miskApple criticized for blocking Beeper Mini iMessage on Android app - 9to5Mac
aufI absolutely am not an iPhone or iMessage fan, but criticizing a company for blocking someone who reverse engineered they platform to gain access isn’t right in my opinion.
If a 3rd party app is allowed to utilise Apple’s iMessage protocol/network, then every other messaging provider (WhatsApp, Telegram, etc) will be required to open up their platforms.
I cant wait to see the day where WhatsApp allows 3rd party apps to use their messaging network.
EldritchIt’s very right. All messaging platforms should be open or interoperable.
Imagine if from Hotmail you could only email others on Hotmail. Or the same with Gmail. Or not being able to SMS anyone on at&t from any other telco. There’s no good reason to limit it like that.
Also consider that they were charging for the service. The only part of the deal I wasn’t keen on. 1 because again, messaging should be open and interoperable. 2 they were basically charging a recurring fee for access to Apple’s service, not specifically theirs in this instance. Which seems bad on Beeper, until you realize that Apple is basically refusing to make money from their service. And they’re not doing it out of principle, ideology, or good will. They’re doing it because they don’t want to compete. Not with regards to iMessage, or anything else.
jardApple already publicly announced they’re working on both implementing RCS to (Apple) Messages and working to get E2EE into the RCS Universal Profile, so this whole “anti-competitive, anti-interoperability” argument falls flat.
At the end of the day, this app was an attempt to commercialize a high-profile exploit which threatened the security of iMessage. Politicians like Senator Warren making these criticisms of “monopolistic behavior” are, as usual, being tech-illiterate buffoons.
Maybe we wouldn’t have the spam ridden hellscape that is modern email if it worked more like current messaging platforms
Apple has reverse engineered a lot of stuff to make it work on apple products. A fair number of Microsoft products specifically. I don’t know why they should be exempt from having similar happen to them.
Because:
DMCA specifically protects the right to reverse engineer something for interoperability. There is no reason other than being cordial to request “permission”.
Abjectly false according to established case law. There are exemptions to the protections for reverse engineering with both DMCA and EU directives; Please go learn how the system works before you endanger others who would be foolish to follow your words:
In the US
17 U.S. Code § 1201, article f (Reverse engineering) permits the use of reverse engineering to circumvent technological measures:
- (1) … for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs … to the extent any such acts of identification and analysis do not constitute infringement under this title.
- (2) a person may develop and employ technological means to circumvent a technological measure … for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability,** to the extent that doing so does not constitute infringement under this title**.
- (3) in acts described by (1), and means described by (2), reverse engineering is done solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.
In all 3 cases, Beeper developed and marketed an app specifically as “iMessage for Android”, and charged money for it. This goes far beyond “establishing interoperability,” as they were using this reverse engineered information to bolster their brand and profit off of it. I highlighted each salient point of the clauses specifically because these actions infringe on Apple’s copyright.
You misunderstand what the purpose of the DMCA is: it’s supposed to protect corporations like Apple, not the hacker underdogs that you’re rooting for. In its literal first article it forbids all general forms of technological circumvention unless they can be shown to fall into a very specific category of “non-infringing” exceptions. If you actually read it, the DMCA limits reverse engineering, not protects it.
Additionally, Beeper’s actions already violate Apple’s EULA, which is a legally binding contract, so what they’ve done (and actually, anyone who used Beeper Mini) is illegal under contract law as well.
In the EU
Directive 2009/24/EC of the European Parliament, article 6 (Decompilation) states that the protections of information obtained through reverse engineering a computer program do not apply if that information is:
- (a) to be used for goals other than to achieve the interoperability of the independently created computer program;
- (b) to be given to others, except when necessary for the interoperability of the independently created computer program;
- (c) to be used for the development, production or marketing of a computer program substantially similar in its expression, or for any other act which infringes copyright.
Beeper charged money for a subscription in order to achieve interoperability. This is a goal of profitmaking, not achieving interoperability. (a) disqualifies them for protection.
Beeper, additionally, delivered access to their reverse engineered exploit to others in an unnecessary manner by charging money. (b) disqualifies them for protection.
Beeper developed a computer program that is substantially similar to (Apple) Messages’ expression (it literally was a messaging app that was advertised as “iMessage for Android.”). This infringes on Apple’s copyright. (c) disqualifies them for protection.
