need a platform to send you a message on then I can do it through the app.
Curious how the BPN service presents to Apple.
Really happy to see that original customers are getting this included as well. I was worried that this was a ploy to say "we know we said you all would be grandfathered in, but that was for _Beeper Cloud_, our old legacy one. This new one is a monthly charge". Thanks for being great, @erohead
Yes, they didn't have to do that, and I certainly appreciate it. I think this business model is going to work for them, and the timing couldn't be better with the recent kerfuffle about Nothing's terrible attempt at this. They knocked it out of the park here especially with the no-compromise completely functioning end-to-end encryption.
That's one view. As a non Android user who enjoys unified messaging, I suspect this is the beginning of the end for the matrix driven client and whilst the grandfathering is nice, it does nothing for me and my Beepy.
My wife has been using Beeper for a while (6+ months? not sure), think i should give it a try.
(comment deleted)
I'm on the fence about using this. I don't want to switch all my conversations over to iMessage and then have Apple figure out how to ban this. That kind of feels like a recipe for lost messages.
That's my main concern as well. I don't want to strengthen such a closed ecosystem by building their network.

(That and desktop support is a must for me)

Beeper desktop supports iMessage too, I'm using it right now.
Do you have an invite - I'm on beeper mini but on the waitlist for the desktop!
It doesn't help that they want to pursue the exact same approach for the other apps they want to provide service for.

They are looking to get banned and completely damage the Matrix/Mautrix bridge ecosystem.

What's the point of matrix integration if not to use it? Gaim/pidgin ended because of changes not because it was too powerful.
Tis better to have loved and lost than never to have loved at all.
If Apple bans this they will have to answer to EU courts. I very much doubt they will in this political climate.
They wouldn't have to ban it, they could just alter the protocol to make it impossible. iMessage is designed to only work on devices manufactured by a single company. All of those devices have secure cryptographic elements built into them. It's not a stretch to think Apple could lock down iMessage under the guise of security.
Again, they would have to answer to EU courts. They are legally required to be interoperable now. Banning non-iPhones would definitely be litigated.
Good luck testifying that they specifically adjusted a private internal protocol to block an App vs improve/iterate on the existing protocol.
That would be easy and wouldn't even require lying. "We identified and fixed a security vulnerability and fixed it"
This is not true. iMessage hasn't been declared a core service by the EU. This takes seconds to Google.
Yet. There's a decision happening next year. This also "takes seconds to Google". https://arstechnica.com/gadgets/2023/11/google-argues-imessa...

They are already a gatekeeper with core services that are required to be interoperable. Even if iMessage specifically hasn't yet been declared a core service, Apple is in the crosshairs and behavior like banning competitors will be harmful to their legal position at a very sensitive time for them.

Your link—hell, even the URL slug and headline—make it clear that this is something Google is claiming to the EU, not something the EU itself is claiming.

Yes, it's possible that the EU will rule that iMessage needs to fall under these rules, too, but citing a major competitor (who's even more under the gun for the same stuff themselves) making the argument that Apple should be restricted is, shall we say, not super persuasive on its own.

>who's even more under the gun for the same stuff themselves

Are they, though? Google allows alternative app stores on Android, they already implement an interoperable, open standard in their primary texting app (RCS), they allow alternative browsers on the Play store itself, and they don't block interoperability with other platforms the way Apple does.

That's not to say they're not under the gun, but what they're under the gun for is different, like bribing Epic and others to not move to their own app store or make a self-updating app downloadable from their website.

They're both monopolistic asshole companies, don't get me wrong, but they're using fairly different strategies.

> they already implement an interoperable, open standard in their primary texting app (RCS)

Yes, but Apple has announced they will do the same thing. That is not the same thing as interop with the actual iMessage protocol. Similarly, Google Messages does not allow interop with its encryption and newly announced sticker/effects, which remain proprietary to the Google Messages app.

You said "They are legally required to be interoperable now." which is factually incorrect. It's okay to just admit that you were wrong.
You're right, my statement was factually incorrect. The correct statement is "Apple is currently fighting an effort to require iMessage to be interoperable".

The argument stands. It would be a bad idea for Apple to ban competition from iMessage, even with an attempt at plausible deniability, while they are fighting European regulators about interoperability on multiple fronts.

