Tuesday, September 24, 2013, 08:36 am PT (11:36 am ET)
Fake iMessage app for Android spoofs Mac mini, routes chats through China [u]A new messaging app aping the iMessage name has shown up on Google's Play Store, but Android device owners may want to think twice before downloading the unsanctioned app, as it doesn't seem to work as advertised and may be doing a bit more than it lets on.
Update: The app in question has subsequently been pulled from the Google Play store.
The new app is called iMessage Chat, and its developer describes its "primary purposes" as "[making] sure everyone should be able to chat via iMessage on Android for free." The app description is not shy stating a similarity to Apple's iOS- and OS X-based iMessage platform, claiming that "iMessage, the popular instant messaging service known from the iPhone, iPad and Macs is now also available for Android devices!"
In addition to the iMessage name, the app copies the icon from Apple's own iOS 7 Messages app. It also largely reproduces the pre-iOS 7 aesthetic of Apple apps, with a palette heavy in blues and grays, as well as a bulging effect on buttons and other elements.
The service, of course, has no connection with Apple, iOS, or OS X, and in testing the feature The Verge found that it will not even send messages to Apple devices. Instead, it so far only sends messages between Android apps that are running the app.
Developer Adam Bell noted on his Twitter account that iMessage on Android appears to be spoofing iMessage requests by passing itself off as a Mac mini. Bell's tests, though, found that the app was working between test accounts, though he noted that "I 100% do not trust that apk."
Bell's concerns are mirrored by others in the developer community. Jay Freeman, better known as Saurik, delved into the app's code, finding that "the client does directly connect to Apple, but the data is all processed on the developer's server in China. This not only means that Apple can't just block them by IP address, but that also that they get to keep the secret sauce on their servers."
In addition to this third-party routing, some portion of the code in iMessages for Android is apparently hidden or obfuscated. An apparent developer of the app has attempted to allay fears on his Twitter account, saying that the obfuscation is "because i worry sombody use it to send Ads" (sic).
Adding to developer skepticism surrounding the app is the fact that iMessages' developer apparently asks for user login credentials when they request help with the service. Aside from the credentialing issue and the data routing issue, no one in the developer community or the review section on the app's page appears to be complaining of any other egregious security issues or violations.
The app currently has an average rating of 2.9, with 148 5-star reviews and 187 1-star reviews. It has been installed by between 10,000 and 50,000 users.
On Topic: iPhone
- Grocery chain Meijer continues accepting Apple Pay despite CurrentC support
- NXP hopes Apple's adoption of NFC will encourage automakers to use its chips to replace car keys
- Samsung, Apple retain global smartphone lead in Q3 as Xiaomi rockets into third
- Developers of PCalc, Nomi run afoul of Apple's evolving iOS 8 App Store policies
- Constrained supply keeps iPhone 6 Plus resale prices at 124% of retail price