Beeper quite literally fails in all 3 cases that would protect them from litigation in the EU.
The fact of the matter is simple: You are defending criminal behavior that is illegal in both the US and EU.
There is no reason other than being cordial to request “permission”.
This is also blatantly false. Reverse engineering intrinsically entails violating the copyrights or intellectual property of another party, thus entitling them to damages if pursued. DMCA provides a means for the “infringing party” to be protected from litigation in certain circumstances, but even better than the DMCA is the means of obtaining direct permission, which establishes a legally binding contract between the copyright holder and the infringing party. This is what white hat hackers need to do all the time, because their actions would otherwise be completely illegal under any jurisdiction.
Has Beeper actually charged money for it? My understanding is that this rollout was planned to be paid eventually but nobody has paid anything as of yet for the functionality.
You quote directly from the same source I was using (Cornell law) and your quote directly suggests that reverse engineering for the purposes of interoperability (in this case with iMessage and it’s use on iPhones and the interoperability with android phones) appear to both be covered. If they aren’t covered you haven’t explained why your suggestion that they are doing so to profit makes sense except they haven’t charged anyone that I can find for the service. Even their FAQ has been updated to say they will continue offering the service free of charge and will warn users when it moves to a paid service. I don’t dispute that they do plan to have a paid service but at this juncture they haven’t actually implemented that.
I don’t “misunderstand the purpose of DMCA”. I actually couldn’t care less about apple or beeper. I don’t use either brand or service and this is a solution to a problem I don’t have. I find the tech discussion around the interoperability of iMessage and RCS (assuming that actually happens) interesting, but again it doesn’t directly benefit me in any way. Pretty much my whole family use android phones. I don’t have any friends who appear to care about the blue bubble green bubble nonsense, though I am tangentially aware of it, mostly through tech articles.
Are beeper required to agree to Apple’s EULA? If so, why? Please explain that.
You assert that I am “defending”. I haven’t actually defended anything. I simply pointed out that wording in the DMCA would suggest that Beeper was exempt from certain restrictions. That’s not the same thing.
Did I hurt your feelings or something? Are you taking out your frustrations with other people on me? Because it does seem like it.
Has Beeper actually charged money for it?
help.beeper.com/…/beeper-mini-getting-started-gui…
Beeper Mini subscription (7-day free trial or an additional month of use if referred by an iPhone user):
Beeper Mini Subscription Update: Though Beeper Mini is a subscription-based app, it will be available free of charge temporarily. (Note: This was an update to Apple patching the iMessage security exploit on Friday)
What you get:
Send iMessages using your Android device. Join iMessage-only group chats seamlessly. Full-resolution images and videos, plus replies and reactions. Secured with end-to-end encryption. Cancel anytime."They also got two hundred thousand monthly subscriptions in the few days that it was available. Simply inexcusable.
You quote directly from the same source I was using (Cornell law) and your quote directly suggests that reverse engineering for the purposes of interoperability (in this case with iMessage and it’s use on iPhones and the interoperability with android phones) appear to both be covered.
Please refer to the following excerpt, because you didn’t bother reading anything I wrote:
“In all 3 cases, Beeper developed and marketed an app specifically as “iMessage for Android”, and charged money for it. This goes far beyond “establishing interoperability,” as they were using this reverse engineered information to bolster their brand and profit off of it. I highlighted each salient point of the clauses specifically because these actions infringe on Apple’s copyright.”
I actually couldn’t care less about apple or beeper.
Then why are you even here? This is a community for Apple enthusiasts, to discuss Apple things.
Are beeper required to agree to Apple’s EULA? If so, why? Please explain that.
It’s directly stated in the acronym of EULA - End User License Agreement. If you use any Apple service, you become an end user and thus automatically agree to the terms by definition. To opt out or “disagree” with Apple’s EULA, don’t use Apple services or products like iMessage.
The app had to be developed through the usage/exploitation of the iMessage API and Apple’s servers. This makes Mr. JJTech0130 and Beeper’s developers ‘end users’. Android users who enrolled their phone numbers in iMessage (which was necessary to use Beeper Mini) makes them ‘end users’.
Are you taking out your frustrations with other people on me? Because it does seem like it.