The only way I could see this happening is if they have all of the public keys of the secure cryptographic elements in a database of all Apple devices ever created. Because otherwise, it would just be trivial to emulate a "secure cryptographic element" if it's just a public/private key.

They aren't running a client by Apple. A glance at other posts seems they are using Apple code, but that would just be a matter of reverse engineering if the code required the secure enclave.

I can't think of a way that a server would be able to prove a device is Apple or not if you were to replicate the protocol completely. Only if there was some established public/private key would this be possible. And then the private key on the device would be in a secure enclave that you could feed it data to sign to prove the device is an authorized device.

I wouldn't be surprised if they in fact do have a list of serial numbers for all the mac, ios, tvos devices they have ever sold, linked with some corresponding device-unique public key data?
After reading some other comments, this very well might be the case.
Of course they have all of the public keys of the secure cryptographic elements of all Apple devices (that run iMessage) ever created. Why wouldn't they?
I don't know how the secure enclave works in detail but if there is a private key inside it that it uses for attestation / signing, presumably it could also have a certificate signed by an internal Apple provisioning CA infrastructure which Apple can verify on their end.

Importantly, this matters even for those older devices that were created without secure enclaves. iMessage still used this PKI architecture back before every new mac/iphone/ipad had a SE.

And if Beeper keeps it up they’re likely running afoul of the CFAA in the US.

The EU doesn’t rule the world. They haven’t forced iMessage open yet, and Apple is clearly trying to avoid it with their announced RCS support.

I don’t think things are as far along as you do.

Can you explain more about the suspected CFAA violation?
See https://en.wikipedia.org/wiki/Craigslist_Inc._v._3Taps_Inc.

The CFAA says that "having knowingly accessed a computer without authorization or exceeding authorized access [is a federal crime]".

The courts held that 3Taps scraping the Craigslist website was accessing a computer and exceeding authorized access because it should have been obvious to 3taps that craigslist did not authorize them to scrape their website (namely from some IP blocks and a C&D letter), so it stands to reason that talking to the iMessage API from a non-apple device is a federal crime. Apple has only authorized apple-devices to talk to their API, it should be incredibly obvious to all of us that this is not being done with apple's authorization, hence crime.

In case it's not clear, I think the CFAA is a rather poorly thought out law since "authorized access" seems like it could be as vague as a ToS violation, which means it escalates things that seem more like civil matters into federal crimes.

The Supreme Court has significantly weakened the CFAA since then in Van Buren. The weakened version might not apply.
Probably because no one uses iMessage in the EU.
I'm pretty sure almost everyone sending messages from an iPhone to another is using it.
Even iPhone users in Europe tend to just use WhatsApp. It's the default there, largely because of the history of carriers charging thru the nose for SMS back in the day...when WhatsApp offered "free" messaging (uses tiny amounts of your data plan), it took off.
> Even iPhone users in Europe tend to just use WhatsApp

Europe is not that homogenous, WhatsApp isn't even the most popular messaging app in much of Central/Eastern Europe and Scandinavia (in addition to that iOS has a similar/higher market share in Norway/Sweden/Denmark than it does in the US).

> of the history of carriers charging thru the nose for SMS back in the day.

Again, this wasn't the case in every European country (where I am text messages were already free or very cheap in the early 2010s so WhatsApp didn't really take off that much and FB Messenger is still quite a bit more popular to this day because it worked on PCs/browsers and most stuck to it when smartphones were becoming popular ).

same applies to Britain and Switzerland.

Doesn't iMessage predate WhatsApp for sending data based messages? I recall that being an early selling point.
addandsubtract is referring to low usage rates of iMessage in Europe compared to other messaging systems, especially Whatsapp.
(comment deleted)
I'm from Europe and live in Hong Kong, in both places, iMessage to us is like Edge for Windows users: a gimmick we see auto-installed but we dont use. So many people don't have an iPhone, and we change phone number every few months anyway. The US experience might be diff, and Europe / Asia aren't a single country, so maybe it even varies within.
> I'm from Europe

> in both places

> so maybe it even varies within.

Definitely Europe is not as homogenous as that. I do also live in Europe, people do use iMessage (or just text messages in general) where I am (to a much smaller extent than the FB messenger for instance which is much bigger than WhatsApp here).

