234
Beeper vs Apple battle intensifies: Lawmakers demand DOJ investigation - Android Authority
(www.androidauthority.com)
This is a most excellent place for technology news and articles.
That's not how beeper worked. It actually connected from the device directly to the iMessage network. You're thinking of all the other services that required a virtualized OSX install somewhere to act as a translation layer.
The beeper application is not trusted by anyone except Beeper. As an Apple user, I trust Apple by buying their devices and participating in their services. I have no trust relationship with Beeper whatsoever. They have the the ability to decrypt my messages unbeknownst to me, and do whatever they want with them. Maybe they'll display them to users nicely in the app. Maybe they'll do something nefarious with them.
Having user activity flow into 3rd parties is a major security problem. Maybe you don't see it, but it's real and it's there. We're still trying to clean up the adtech mess on the web after how many years?
Funny, you trust apple yet iMessage has major flaws that were written about years ago, that Apple has never addressed. https://news.ycombinator.com/item?id=38537444
And if you read the Beeper devs blog, you'd understand how much you misunderstand about the security and encryption implications. If anying, it increases message security by moving messaging from SMS to encrypted iMessage. https://jjtech.dev/reverse-engineering/imessage-explained/
He invited Apple to have a third party assess his work. So far Apple hasn't responded.
I have no issue with Apple blocking Beeper, it's their system. It's interesting to watch, but the DOJ has no reason to get involved here, it hasn't even been made a legal issue yet.
If Apple feels it's a legal issue, they could start legal proceedings. My question is why they haven't.
Thanks for the links! I enjoyed reading about how iMessage is built on top of APN. That probably explains why I can reply to messages in arbitrary apps on my Apple Watch. :-)
However, that doesn't change my argument. Beeper is not a trusted party in this exchange. When they show my messages to their users, they are decrypting my messages and user activity in a way that is outside my zone of trust. They can then be nice and show it to their users in their app, or they can be nefarious and send that data to any other 3rd party for whatever purposes they want.
This is a major security hole at the application layer, despite the network layer security that you've linked to.
One of the parties has to trust the endpoint. People can screenshot or forward you messages to other people unbeknownst to you, but you have to trust the other person not to do so, how is that any different from trusting another person that they choose a safe app?