Beeper is also responding to Apple’s initial statement that its app, which is based on a reverse engineering of the iMessage protocol, comes with potential risks to user privacy and security. “We deeply object to the allegation,” the company wrote, and it’s willing to share Beeper Mini’s entire codebase “with a mutually agreed upon third-party security research firm” to analyze the app for any issues.

Beeper is kind of missing the point here. Apple is not shutting it down because Beeper could do anything bad to its users — these are Android users that might not even own an Apple device. Rather, Apple is shutting it down because other people could use similar exploit (the POC appears to use an unsigned device certificate for device authentication) to send phishing / spam messages to the Apple iOS/macOS users at large. With the exploit taken away, it is harder for bad actors to leverage the same channel to attack regular users because without third party means to do this, bad actors would have to find other ways to automate attacks on a much more restricted device.

If I was Apple I’d wait until beeper collects a bunch of subscription fees then I’d yank the rug out and force refunds.

deleted by creator