And any meaningful number of people changing their phone number every few months is certainly not my experience whatsoever. Pretty much everyone I know have had the same number of years or over a decade or even longer.

Yeah I used it because the original comment did: ofc Europe is not a real homogeneous place.

I'm from Normandy to be hyper precise, and there, we don't have much iPhones or use iMessage. I certainly never heard of isolation due to lack of iMessage: we use sms or whatsapp.

In Hong Kong, it's common, maybe only among immigrants like me, to change number often, it just is, everyone I know does it, we just migrate with whatsapp. We do it to reduce the spam explosion over time as we give our numbers to more and more people, or to switch to cheaper 5G plans over time or stuff like that. I certainly hate now keeping a phone number too long, it just feels unsafe.

Not to mention, nearly everyone in power in the US has an iPhone, and Apple is a darling of the establishment in the left and the right, and virtually nobody else has any power.
Same concern here. I think it's a more valuable use of time to get all your friends/family to switch to Signal. AND pay for (donate) to Signal.
For those trying it out or if it does get banned, here's the iMessage unregistration link:

https://selfsolve.apple.com/deregister-imessage/

Thank you, this was probably my biggest concern
I tested it out, unregistered in the app and now I can't receive SMS from iPhones. This link says my phone isn't registered either. Yikes!

Edit: it's working now, took 15 mins to work itself out.

Beeper was made by the pebble dev. Eric should have read the goal by Eli goldratt, it's a case study of TOC. I still love my slides of time.

Pebble: https://en.m.wikipedia.org/wiki/Pebble_(watch)

https://www.kickstarter.com/projects/getpebble/pebble-time-a...

What's Pebble? It's mentioned on the Beeper home page too with no context as though everyone should know what it is, sadly I don't.
One of the original smartwatches, if not the original:

https://www.kickstarter.com/projects/getpebble/pebble-e-pape...

(At least I think that's what the word salad of parent is referring to.)

Thanks. I had one of those and quite liked it.
I would name Seiko Data-2000 the original, some 28 years earlier. Even if you'd like something more modern-looking the list still has IBM Linux Watch and Samsung SPH-WP10 and others before.
For anyone confused, "TOC" refers to "theory of constraints":

https://en.wikipedia.org/wiki/Theory_of_constraints

I also enjoyed The Goal and found it helpful for my manufacturing business, although I'm having trouble understanding how it connects to this blog post.

It doesn't do with this post. It has to do with pebble. They overproduced and were too carried away with efficient over production and (probably) had warehouses full of pebbles. For years after you could get a new in box one for $40 or $99 at retail when it was supposed to be $200 or so.
I've been using Beeper for 3-4 months. I find it very useful, easy to use, and easy to setup. I use both the mobile app and the desktop app.
Same here. I really like it. Don't mind occasional connection issues, but what really irks me is that every message has separate notification. When someone sends me 5 consecutive messages I get 5 beeps. In whatsapp app I only get notification for the first one. So when there is some conversation going in group chat and I don't have time to read it right now I'm getting bombarded with notifications.
(comment deleted)
So yeah, it seems ok for one-on-one chats, but for group chats it's super buggy. Can't tell who said what in the history of any of my group chats because Beeper Mini is confused and thinks all of the messages, left and right, are from me.
My first thought is "was Apple behind this?" I understand that they claim to have reverse engineered it...but if it's such a trivial conversation exchange, it is a bit surprising this hasn't been utilized before. Seems convenient given the loud exchanges happening about RCS and the like. And unlike RCS, iMessages actually has E2E baked in.

The next thought it the utilization for abuse such as spam. E2E is wonderful but it also means that the normal cryptoscammer / phishing checks can't apply. There are mentions of rate limits and that surely comes into play, but given the simple proof of concept it would be easy to scale out.

