Apple Cracks Down on Macs Being Used as Beeper Mini Proxies

4 Min Read Published: Jan 15th, 2024

Text Size

- +

Toggle Dark Mode

Apple may be closing off one of the last loopholes used by the controversial Beeper Mini Android iMessage “client” app.

Nearly three years ago, Eric Migicovsky, the founder of the ill-fated Pebble smartwatch, released Beeper, a universal messaging app that promised to connect everything from Slack and Signal to WhatsApp and iMessage into a single, unified messaging hub.

It was an ambitious undertaking, especially when it came to iMessage — the most locked-down consumer messaging service on the planet. In its initial form, Beeper required that users run an iMessage client on a Mac or a jailbroken iPhone to act as a bridge.

In fact, Migicovsky took the step of sending out old jailbroken iPhone 4 units to customers with the Beeper app preinstalled. They could leave these at home, connected to their Wi-Fi network, and it would take care of bridging the communications between Beeper’s cloud and Apple’s iMessage servers.

Yes! That is EXACTLY what we're doing. I have 50 iPhone 4s sitting here at my desk.— Eric Migicovsky (@ericmigi) January 20, 2021

While cumbersome, this approach was (mostly) legitimate. Communications with Apple’s servers were only done through Apple’s own Messages app — on either an iPhone or a Mac. The Beeper app merely picked up those communications from the local app and relayed them to Beeper’s network (and vice-versa).

We may never know what Apple thought of this. It probably didn’t like it, but there wasn’t much it could do about it. Unfortunately, the folks at Beeper found a better way to interact with iMessage a few months ago — one that very much got them on the wrong side of Apple.

Late last year, the company launched Beeper Mini, a new version of the Beeper app for Android devices explicitly designed to let them communicate on Apple’s iMessage network. It was a landmark move, finally bringing Android and iPhone users into a common rich-messaging framework that didn’t require any third-party apps on the iOS side. It was a world of blue bubbles for all.

However, it seems Beeper Mini also broke some rules to get there — at least some of Apple’s rules.

To allow Android users to talk to iPhone users using iMessage without anything brokering that connection, Beeper Mini needed to register itself as an iMessage client in the same way that an iPhone does. It seems that the developers figured out how to reverse-engineer Apple’s proprietary (and secure) iMessage protocol to mimic that registration, making Apple’s servers think that Android phones were iPhones registering to their network.

? c/o https://t.co/JU8EslGkjw pic.twitter.com/ovbEvahA95— Beeper (@onbeeper) December 22, 2023

Unsurprisingly, it only took three days after Beeper Mini launched for Apple to close down that particular backdoor. Since Android phones impersonating iPhones won’t have valid device IDs or serial numbers, it’s not hard for Apple to verify that those devices connecting to iMessage were made by Apple.

Beeper Mini criticized Apple for that move, retooling the app to require registering with an Apple ID-based email address instead of a phone number. A few days later, Apple blocked that, too.

As US regulators began looking into the controversy as part of a more extensive antitrust investigation against Apple, Beeper Mini fell back to the older method of using a jailbroken iPhone or a Mac to act as a sort of proxy. However, rather than using those devices as a relay, Beeper Mini’s developers used them to capture iMessage registration credentials that could be “cloned” to Beeper Mini running on Android.

In other words, unlike the original Beeper, the user’s iPhone or Mac didn’t need to remain on at all times; Beeper Mini was still able to connect from an Android phone directly to Apple’s iMessage servers, effectively impersonating the Apple device that initially registered. The Mac or iPhone simply needed to be left connected often enough to refresh the registration tokens.

Nevertheless, the cat-and-mouse game continues, and Apple seems to have figured out a way to stop even this approach. According to several posted in the Beeper subreddit shared by AppleInsider, Apple has now detected Macs that have been used for Beeper Mini registrations and blocked access to iMessage even from those Macs.

While the details aren’t entirely clear, the Macs in question are likely collateral damage. It seems Apple has figured out a way to detect when Beeper Mini is at the other end of an iMessage registration, in which case it blocks that registration from its servers. Since the Mac uses the same registration, it also loses access to iMessage.

Third party devs developed unique products. You stole Apple's product. I thank you for that stealing, as I benefitted for a while and was finally "blue" with my peers. Let's be honest, though, you flew too close to the sun when you launched Beeper Mini and woke the Apple giant.— JB (@jibjab6969) December 23, 2023

It’s probably not even that hard of a puzzle for Apple to solve. Under normal circumstances, each of your Apple devices makes its own unique registration to access iMessage, so there should never be a scenario where two devices are using the same registration information — unless, of course, one of those devices has had its registration tokens cloned, as in the case of Beeper Mini.

Beeper initially said that it had tested the technique and confirmed that up to 20 devices could use the same registration data without a problem; however, that was likely only because Apple didn’t have a reason to limit this before now.

Beeper Mini users who have found their Macs kicked off of Apple’s iMessage network may be able to restore access from their Mac by shutting down Beeper Mini and signing out of iMessage and back in to generate a new token. However, if this fails, their only recourse may be to contact Apple support for assistance.