Beeper Mini, the Android app born from a reverse-engineering of Apple’s iMessage service, is purportedly working again as of Monday afternoon after a launch last week that drew more than 100,000 users, followed by a weekend outage forced by Apple.
An update to Beeper Mini in the Google Play Store restores the ability to send and receive text messages through iMessage, the encrypted service typically restricted to Apple devices. “It’s working exactly as it did before Friday,”Beeper’s co-founders write in a blog post. This is partially true; using Beeper Mini, for the moment, requires signing in with an Apple ID, rather than the phone-number-only method available at Beeper Mini’s launch. Beeper’s blog post says the developers are working on “a fix”for this.
Beeper Cloud, the desktop multi-chat client that utilizes similar methods for iMessage service, had been working since Sunday.
Beeper CEO Eric Migicovsky suggested to The Verge and TechCrunch that an outage starting Friday afternoon was due to Apple’s efforts to block the service. Late on Saturday, Apple offered a statement to The Verge late Saturday stating that it had indeed done so. Apple “took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage,”the statement read. Citing “metadata exposure and enabling unwanted messages, spam, and phishing attacks,”Apple stated it would “continue to make updates in the future to protect our users.”(Ars has reached out to Apple for comment on the specifics of this message and will update this post with new information.)
Migicovsky, reached by phone Sunday, took exception to Apple’s statement, particularly the claims of security concerns. “In fact, [Beeper Mini] has increased security and decreased exposure for Apple’s users,”Migicovsky said, especially compared to standard SMS. Migicovsky said Beeper did not allow for unwelcome messages, spam, or phishing and also said that Beeper does not use “fake credentials.”Migicovsky said that Beeper’s core iMessage technology has its source code available on GitHub and that, with escrow provided by a third-party research firm, his company would offer its Android source code to Apple or other involved parties.
Migicovsky also questioned why Apple, which typically provides few public statements about such matters to the press or public, would seem to go out of its way to comment on its attempts to counteract Beeper.
Beeper’s blog post about the outage and subsequent restoration doesn’t go into detail about how Apple was able to block Beeper Mini, nor how the service managed to restore iMessage functions for users. It does push back further on Apple’s claims, and argues that “just use Signal or WhatsApp”is not a viable argument, when iPhones don’t allow for changing their default messaging app away from Messages. The post suggests Beeper would be willing to add a pager emoji to all Beeper iMessage text, such that Beeper messages would be easier for Messages users to filter out.
Responding to a post on X (formerly Twitter) Saturday asking if restoring Beeper Mini’s function would be an “endless cat and mouse game,”Migicovsky wrote: “Beeper Cloud and Mini are apps that need to exist. We have built it. We will keep it working. We will share it widely.“He added that such an attitude, “especially from people in the tech world,”surprised him. “Why do hard things at all? Why keep working on anything that doesn’t work the first time?“
Beeper’s ability to send encrypted iMessages from Android phones grew from a teenager’s reverse-engineering of the iMessage protocol, as Ars detailed at launch. The app could not read message contents (nor could Apple), kept encryption keys and contacts on your device, and did not require an Apple ID to authenticate.
The app did, however, send a text message from a device to an Apple server, and the response was used to generate an encryption key pair, one for Apple and one for your device. A Beeper service kept itself connected to Apple’s servers to notify it and you about new messages. Reddit user moptop and others suggested that Beeper’s service used encryption algorithms whose keys were spoofed to look like they came from a Mac Mini running OS X Mountain Lion, perhaps providing Apple a means of pinpointing and blocking them. Beeper employees have stated on Reddit and elsewhere that an explanation of what was blocked, and how it was worked around, should be forthcoming.
Beeper Mini’s iMessage capabilities, for which the company was planning to charge $1.99 per month after a seven-day trial, were more than a feature. The company had planned to build additional secure messaging into Beeper Mini, including Signal and WhatsApp messaging, and make it the primary focus of its efforts. Its prior app Beeper, temporarily renamed Beeper Cloud, was marked to be deprecated at some point in favor of the new iMessage-touting Mini app.
This post was updated at 12:50 pm ET on Saturday, December 9, to reflect the restored function to Beeper Cloud (desktop) and Migicovsky’s social media response after the outage. It was updated again at 12:35 pm Sunday, December 10, with Apple’s statement on its efforts to counteract Beeper, and Migicovsky’s comment on the same. It was then updated at 2 pm December 11, with Beeper Mini’s restoration of service and blog post about the weekend outage, and then at 7 p.m. with a note about the app’s revised sign-in method.