Fake iMessage app for Android spoofs Mac mini, routes chats through China [u]A new messaging app aping the iMessage name has shown up on Google's Play Store, but Android device owners may want to think twice before downloading the unsanctioned app, as it doesn't seem to work as advertised and may be doing a bit more than it lets on.
Update: The app in question has subsequently been pulled from the Google Play store.
The new app is called iMessage Chat, and its developer describes its "primary purposes" as "[making] sure everyone should be able to chat via iMessage on Android for free." The app description is not shy stating a similarity to Apple's iOS- and OS X-based iMessage platform, claiming that "iMessage, the popular instant messaging service known from the iPhone, iPad and Macs is now also available for Android devices!"
In addition to the iMessage name, the app copies the icon from Apple's own iOS 7 Messages app. It also largely reproduces the pre-iOS 7 aesthetic of Apple apps, with a palette heavy in blues and grays, as well as a bulging effect on buttons and other elements.
The service, of course, has no connection with Apple, iOS, or OS X, and in testing the feature The Verge found that it will not even send messages to Apple devices. Instead, it so far only sends messages between Android apps that are running the app.
Developer Adam Bell noted on his Twitter account that iMessage on Android appears to be spoofing iMessage requests by passing itself off as a Mac mini. Bell's tests, though, found that the app was working between test accounts, though he noted that "I 100% do not trust that apk."
Bell's concerns are mirrored by others in the developer community. Jay Freeman, better known as Saurik, delved into the app's code, finding that "the client does directly connect to Apple, but the data is all processed on the developer's server in China. This not only means that Apple can't just block them by IP address, but that also that they get to keep the secret sauce on their servers."
In addition to this third-party routing, some portion of the code in iMessages for Android is apparently hidden or obfuscated. An apparent developer of the app has attempted to allay fears on his Twitter account, saying that the obfuscation is "because i worry sombody use it to send Ads" (sic).
Adding to developer skepticism surrounding the app is the fact that iMessages' developer apparently asks for user login credentials when they request help with the service. Aside from the credentialing issue and the data routing issue, no one in the developer community or the review section on the app's page appears to be complaining of any other egregious security issues or violations.
The app currently has an average rating of 2.9, with 148 5-star reviews and 187 1-star reviews. It has been installed by between 10,000 and 50,000 users.
On Topic: iPhone
- Brazilian judge orders WhatsApp blocked for 72 hours over encryption row
- FBI should disclose iPhone vulnerability to Apple, Edward Snowden says
- Los Angeles court orders woman to unlock Touch ID-equipped iPhone for FBI
- Latest 'Shot on iPhone' ad uses Mother's Day to get emotional impact
- Apple, Samsung, Facebook, Amazon & the case of the 'very bad' Q2