Apple confirms it has blocked an iMessage exploit

Almost definitely the one that apps like Beeper Mini used.


It was never going to last. Ever since it was launched this week, the Beeper Mini app, which let Android users get iMessage text support, was expected to be in trouble as soon as it caught Apple's attention. And catch Apple's attention it has. Yesterday, the entire Beeper platform appeared to be on the fritz, resulting in speculation that the iPhone maker had been shutting down the iMessage workarounds. As of this morning, Beeper Mini was still posting on X (formerly Twitter) that it was working on and potentially fixing the outage, but with an announcement from Apple today, all that may be for naught.

"We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage," Apple said. "These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users."

Though Apple does not mention any apps by name, it stands to reason that, given the timing of Beeper Mini's launch and recent troubles, that this refers to the loophole the platform was using.

Beeper's method sent users' texts to Apple's servers before moving on to their intended recipients, and was thought up by a high-school student. Would-be messengers wouldn't even need an Apple ID to access iMessage via Beeper Mini, though the Android app did offer end-to-end encryption for conversations between those on both operating systems.

Apple also said today that it's unable to verify that messages sent through unauthorized means that pose as having valid credentials can maintain end-to-end encryption. Beeper had anticipated that this workaround might one day be shut down, and it looks like the Android-iOS messaging divide remains intact. For now.