Yes, I’m annoyed that Android users continue to come in here again and again, completely misinformed about the situation, and write complete nonsense. Especially if it’s nonsense that’ll get you laughed out of a courtroom, and a lifetime of contractual payments to Apple.
I read everything you wrote. I’m trying to understand and you come off as hostile and appear to be forgetting that not everyone has all the details you seem to be keeping in your head. Calm down and explain it for a layman, please.
Sure. Let’s say I create an Android app called “Gesture,” whose goal is interoperability between all messaging platforms. I was able to establish interoperability between WhatsApp, Signal, Google Messages, Slack, Instagram, Facebook Messenger, you name it… Now I’m looking at iMessage, and I manage to find a way to reverse engineer a way of sending iMessages! Great!
Now, my intentions is to not profit off this endeavor, but to enable interoperability between Apple and Android. To this end, I fully release the code for this app, free for anyone to analyze and use themselves. The branding and marketing for this app is non-existent, as I do not want to make myself appear as a competitor to iMessage for legal reasons. I choose not to publish this app on the Play Store which has venues, but instead elect for free, open source alternatives like F-Droid.
Have I taken the steps necessary to establish that the sole motivation for this application is for interoperability? Yes:
- I have not created any means in which I can profit from this app; it is free to obtain and use
- users do not need to spend money through Google or another payment processor to use my app
- no branding for this application exists, knowledge of the app’s existence is done purely through word of mouth in tech-oriented communities
Note that doesn’t make my actions any less illegal, as they still violate Apple’s EULA. I’m still subject to what Apple would do to me to rectify this (which is almost always going to be arbitration, where Apple lawyers meet up with me and tell me to stop everything, take it all down, and also probably make me pay a bunch of money too.)
Now let’s say that a company called “Clicker,” who also specializes in interoperability between platforms, buys my reverse engineered app, and creates their own app called “Clicker Mini.” This app specifically packages my iMessage code into their own branded app using their “Clicker” brand. Furthermore, to use their app, a $2/month subscription agreement is required, and it is advertised that this subscription grants the ability to “send iMessages using your Android device.” The app was marketed from the very beginning to be an “new iMessage messenger for Android,” as reflected by many news sources.
Have they taken the steps necessary to establish that their sole motivation for Clicker Mini was to establish interoperability with Apple Messages? No.
- They tied these features under a brand name (“Clicker”)
- It is very clear from their intent that they want their “Clicker” brand to be associated with Android + iMessage
- they bundled this feature under a subscription agreement between its own end users where they agree to pay a certain amount of money each month.
All of these actions become profitable for Clicker as a company, as the advertisement of “Android + iMessage” capability draws interested customers who enroll in the subscription agreement, as well as any other services Clicker offers… let’s say Clicker Cloud is one of them, for example.
Additionally, since my iMessage app violated Apple’s EULA, Clicker’s implementation also violates Apple’s EULA. The only difference here is that Clicker is a full fledged company, meaning that Apple is far more inclined to just sue the hell out of them.
Beeper is essentially bolstering and forging their own brand name by using Apple’s intellectual property. No matter what way you look at it or which laws you cite, that is copyright infringement to the first degree.
But you’ve failed to draw the parallel here between Apple and their intellectual property being reverse engineered by a third party who’s motivations remain unknown, and Beeper who bought the reverse engineering code/process from that third party for the purpose of interoperability. Which I believe I said before but perhaps wasn’t clear about. Proving in court that the original engineer of this exploit did so for the purposes of interoperability, or if the intent was to make money will seemingly be between Apple, the courts, and that entity.
Apple device users are subject to the EULA. Beeper and their customers may or may not be depending on if they are Apple device users. There is some gray area here as far as the messaging because my understanding based on the articles I have read is that Beeper is calling their App “Beeper Mini”, and are simply marketing it as what it is. A way for Android users to interface with Apple iMessage users. They aren’t calling it iMessage for Android. They are calling it Beeper Mini. That being said, the tagline is “iMessage on Android” and yes it does bill itself as enabling Android users to send and receive imessages. The important thing to note here is they go on to say that it’s a stand alone app built to send and receive “blue bubble messages” on Android. They don’t claim it’s an apple product, just that it works with apple products (I’m reading directly from their website here).