I don’t think so. The security researcher is a kid in high school that seems really fucking sharp.
I have confirmed with him that he hadn't been born yet when Steve Jobs announced the iPhone.
How does the generation of validation data for registration work? As far as I understand, this requires details from an actual Apple device (serial number, model, etc.)
I think it's calling a server generating validation data (probably with a pre-set hardware informations to be able to run it on a Linux machine which is cheaper, with emulation as pypush does it or by directly loading the macOS executable in the memory and run the right code snippets there).
I'm curious what are the implications of having pre-set hardware info. Maybe rate-limiting? or easier for Apple to flag those particular serial numbers to block the service if they wish?
How long until this gets forked into an iMessage spam bot?
There's already a ton of those operating, I get iMessage spam at least once per day.
Never ever seen that myself. SMS however yes, lots if spam by companies using bulk SMS services. But those show up as green bubbles so easier to ignore.
The spam iMessages I've received had the "iMessage" text above, were sent from a seemingly normal phone number and had a "Report Junk" button at the bottom of the screen (which text messages don't have).
Isnt Apple adopting RCS and won't that solve the green / blue bubble issue?

Personally if it's a business / marketing advantage unless their hand is forced for business reasons they should never change it.

Apple is adopting RCS, and no, that won't solve the green/blue bubble issue. They'll still distinguish RCS and SMS from iMessage.

iMessage is Apple's value-add and has its own app ecosystem, apparently/allegedly true E2E.

  *> Personally if it's a business / marketing advantage unless their hand is forced for business reasons they should never change it.*
Yep, that is Apple's intent, according to Apple emails leaked from various court cases.
To the vast majority of people though it will solve the problem. Android to iPhone communication will be close enough to the iMessage experience.
Yeah, maybe it will make some improvement for Android people, who are the majority of the mobile market.

For iPhone users, they'll still be some non-blue bubble people who lack the E2E[1] and tight iMessage app integrations that are popular among iPhone users these days. At least until governments possibly intervene.

1. E2E insofar as not carrier-accessible (unlike RCS), which is a bit of a hot button issue in the US, post-Snowden/PRISM. If carriers have access to RCS payloads or even metadata, they will most definitely harvest it for marketing purposes, as well as ship it off to the US government.

Green/blue bubble is about the prior probabilities people use to make assumptions about others. E.g., if you use Android/iPhone, there is a prior probability of x% of being y type of person.

WhatsApp/Signal have been available for a long time for anyone that has wanted group chats with modern capabilities.

WhatsApp/Signal involve other people you want to communicate with having those apps, which is fairly unlikely in the US (at least outside of tech/international social groups). Only chat apps out here you can count on are facebook messenger, sms/rcs, groupme, or imessage. iMessage is probably the best of these.
I have directly asked many relatives/friends in their 20s/30s, and they have told me they would assume an Android user has a higher likelihood of being “weird”.

The barrier to entry to installing WhatsApp or Signal is near zero, just a minute of one’s time. And given that most everyone is using Meta’s other apps anyway, the privacy costs are moot. In fact, all of the people I asked have WhatsApp already, but mostly to remain in legacy group chats with older family.

Also in many countries Android is a sign of your social/economic class as many such headsets are super inexpensive compared to an iPhone.

If Apple started a new color "purple," that indicates sent via iPhone 15 Max well then that would be a further marketing boost for the multiple millions of ppl who care about social class & flaunt it. Apple overall is a luxury brand another one of their marketing strategies.

Whatsapp and signal don't load messages that were sent before joining a channel, a modern feature that slack has had since launch.
I would not expect/want that behavior from a chat app. If I was having a conversation with 3 people, and then a 4th person walked up and joined the conversation, I expect them to not be privy to anything discussed prior to them joining.

A “channel” that shows all participants the entire history seems more like a private forum thread than a “chat”, and should probably be distinguished separately.

Whatever you want to call it, if we're having a conversation, say, planning a birthday party for Bob, and we forgot to invite Alice to the conversation, through the magic of computers, instead of us having to start the conversation from the beginning again when every new person joins, they can just read the scroll back.

If you're the type of person having conversations about people that you wouldn't want them to hear, maybe you shouldn't be having them?

I understand the pros and cons, I just think there should be a clear demarcation of which is which. I can see a chat app deciding to keep this feature out if they think it would make the app too confusing for its audience.
OK, took a while to figure out what it is, as I barely know anyone using iphone. Though it's not for me, BUT if they deliver this:

> Over time, we will be adding all networks that Beeper supports into Beeper Mini, including SMS/RCS, WhatsApp, Messenger, Signal, Telegram, Instagram, Twitter, Slack, Discord, Google Chat and Linkedin. We'll also bring Beeper Mini to desktop and iOS.

