They’ve stated that they are using Mac minis as relays. They claim that they do not store messages or credentials, but I don’t see how that’s possible if it relies on a Mac or iOS relay server that they control.
The best they can do is pinkie-promise to not intercept your messages and send a copy to law enforcement. But Nothing Corp can only guarantee… Nothing.
And yet, this article acts as if you’re using end-to-end encryption:
messaging Android users will use encrypted RCS chats, while messaging iPhone users will use encrypted iMessage chats.
They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.
That would likely still give them a capability to MitM but it’s plausible that they couldn’t passively intercept the messages.
On second thought… Wouldn’t they have to reverse engineer at least part of the application, and at that point, would they even need Macs?
Absolutely. The iMessage network isn’t some unknowable beast, it “just” requires an Apple device be involved and activated to work. In order to spoof that far, you’d essentially need to emulate quite a bit on device.
I have experimented a little bit with Intel Hackintoshes, and iMessage has been one of the more difficult components of the process. If they truly managed this reverse engineering, they’d really be opening Pandora’s Box with Apple… Maybe in a legal sense.
I don’t think I would trust Nothing to develop this software and just hand it out for free on their hardware. “Software (Hardware?) as a Service” is bad enough, but this seems like it could be legally fraught.
They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.
They’d need to control the app on both phones in order to control what it’s encrypting/decrypting. Their system only works because they’ve got a device in the middle separately decrypting/re-encrypting each message. Google’s Messages app can’t read iMessages; Apple’s Messages app can’t read Google’s proprietary encrypted RCS messages.
Of course if you want universally cross-platform messaging, complete with full-resolution photos and available with end-to-end encryption, there’s this crazy new technology called “email.” I feel like there’s a missed opportunity for making setting up S/MIME easier.
It’s true I am assuming, but I’m basing my assumptions on existing open source projects that allow you to “hack” iMessage texts onto Android by setting up your own Mac Mini.
I can’t even start to imagine how they would use the Mac as only a partial relay that would be married to a particular Android device in order to only decrypt iMessages on it. Maybe they figured it out, but if they did, I would want it open source, with as many pairs of eyes on it as humanly possible!
Teenagers today suffer unique threats to their health and wellbeing from technology. It may be super easy for you to say “who the fuck cares about the color” but that is far from the case for US teenagers. Willingly setting yourself apart from the group in high school is a precarious move in the best of circumstances.
And for the rest of us, this goes way beyond the color being used. The SMS/MMS fallback in iMessage offers a terrible experience for non-Apple users. Low quality media, inability to manage one’s own memeberships in groups, and no encryption. For those worried about the lack of e2ee: Android users participating in an iMessage conversation don’t have that today. You’re not losing anything from this solution.
Legal disclosures prove that Apple knowingly uses iMessage in an anticompetitive fashion. It’s a moat to keep people from switching away from iPhone. They are leveraging their position in the messaging market to shore up their restrictive phone products. I wish US antitrust enforcement was stronger in this area but until then, I hope Nothing has great success in breaking down this illegal barrier.
Really interesting how different the US is. Here in central europe it’s pretty much whatsapp, telegram, signal. Most people use 2 or 3 of those. Doesn’t matter what device they are using
iPhones are really popular over there. Most people have one. For teenagers it’s something ridiculous like 85% of them using an iPhone. In Europe we have a more balanced split, so only using iMessage wouldn’t fly here.
I’ve seen a bit of an uptick in the use of Signal in the US, like it’s worth having it installed…sorta.
How the hell do so many teens afford these??
It’s far cheaper than your first car and arguably more important. You find a way when you have to.
They use a Mac mini somewhere to route these messages. So you’re logging into that Mac mini with your iCloud credentials. Sounds like a privacy/security nightmare and creepy as fuck.
It seems like all efforts to “bridge” imessage to anything outside apple software work this way - there’s a Matrix bridge and a dedicated open source app and they both rely on the imessage client on a mac. Is there a legitimate reason for it not being reverse-engineered yet?
Solving the “blue bubble” problem is easy. Stop giving a fuck about what iPhone users care about.
Or Apple can stop being a bitch and just change the hex code.