The reflection in news sources isn’t the greatest point to be made specifically because news outlets have a history of creating taglines, nicknames and nomenclature for things that the original entity behind the story has no real say in. Serial killers are a good example. News networks are notorious for naming serial killers despite law enforcement avoiding giving them monikers like “golden state killer” etc.
I agree with you that Beeper is implementing a paid system and that this was always the intention. I believe I said that as well in my original statement. However I’m still trying to connect the dots as to how Apple has grounds against Beeper specifically. Surely they may potentially have grounds against the original exploiter. But against Beeper? Have they actually stolen Apple’s intellectual property?
I wouldn’t know a lot of things about Apple if I didn’t occasionally peruse communities like this one. There is only so much context you can get from Android users (even people who use both, or neither) about Apple products. I wouldn’t for instance understand why the original Beeper was such a big deal to some Apple users, until someone explained in a different thread that they like being able to answer messages from their work phone or work station (not an apple product), throughout their work day. I’ve worked in places where cell phones were absolutely not allowed, so I could see how this could be a big deal.
There is no ”parallel” to draw here. The fact of the matter is that Beeper reverse engineered a proprietary protocol and then charged money for a new solution that is offered as a feature of Apple’s hardware. The original engineer is irrelevant here as he relinquished all ownership rights to his code to Beeper as part of their sales agreement, so from the courts’ perspective Beeper is the one that did the reverse engineering (because they own the rights to that code).
Beeper and their customers may or may not be Apple users
There is no “gray area” here either. The way Beeper Mini was able to send iMessages is by fabricating the identity of a fake Apple device on Apple’s servers. Even if the device is fake, under the agreement of the EULA this is still an “Apple device” that is being used. This is the same for Beeper Mini’s subscribers who had to register their phone numbers with iMessage — the only way to do that is with an already validated Apple device. As users of Apple’s services through a validated Apple device, they fall under the terms of the EULA.
Of course, that’s if we outright ignore the problem of the Apple device being fake. Circumventing device identity verification with a forged identity is a clear violation of the CFAA (Computer Fraud and Abuse Act); this fact alone also makes the DMCA completely void.
There is no way you can reasonably spin “faking an Apple device’s identity” to be anything related to interoperability. The whole thing was able to work because it successfully fooled Apple into thinking it was talking to a real Apple device — like a hacker breaking into a company’s servers because they injected the right malicious code to make the servers think they had the right authorization.
The reflection in news sources…
is precisely because Beeper marketed their app and brand to give you “blue bubbles on Android.” “Blue bubbles” is a term well established in the common public to mean “iMessage.” The subscription agreement straight up states that subscribers can send iMessages from an Android device as one of the features of that subscription. The general public perceived the app as “iMessage for Android;” there is seriously no contention here to be made.
You even state in the previous paragraph that Beeper’s own tagline for their app is “iMessage on Android” and then immediately contradict yourself by saying news outlets make up random taglines, despite them pulling those words straight from Beeper themselves.
They are using iMessage to bolster their Beeper brand. That is copyright infringement.
Have they actually stolen Apple’s intellectual property?
Yes. They purchased all ownership rights to an iMessage implementation and are the proper legal owners of it. Combine that with the fact that a reverse engineered implementation of a proprietary service produces code that looks very similar to the original code, and that they keep marketing this app as bringing an Apple-exclusive feature to Android… you have yourself a crystal clear case of copyright infringement.
You yourself admit that Beeper did not reverse engineer. They paid a separate third party for something that third party had already reverse engineered.
You honestly should stop, you’re a self-admitted layman who has no idea what you’re talking about and refuses to listen to anyone. I’m not sure if this some elaborate attempt at trolling, but my block list goes nom nom nom.
And that’s fine. Beeper and the 16yo hacker haven’t broken any laws, haven’t done anmythujg wrong, and won’t go to jail. But that doesn’t mean Apple can’t close the hole they exploited. It is their messaging network, and they can make any changes to it that they want.
I never made that claim. I never said it wasn’t Apple’s prerogative to close any loopholes or backdoors. I didn’t claim any ethics on the part of Beeper or the original exploiter. I am asking for a provable viable instance where the law was broken and what law and how. The person who blocked me made a lot of claims that they failed to back up with factual information with sources and repeated themselves several times with claims of unlawful conduct. They didn’t explain which laws had been broken or how. I would like that information still.