I'm interested, even if it's paid. I'd love to have most of those apps gone and use a cleaner one.

Is this some sort of new mobile Adium?
Trillian
EveryBuddy
Not sure what EveryBuddy is. Trillian was a multi-protocol chat client from 2000 [0] named after Trillian [1] from 1979.

[0] https://en.wikipedia.org/wiki/Trillian_(software)

[1] https://en.wikipedia.org/wiki/Trillian_(character)

ah didn't realize it had gone away. its successor appears to be [0]

now I'm reliving the chaos of the late-00s/early-10s instant messaging apocalypse when AOL sunsetted AIM. Clients like Trillian were absolutely necessary before AIM shut down. Everybuddy was a good linux-friendly client. When I still spent time on IRC, I really really liked Bitlbee [1] with ERC [2]. Gaim was one of the first open-source projects I ever contributed to.

(I'm not saying that there's a connection there, but rather that all the chat protocols started getting used less around the same time for the same reason, which was smartphones becoming commonplace in late-00s.)

[0] https://en.wikipedia.org/wiki/Ayttm

[1] https://www.bitlbee.org/

[2] https://www.gnu.org/software/emacs/erc.html

Happy Beeper customer and original poster here to tell you: Beeper Cloud is already out there and works really well! It's also free, though you'll have to get through the waitlist somehow. It doesn't perfectly replace every app just yet but it covers the most important functionality extremely well. And it's available on mobile as well as desktop devices.
IIRC, though, Beeper Cloud does not come with end-to-end encryption on messaging services that usually have that feature through their regular app. Messages are encrypted between your device and Beeper's servers, and between Beeper's servers and the other end of the conversation, but the Beeper folks can still read your messages if they want.

(Please correct me if I'm wrong; the architecture of their product is pretty confusing.)

Do you mind giving me a referral for Beeper?
Here you go - refer.beeper.com/39gJJ0
Possible to generate another ? Says invalid code

Edit: I mean a code for Beeper Mini on Android - not desktop

> Says invalid code

Well yeah it was already used and you came 3 hours after the fact.

Ive tried the legacy version to consolidate Signal, Whatsapp, etc and you can't send/receive calls, only messages. It's very much still a work in progress
> as I barely know anyone using iphone.

where are you located?

Poland. I know a few apple fanboys but those aren't people I communicate with outside of work. Just not my bubble.

It's actually weird and silly when they send me text messages and somehow I end up in the same conversation multiple times - like once 1:1, once in a group chat with myself included twice or more (as a number, as an email, as a second number). It's a bizarre experience and usually iPhone user can't see anything wrong :D

I'm from the Netherlands and I know plenty of people who have iPhones but I also know (and am) plenty people with androids. People use either WhatsApp or Telegram. Isn't iMessage just texting within a walled garden?
The situation is very different in the US, primarily because in other countries SMS fees tended to be really high a decade and change ago, and thus drove users to WhatsApp, but in the US most carriers had adopted some form of unlimited texting shortly after the iPhone first came out.

Thus, for many socio-economic groups, iPhone is definitely king in the US, and for them iMessage is just the default way to message people because when it was introduced it was the default way to use SMS on iPhone. A restaurant in Texas famous for their funny signs put this out, https://twitter.com/ElArroyo_ATX/status/1693316647677825160 , and tons of people (myself included) could immediately relate.

> Isn't iMessage just texting within a walled garden?

Isn't that exactly what WhatsApp (and to a lesser extent) Telegram are?

They run on basically any confumer device, so no.
I just downloaded it, and can't get past the landing/sign-in page: "Google sign in error.null"

Unfortunately, signing in with Google is the only option.

For some reason this security setting was turned off on my account even though I don't remember turning it off and use sign in with Google in other places.

https://help.beeper.com/en_US/beeper-mini/beeper-mini-how-to...

