Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Fake iMessage app for Android spoofs Mac mini, routes chats through China [u]

Last updated

A new messaging app aping the iMessage name has shown up on Google's Play Store, but Android device owners may want to think twice before downloading the unsanctioned app, as it doesn't seem to work as advertised and may be doing a bit more than it lets on.

Update: The app in question has subsequently been pulled from the Google Play store.

The new app is called iMessage Chat, and its developer describes its "primary purposes" as "[making] sure everyone should be able to chat via iMessage on Android for free." The app description is not shy stating a similarity to Apple's iOS- and OS X-based iMessage platform, claiming that "iMessage, the popular instant messaging service known from the iPhone, iPad and Macs is now also available for Android devices!"

In addition to the iMessage name, the app copies the icon from Apple's own iOS 7 Messages app. It also largely reproduces the pre-iOS 7 aesthetic of Apple apps, with a palette heavy in blues and grays, as well as a bulging effect on buttons and other elements.

The service, of course, has no connection with Apple, iOS, or OS X, and in testing the feature The Verge found that it will not even send messages to Apple devices. Instead, it so far only sends messages between Android apps that are running the app.

Developer Adam Bell noted on his Twitter account that iMessage on Android appears to be spoofing iMessage requests by passing itself off as a Mac mini. Bell's tests, though, found that the app was working between test accounts, though he noted that "I 100% do not trust that apk."

Bell's concerns are mirrored by others in the developer community. Jay Freeman, better known as Saurik, delved into the app's code, finding that "the client does directly connect to Apple, but the data is all processed on the developer's server in China. This not only means that Apple can't just block them by IP address, but that also that they get to keep the secret sauce on their servers."

In addition to this third-party routing, some portion of the code in iMessages for Android is apparently hidden or obfuscated. An apparent developer of the app has attempted to allay fears on his Twitter account, saying that the obfuscation is "because i worry sombody use it to send Ads" (sic).

Adding to developer skepticism surrounding the app is the fact that iMessages' developer apparently asks for user login credentials when they request help with the service. Aside from the credentialing issue and the data routing issue, no one in the developer community or the review section on the app's page appears to be complaining of any other egregious security issues or violations.

The app currently has an average rating of 2.9, with 148 5-star reviews and 187 1-star reviews. It has been installed by between 10,000 and 50,000 users.



25 Comments

appletouches 44 comments · 12 Years

'It has been installed by between 10,000 and 50,000 users.' LOL! If Fakeroids are really interested in it, why bother with Android then? Wannabe cool, huh?

pedromartins 1326 comments · 13 Years

This app is very dangerous.

 

It has permissions to install apk on the background and everything is stored on some servers, in China.

appletouches 44 comments · 12 Years

I think we are entering the age where the Fandroids would say 'So what? We got iMessage too!'

mikejones 323 comments · 11 Years

Looks like malware is the category that Android continues to beat iOS at year-over-year.