I called myself a layman specifically because in the case of Apple products that’s what I am. I’m not criticizing apple for closing a potentially exploitable security flaw. I am saying that this tech company (like every other) is absolutely borrowing within the constraints of the law and outside it from other tech companies and that because that is the case there is some hypocrisy in the stance that somehow other companies are expected not to.
Apple v. Psystar, 2011: Reverse engineering and circumventing copy protection mechanisms is copyright infringement under the DMCA, 17 U.S. Code § 1201.
Apple v. Corellium, 2023: Fair use doctrine, even when validated, is not an excuse to dismiss claims of circumventing copyright protection mechanisms, and can not be used as a defense against such claims. No ruling can be made on the validity of DMCA counts using fair use doctrine as a defense.
I have stated multiple times that Beeper is circumventing a copyright protection mechanism. I linked to the Python PoC, which is freely available for everyone to see. The exploit requires Mac serial numbers to forge an inauthentic Apple device identity, which need to be regenerated with a real, authentic Mac device. Additionally, the exploit needs to simulate an obfuscated macOS library, meaning the exploit itself hasn’t fully “reverse-engineered” the iMessage stack. Mac OS X has notoriously been impossible to simulate on non-Apple hardware, for issues of copyright infringement and license violations because of Apple v. Psystar. Beeper is simulating Mac OS X binary blobs on their servers (which is copyright infringement by Mac OS X’s licensing) for the intent of circumventing another copyright protection mechanism (which is copyright infringement by the DMCA), for the purposes of interoperability (which wouldn’t hold because of Apple v. Corellium.) And all this to bolster their “Beeper” brand.
Seriously, to any knowledgeable programmer who’s even vaguely familiar with copyright protection and the DMCA, this all screams as a legal dumpster fire just waiting to be set ablaze. It’s a fucking mystery how Beeper was able to get their engineers onboard with the whole thing in the first place.
You continue to assert that I haven’t provided factual information. I cite court cases and factual evidence about how the exploit works. Yet you continue to argue like an ostrich sticking its head in the sand, nitpicking on technicalities like “well the kid actually did it, not Beeper.” Yeah, because Apple’s lawyers would care about that.
Any time I attempted to discuss technical details, you pull out your “we’re laymen” and “we don’t know the details like you do” bullshit excuses to reduce things down to a strawman that you can then attack — I did this in genuine good faith, by the way, in the hopes that we can come to a mutual understanding!
I’m only responding now because you’re misrepresenting my arguments in bad faith to a third party. Otherwise, I’m not going to argue any further with someone whose stance is entirely and hopelessly sided against by existing case law and the entire body of copyright law, who doesn’t understand how the DMCA works, who doesn’t understand any basic tenets about how copyright fundamentally works, and even more egregiously, who refuses to take in new information that contradicts their worldview.
The complexities of this legal shit is why I fully stay away from reverse engineering proprietary protocols owned by trillion dollar companies, and don’t rely on the arguments of random clueless Redditors (or Redditor-likes, because that’s all Lemmy is nowadays) to bail me out of an inevitable massive lawsuit. You, as a self-admitted layman, seem to think otherwise. Dunning-Kruger and/or trolling in full effect.
Apple Inc. v. Psystar Corp.: Ninth Circuit Holds that Apple did not Engage in Copyright Misuse
Apple Inc. v. Psystar Corp., No. 10-15113 (9th Cir. Sept. 28, 2011)Slip Opinion The Ninth Circuit affirmed the Northern District of California’s holding that Psystar infringed Apple’s federal copyrights, and...
Yawn snooze. Nothing to see here. Hackers complaining their exploit got blocked.
NullaFaciesI feel like if they initially didn’t try to force people to pay a subscription for a free service, Apple wouldn’t have closed the issue.
That being said, they fixed what was inarguably an exploit that could have led to scammers using Bluestacks to run iMessage spam campaigns. (These exist now, but would be amplified)
I just fine it odd that people are unhappy with Apple. Beeper was spoofing Apple’s servers to make it look like an iMac was requesting the ping. Apple isn’t a charity they do not have to allow unauthorised third party access. I would hope none of us would allow unauthorised access to our servers.