Thanks! I was having this issue as well.
Unfortunately, I'm still getting the error even after switching this on.
Note that if you have added more than one Google account to your phone, this setting must be enabled for ALL accounts (not just the one you intend to use to activate Beeper Mini) or the "null" error will appear.
Same. Activated Google Account sign-in prompts and the error still appears.
Same as above. Pixel 5, running Android 14. (Edit: the help link provided did not help, as the toggle was already on)
Was able to fix. I have 6+ Google accounts, and one of the accounts didn't have it checked, so it needs to be all, instead of just the account you're looking to connect.
Me too but I have no Google account logged in on my phone. Google shouldn't be the only login option though. Why always the push to give up privacy??
Same. Wanted to sign up immediately but couldn't on a de-googled Pixel.
I already had a significant respect for Beeper (Cloud) as a technical product. The backend being Matrix with open source bridges was a great choice.

This write up adds so much more to that respect. It would have been easy to botch this, it would have been easy to do a worse implementation that would have caused problems for users whether they cared or not, but Beeper seemingly took the time to get right.

Congrats to Eric and the team on the launch!

From their blogpost: https://blog.beeper.com/p/beeper-cloud-and-product-roadmap

> Everything changed in August when a security researcher reverse engineered the iMessage protocol.

> At a high level, here’s our product plan for the near future (in very rough order, and very subject to change): > Add support for SMS, WhatsApp and Signal into Beeper Mini, using the same end-to-end encrypted client-side connection architecture. No cloud servers in the middle.

so they are changing their whole business model to rely on illegal proceedings, breaking the ToS of every service they want to provide an alternative for.

I'm pretty sure Apple isn't fond of random people using their servers and their proprietary protocol on a client they haven't created. Signal is the same, they C&D every fork that becomes popular, the only official clients are the CLI and the ones they release (Signal is open source though). WhatsApp is also similar.

It's interesting and disappointing to see that they are hoping to create a business model on top of that, and it will probably backfire and hurt Matrix users as well, because these chat companies will become stricter and completely forbid third-party clients.

Beeper (Cloud) has been around for 3 years. It supports iMessage, Whatsapp, Signal and 12 other chat networks. We have 100,000 users on Beeper Cloud.

We haven't had a single problem like the one you're describing. Not to say it will never happen.

If Beeper Cloud uses a Mac in the middle then I would have assumed that is actually permitted, as its presumably a legitimate iMessage client and some software to forward your messages after that.

It seems similar to the parallel of iOS builds where its been possible to do so with virtualized MacOS on non-Mac hardware for a long time but its a violation of the TOS of MacOS to do so. Apple does spend effort ensuring that companies running cloud builds do so on Mac hardware; they don't care that the true end user is running Windows and achieving an iOS build as long as there was Mac hardware doing the actual building.

So this reply is along the lines of "we did something for 3 years that allow and they never stopped us" which isn't very strong evidence they won't stop you now that you're doing something they don't allow.

They may not do anything here thanks to the current EU climate though, I only mean that the fact they did nothing about Beeper Cloud is not evidence one way or the other.

Apple or Meta (WhatsApp) trying to take down something like this would almost certainly be viewed unfavorably by the ever-lurking EU regulators.
That's the only reason I'm not confident that Apple will kill this. They wouldn't want the regulatory attention and (at least for now) this is a niche area that few people know about.
Easier to kill something when it is a small niche area that few people know about rather than wait until it gets bigger and more people use it.
Except that Matrix never profited from it. Beeper is the first company to provide a paid service for it and had their own servers. But now they are providing a paid (with a free tier) service that runs on Apple/Meta/Signal infrastructure.

This is asking to draw unwanted attention towards yourself.

Please read this:

https://gist.github.com/smashah/667d4d5cf31670ee87547450861a...

The game being played here is poker. If they call beeper's bluff then they risk setting a whole industry wide precedent that interop supercedes ToS (that's the only angle).

As it stands, ToS based C&D for interop is untested afaik.

We as a community need to discuss ToS-trolling and fight against it.

This doesn't hold up.

https://github.com/signalapp/Signal-Android/issues/9966

https://github.com/libresignal/libresignal/issues/37

unless the EU rushes out their legislation that interop is not grounds for terminating someone's account, I'm sorry, but they can do whatever they want to with their app.

Would you feel happy if someone used your home network to seed torrents? Using your bandwidth to seed them?

Terminating accounts is fair game. Billion dollar companies making legal threats to OSS devs is another.

I can kick said person off my network. It shouldn't be grounds for me to go and start legal proceedings against the developers of uTorrent.

