A new app called iMessage Chat has hit the Play Store that brings iMessage – Apple’s free messaging service to Android devices.
However, please stay away as the app hasn’t been developed by Apple.
The worrying aspect of the app is that, it is not just a rip off of Apple’s iMessage service, but it also allows Android users to use iMessage using their Apple ID, which raises serious security issues.
Jay Freeman aka saurik, founder of Cydia, the unofficial App Store for jailbreak iOS devices provides some insight of how the app works on his Google+ page:
I don’t know if anyone else has seen this program yet, but as far as I can tell the way it works is that the client does directly connect to Apple, but the data is all processed on the developer’s server in China. This not only means that Apple can’t just block them by IP address, but also that they get to keep the “secret sauce” on their servers (and potentially just run Apple code: there are some parts of the process in Apple’s client code that is highly obfuscated).
Every packet from Apple is forwarded to 222.77.191.206, which then sends back exactly what data to send to Apple (along with extra packets that I presume tell the client what’s happening so it can update its UI). Likewise, if the client wants to send a message, it first talks to the third-party server, which returns what needs to be sent to Apple. The data is re-encrypted as part of this process, but its size is deterministically unaffected.
pod2g, a famous hacker from the iOS jailbreaking world has also warned users from using the app:
Please do not use this Android iMessage app, never ever! They can grab your AppleID and password! It can't be worse.
— pod2g (@pod2g) September 24, 2013
And if you tried that app for the sake of curiosity, my advice is that you quickly change your password.
— pod2g (@pod2g) September 24, 2013
If you’re really curious to find out how it works, then just watch this video:
Let’s hope Google quickly removes this app from the Play Store, before login details of more users is compromised.
It is highly unlikely that Apple will ever release an Android app for its iMessage service, so if you see another iMessage app in the Play Store, the golden rule would be to avoid it.