My problem with that is that a lot of them then insist on using an outdated standard that lacks encryption and high resolution media instead of just downloading something like WhatsApp, Signal, or Matrix.
This is dumb. For two reasons:
- the fact that a messenging service locks users into an ecosystem.
- the fact that to use this an apple device is still used in the background. This means you log in with your apple id on a device that does not belong to you and that can possibly read all of your messages.
Sunbird is closed source so you just have to take their word for it when they say they don’t store messages or credentials. How the fuck could you know if they’re lying or not? You can’t because it’s closed source.
As much as I have issues with the similar Beeper, at least Beeper is open sourcing their bridges.
The stupidest thing about this is cultural identification with the message apps “bubble” color.
And the same enlightened kids who are so aware about discrimination and gender fluidity (which is good) are the ones discriminating against others because they don’t have an iPhone.
I’m still curious if this is even legal. It seems like a really good idea, but is Apple going to be able to sue over it? I almost feel like it could be covered under the reverse engineering clause, because it is meant to enable interoperability with another product. But Apple’s terms of service already seem really hamstrung on what is and is not allowed. With the macOS SLA beginning with:
For use on Apple-branded Systems
Obviously iMessage isn’t macOS, and I can’t seem to find a specific terms of service for iMessage specifically, but it is running on it. Which is what would make this integration possible. So what makes me wonder if Apple’s lawyers could find a clause there.
Honestly I’m typing this on a Nothing phone and if this appears on my phone instead of them actually fixing the many bugs I’ll be quite pissed.
Every update this phone gets worse both in bugs and battery life and the company seems more obsessed with things like beer, clothing lines and now imessage than actually trying to fix anything that’s actually important.
This sounds promising. But given how much money there should be in this, their timidity is puzzling. Perhaps the solution is brittle or subject to legal or technical challenges. Just read between the lines on this. They’ve got the cure for cancer but there keeping it in animal testing for now…
The app is currently in beta and we’ve decided to keep availability more focused to ensure the best user experience at this time. Although we’re excited to be the first mobile company to introduce a blue bubble solution and we’d like to make it as widely available to Android enthusiasts as we can, we’re prioritizing delivering an optimal user experience before committing to expansion at this time.
Can’t you just change the color in the settings?
Apple will just block it once they catch on
The blue vs green bubble thing never really bothered me. As long as I can communicate with the person I’m talking to, I don’t care how the messages are sent, unless maybe if I don’t want a message to be sent over plain sms. It’s ridiculous how it has become a status thing.
I hear this a lot, I’ve not known a single person who has considered it a status thing. There are people who have cheap phones from both apple and android and they were made fun of for the price of the phone, not the bubble color. iMessage just made it much nicer to talk to people. “I can send messages over wifi!” made it so you could send messages in school or anywhere with a big metal roof. “The images are better!” These were limitations of the SMS standard that Apple designed around. Now? Yeah, there’s other options, but back then iMessage made its hold by being able to be used by people who couldn’t use SMS or didn’t want to for whatever reason
It’s not just about the color of the bubble. If you go on an outing with a group of iPhone users, there’s a high chance they’ll create a group chat with and without you, because the group chat with you won’t let them send HQ photos. Even if they aren’t trying to be exclusionary, someone will inevitably forget to send messages to both group chats. iMessage incentivizes situations like this which socially punishes Android users.
When I watched MKBHDs video on this, my first thought was whether or not we could selfhost a service like this. If I could run this through my own Mac mini server to my own / family’s phones, that would be great. I don’t think I’d ever feel comfortable logging into my iCloud account on some company’s server with just their pinky promise as a guarantee.
Well yeah it’s not. But it’s the first time something like this has been integrated onto an personal consumer device.
It’s also noteworthy that the RCS platform adopted by companies worldwide is run by Jibe, a company owned by Google. Doubtless, Apple doesn’t want to use Google’s servers any more than it needs to.
“open protocol” my ass. Google just wants control over everything.
Except companies can run their own. In Google messages it tells you who runs your server. Most carriers ran their own, but when they realised there was no benefit (e2ee) and having to maintain it, they started shifting to Google ran servers.
But can’t run my own server.
I don’t know, but that’s not what was said. The comment I replied to said Google controlled everything, and that’s false.
Just here to correct false claims.