Do you remember back when Pidgin, Trillian, and others created clients that worked across AOL, MSN, and other messengers. They worked for a while, they'd stop working, they'd update and start working, and that went over and over again. I'm not really looking forward to having that experience again.
As others pointed out, you used official Apple hardware.

Now you're replacing that with Apple's own infrastructure.

They won't like this and I really hope an eventual C&D from Apple, Meta and Signal won't affect the development of the Mautrix bridges.

> Signal is the same, [...], the only official clients are the CLI and the ones they release

Is there an officially supported CLI for Signal? Please tell me it's true, that would mean so much for small scale automation!

When TOSes forbid interoperability, breaking them is just.
but now explain this in "Legaleeze" to Apple, to Nintendo, etc....
Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.

17 U.S. Code § 1201 - Circumvention of copyright protection systems

Has this ever succeeded in court? Has it ever even gotten to court or do people just give up at the first lawyer's letter?
Yes, it has been tested many times, famously for unlicensed video games on consoles.
You do know DMCA is not the only law they can refer to to sue freeloaders, right?
I agree with this statement but in the end, the effects of Beeper will negatively impact everyone else who hosts a bridge for these services.

Just because a legal binding document seems stupid it doesn't mean you can break them.

I find most laws stupidly worded, it doesn't mean I should disrespect them.

Yeah Apple won't like this or ever officially approve of it, but you make it sound like you'd call the police if you saw someone using an unofficial AIM client. I think the dramatics can be chilled. The ToS is dumb and not worth the virtual paper its written on. If Beeper can keep up with the cat-and-mouse game, this is no different than Trillian or GAIM/Pidgin/Bitlbee/libpurple or aMSN or Miranda IM or Gtkcord4 and on and on and on... Apple doesn't need an internet defense force for their stupid ToS.
I feel like there are two questions Beeper needs to ask itself...

1) Are they going all-in on being an antagonist to Apple?

2) Will the users be willing to stick around during any outages/downtime/failures due to the cat-and-mouse game? (That I agree will follow and continue.)

I can't answer for Beeper, but why would they be unnecessarily antagonistic to Apple? It's not related to their product or mission. Beeper offers interoperability. Antagonism is an undesired byproduct of any of this work, and it's immature to be antagonistic for no reason.

Will it be a cat-and-mouse game? Maybe. Will users stay? Probably. In many cases, Beeper users already WERE iMessage users. Beeper users ARE Discord users. They are users of the upstream service and explicitly want a unified and interoperable chat system, for one reason or another. Maybe it's more practicality than ideals, but it's all the same in the end.

That said, it's not like Beeper is new, and it doesn't seem like antagonism is a primary driver of operational issues yet, so it's not clear it's about to start any time soon, either. Perhaps one of the most annoying tech company strategies is to try to establish a horrid status quo before regulators and law enforcement have time to catch up with you, making it much harder to actually do anything about. I see Beeper as one of a small number of companies that are basically on the opposite end; if they gain a large enough mass of users, it's going to be harder and harder to antagonize Beeper without antagonizing their own userbase, especially when you consider that the value of IM networks is largely in the connections between users. So, the clock is ticking.

When there's money involved, the results are way more dramatic.

If Beeper was free, sure, they wouldn't bother that much.

But Beeper relies on this business model. Apple and co wont let this slip.

> Signal is the same, they C&D every fork that becomes popular, the only official clients are the CLI and the ones they release

This always rubbed me the wrong way and made it seem like it's an NSA operation

The source to Signal is open to analysis if you doubt its security. I suspect they C&D forks because they don't follow coding/security practices as upstream does, and it would be too hard to ensure they would if they just let anyone fork it.
No guarantee the build on the app store is the same as on github.
> No guarantee the build on the app store is the same as on github.

I don't know why this comment always pops up on HN every time Signal is mentioned.

Signal builds on Android have been reproducible on Signal for nearly eight years - basically the entire time Signal has existed as an app under that name.

On iOS? No, because Apple doesn't allow reproducible builds on the App Store, period. But you can't blame Signal for that.

Not really. Moxie just said "we pay for the infrastructure so it's unfair that you get to use the servers we pay for".
(comment deleted)
Apple is 100% going to ban this. While reverse engineering the protocol is fine, legally, Apple has a legal right to decide which clients can connect to its servers and from which clients it trusts data.