Nothing Says Phone Will Hack iMessage and Bring Blue Bubbles to Android – Ars Technica

Could an Android OEM make its way into Apple’s iMessage? This is the hard-to-believe plan from startup phone maker Nothing, which says new “Nothing chatsIt will allow users to use “iMessage on Android” while sending a blue bubble to all their friends on iPhone.

Nothing Chat will be run by Sunbird, an app developer that has claimed to be able to send iMessage conversations for about a year, without a public launch. according to Washington Post Article containing quotes from Nothing and Sunbird executives Nothing will “begin” rolling out an “early version” of Nothing Chats compatible with iMessage on Friday. Presumably the only problem is that you’ll need the Nothing Phone 2.

Is this real or a publicity stunt? Apple says iMessage on Android will only weaken Apple, and it doesn’t want to do that. Any Android OEM offering support for “iMessage” would almost certainly have the project shut down immediately by Apple.

Quotes in the Post article from Nothing and Sunbird appear as Dare More than anything else. “There’s nothing illegal about this setup,” CEO Carl Pei told the newspaper. “I think everything we do will be passed on inside Cupertino, but we’re so small that it would look very bad if Apple took any action.” Danny Mizrahi, president, added Sunbird executive: “We don’t see a scenario where Apple would, or could, try to block these messages. Apple’s focus has been overtly on providing the best experience for its end users, and Nothing Chats and Sunbird help with that.

It’s hard to believe that something like this could be a long-term service, and it looks like it’s set to be shut down immediately.

The many red flags for Sunbird

Sunbird The company has claimed to be able to send iMessages on Android for a long time, but it’s past its launch deadline and generally doesn’t seem like a serious company. The company announced itself to the world with the promise of iMessage on Android during a press conference in December 2022. I attended that meeting and didn’t write about it because Sunbird’s questionable presentation didn’t meet my standards for a story. To me, the purpose of such a press conference is to overcome doubts about the claim that you can permanently hack iMessage. Being honest with the press would have helped, but Sunbird refused to answer open questions in its first major appearance. Sunbird’s PR person agreed and asked all the questions, the Zoom chat was shut down, and the company did not answer any of the basic technical questions.

How does Sunbird work? Why should people trust Sunbird with their all-important Apple account credentials, which contain some people’s entire online lives and, in some cases, a physical bank account? How are these credentials secured? Is it stored on Sunbird servers somewhere? Wouldn’t hacking iMessage with a third-party client violate Apple’s terms of service, which could result in an account ban? Won’t Apple shut this down once you launch? These are all crucial and obvious questions He was Asked at the meeting, some by me, not all answered. Instead, the Sunbird folks focused on how great it would be if the whole world could hold hands and share access to blue chat bubbles. Not only was it ridiculous, but the company completely failed to convince the skeptical listener that it was real or acknowledge that there was any doubt to be overcome.

Even today, almost a year later, the company does not answer these questions Its FAQ. The sunbird hasPrivacy and security“A page that does not answer anything regarding the privacy or security of your Apple credentials. This company just wants to eliminate any concerns. To me, without the company providing general, comprehensive explanations about Apple ID security, it seems difficult to take them seriously.

The FAQ for Nothing Chats at least manages to ask the all-important question about where your Apple ID lives but then quickly changes the subject to Messages: “Are any of my messages or Apple ID credentials stored?” “No, nothing is powered by Sunbird. The Sunbird architecture provides a system for delivering a message from one user to another without ever storing it at any point in its journey. Messages are not stored on Sunbird’s servers and are only directly on your device — once a message is delivered, it cannot be retrieved Except locally from your personal device.”

When Sunbird announced itself in December 2022, it gave select members of the press access to the app, and reports said the app worked. The Washington Post article claims that the service also works, though it doesn’t go into any technical details about it how. One Robot body The article came closest to providing even the slightest routine explanation of what is happening:

Sunbird has no plans to open source its technology to bring iMessage to Android. As such, we haven’t heard a detailed report on how this app works (or at least should work).

However, from what the company has said, it appears to have taken the Beeper method — connecting an Android phone to an Apple-based system — and taken a few extra steps. First, not every individual user needs their own connected devices. Sunbird has found some way to allow thousands of users to connect to a single device. Second, the company has also found a way to maintain end-to-end encryption through this method, something companies like Beeper can’t provide (at least not yet). Again, Sunbird hasn’t revealed how it does any of these things.

“Beeper” is an open source app that connects to iMessage by forwarding iMessage through your Mac (some services like this already exist). Beeper will allow you to host this yourself on your Mac or you can do it via a Mac in a Beeper data center. It’s fair to raise security concerns with Beeper’s use of an Apple ID, but Beeper is a great example of how to do things in a way that doesn’t look like a phishing scam. there A clear explanation About how it works, especially the next line: “We manage a fleet of Mac servers that are used to transfer messages between iMessage and Beeper. Each Beeper user is given a Mac OS user account on a single Mac server.” This sounds like a crappy business and not at all scalable, but at least there is a monetization plan, with Beeper Plus eventually getting a $5-$10 monthly fee. So Beeper is a 1:1 data center Mac-to-iMessage redirection service, while Sunbird, according to Android Authority, has somehow figured out how to set up “thousands” of iMessage accounts on a single Mac.

Sunbird is already well past its launch deadline. In December 2022, Sunbird began taking “waitlist” reservations to access the app And he promised“Sunbird will roll out invitations in phases to join the closed beta user group starting in late 2022,” in other words, later that month. I guess there’s no way to know if any of the beta testers have actually gained access (I certainly haven’t heard of any of them before), but By April, the company boasted that it had 100,000 registrations on its waiting list. The company also said that additional daily sign-up rates are up to “2,500+ per day,” and that “we’re giving Sunbird up to 200 alpha testers for Android apps at a time.” A lot of this doesn’t add up, like the waiting list growing to 2,500 users a day with only 200 accounts being added “at a time”, and the “beta” testing now becoming an “alpha” test. There’s also a surprising phrase “Sunbird boasts a 93% success rate for iMessage” — meaning that 7 percent of your messages end up in a black hole?

How the company invites people into its beta (or alpha?) testing is its own thing, but the April press release also promised a “summer 2023 launch,” which never happened. Today, the waiting list is still there and growing. Now, it’s still unclear whether or not these people will have access to the data, with Sunbird’s CEO telling The Washington Post: “For the next few months, the only way to get Sunbird is to have a phone that’s nothing ( 2).”

We’ll see on Friday, assuming something happens on that date. Considering how poorly Sunbird explains itself, Apple has a strong case for shutting down the entire project in the name of security. So, don’t give out your Apple username and password to random companies, especially ones that don’t seem to understand and/or respect the security version of the Pandora’s box you’re opening.