Unofficial iMessage App for Android Surfaces in Google Play Store Amid Significant Security Concerns [Update: Gone]

iMessage Chat, an unofficial iMessage app for Android devices, has appeared on the Google Play store to provide Android users with access to Apple's instant messaging services (via 9to5Mac). The implementation has, however, raised significant security concerns as it routes user's Apple ID information through remote servers, potentially allowing user accounts, which may be linked with iTunes Store purchases, to be compromised.

imessage_android
According to software developer Adam Bell, the app and associated servers facilitate connections to Apple’s iMessage server by posing as a Mac mini, with Cydia creator Jay Freeman adding that the app forwards all communication through a server located in China.

In addition, developer Steven Troughton-Smith discovered that the app has the capability to download and install software in the background of a mobile device, which would allow for potential installation of malicious software.

As a result, while the development is an interesting one in terms of third-party interfacing with iMessage, users should be extremely wary of installing this application on their Android devices.

Update: The app is no longer available for download.

Top Rated Comments

(View all)
Avatar
83 months ago
Remember kids, spelling counts!

Rating: 9 Votes
Avatar
83 months ago
Death, taxes, and shady apps in the Google Play store....
Rating: 7 Votes
Avatar
83 months ago

...the app forwards all communication through a server located in china.


all the more reason to trust it!
Rating: 7 Votes
Avatar
83 months ago

iMessage Chat, an unofficial iMessage app for Android devices, has appeared on the Google Play store [...]


Is it really that clever to start an article with a direct link to something that's most likely malware?
Rating: 5 Votes
Avatar
83 months ago
This is the primary reason why I don't trust Android. The Google Play Store apps are not reviewed for security threats like Apple's App Store. I have seen lots of malware apps this year.
Rating: 4 Votes
Avatar
83 months ago
I really do hate the Google Play store. More control needed.

It's the wild west in there.

(And I am a Nexus 7 owner too!)
Rating: 4 Votes
Avatar
83 months ago
What a great way to get Apple to sue you... :rolleyes:
Rating: 4 Votes
Avatar
83 months ago

I'm just saying that a majority of Android users are very quick to do stupid things like download the latest thing without thinking about it. It's all, me, me, me, me, me. I want it, so I'm going to have it.

They destroyed the launch of BBM for Blackberry. These weren't even people who were going to use it after two weeks anyway, but now they've given them the extra work that will be pointless in a month's time when people jump off the bandwagon.

And they're downloading an app that they *think* is from Apple themselves. Yet Apple didn't even announce it, nor is it mentioned anywhere on their site. I mean, why think that Apple wouldn't e-mail us about this to begin with, considering it would be HUGE news?

It is a end user problem more than it is a Google or Apple problem. I mean, honestly, how many of these people might have moved away from Apple stuff in general, but still have credit card information stored? It's like giving the keys to your house to a stranger.


The pre-release Android version of BBM was leaked by someone at BlackBerry. It's their own damn fault. People like to try beta software, which is the reason why the entire summer, there were new threads popping up every hour here by non-devs asking how to install the iOS 7 beta.

I don't even see how you can make the connection with the leaked BBM app and this bogus iMessage app. They're two entirely different scenarios who only share Android in common. If this iMessage app was for Windows Phone and not Android, you wouldn't even be bringing BBM up, but hey, never pass up a good chance to trash Android and its users.
Rating: 3 Votes
Avatar
83 months ago

Hyperbole for dramatic sake?


Indeed. The nothing-to-do-with-this-topic Blackberry nonsense was particularly amusing.



Michael
Rating: 3 Votes
Avatar
83 months ago

If this really works it basically means ANYONE can read your iMessages. Even if you have to log in - its the fact that someone has found a publicly accessible API to gain access to accounts.


No, it doesn't mean that. It means that someone is emulating a mac mini (or, may actually have one set up somewhere, like this (http://macminicolo.net), in China) and that the user has willfully given them an AppleID username and password with which to send and receive messages on your behalf.

As with many things, the weakest link in this security chain is between the keyboard and the chair. The most secure, most encrypted API in the world is useless when the user freely and openly hands their credentials over. As long as you don't do that, they can't access your account, plain and simple.
Rating: 3 Votes
[ Read All Comments ]