Meet the 16-Year-Old Whose Code Is Jailbreaking iMessage

UPDATE: December 8, 5:30 pm. Beeper said on Friday it was experiencing an outage and that some Beeper Mini users were not able to send or receive messages. TechCrunch reported that Android users sending messages to iPhones via Beeper Mini are seeing an error message that reads, “Failed to lookup on server: lookup request timed out.” When contacted, Beeper cofounder Eric Migicovsky didn't specify the exact cause of the outage but said he believed Apple may have cut off the ability for Beeper Mini to function. He noted that network-monitoring sites like Down Detector weren't showing any widespread outages otherwise. Apple has not yet responded to requests for information.

Eric Migicovsky has long been a believer in open source software. The mild-mannered but intense Canadian systems engineer is most known for creating—and very successfully crowdfunding—the cultish Pebble smartwatch. This was before the Apple Watch, but one distinction Migicovsky made clear from the beginning was that almost anyone could build an app for the Pebble smartwatch, courtesy of an open-source software development kit. Pebble was crushed by Apple’s smartwatch arrival in 2015 and acquired by Fitbit in 2016, but for a while a group of developers, calling themselves Rebble, kept the watch’s software alive as an open source project.

A few years ago, while Migicovsky was riding out the pandemic and noodling on new ideas while working as a partner at Y Combinator, he became obsessed with what he called “the dearth of innovation in chat.” Chat apps were becoming increasingly siloed; whether or not someone sent a blue bubble text (iPhone) or green bubble text (Android) became its own status symbol, and emblematic of Apple’s walled-garden approach to software. Migicovsky thought consumers needed a bridge between them. Like Trillian, he said, from the early 2000s, but for the mobile era.

Enter Beeper, the newest app from Migicovsky and cofounder Brad Murray. Provided an Android phone user gets into the habit of opening Beeper’s app and using that instead of the default messaging app, Beeper bridges the blue-bubble/green-bubble gap. Using a technical method that Migicovsky claims is secure and maintains end-to-end encryption, the Beeper Mini app, when accessed on an Android phone, creates a chat experience that turns green bubbles into blue bubbles on a text partner’s iPhone. That also means that, even in group messages where some people are on iPhone and others are on Android, Beeper Mini supports all of the rich text features—tapbacks, photos, videos—that typically occur between two users of the same messaging system.

A limited version of Beeper Mini is rolling out today for Android phones. It costs $2 per month.

Most PopularGearPS5 vs PS5 Slim: What’s the Difference, and Which One Should You Get?By Eric RavenscraftGear13 Great Couches You Can Order OnlineBy Louryn StrampeGearThe Best Radios to Catch Your Favorite AirwavesBy Nena Farrell GearThe Best Robot Vacuums to Keep Your Home CleanBy Adrienne So

Eventually, Migicovsky says, Beeper will support messaging from other protocols and apps, like RCS messaging, WhatsApp, or Signal. The current “mini” version is meant to show what Beeper can do between iOS and Android, and show the open source community how the Beeper team has managed to hack this together. (Beeper is sharing all of its methodology on GitHub, and is inviting security researchers to pick it apart.)

“We just wanted to get this out the door,” Migicovsky says. “We’ve been showing it to a lot of people, and even in its current form they’ve found it extremely useful.”

Beeper, which has raised $16 million in funding from Y Combinator and Automattic, is made up of 25 engineers distributed around the US. Just a few months ago, though, the Beeper team connected with one coder who would fundamentally change how the app works—what Migicovsky calls “the breakthrough.”

Code Push

Migicovsky’s original plans for Beeper relied heavily on external Mac mini servers. Over the past three years the startup bought up several hundred of the tiny desktop PCs and used them as a relay point between Beeper’s messaging infrastructure and Apple’s Messaging infrastructure.

“We did that because it was the only end-to-end way to send and receive iMessages between Android phones and iPhones,” Migicovsky says.

This was expensive. At one point, Beeper was running the beta version of its app on more than 700 Mac mini servers. It was also not especially secure, nor private, Migicovsky continues, “because we had to have a physical Mac that acts as this relay point. We would much prefer to have everything running within the Beeper client app itself. But to do that, the Beeper client would have to learn how to talk to the iMessage protocol.”

In early August, Migicovsky received a message on Discord from the user JJTech0130. JJTech0130, whose name is James Gill, said he had just released a coding project called Pypush—a mashup of “Python,” a coding language, and “push notifications.” Gill claimed he had “reimplemented iMessage” and thought Migicovsky might be interested. Less than 10 minutes later, Migicovsky responded, “Holy crap! Does it work?”

“Yes it works,” Gill responded, adding a tongue-out emoji. Gill had been working on the Pypush project in between his high school robotics classes and part-time shifts at McDonald’s in Bethlehem, Pennsylvania. He’s 16 years old.

Earlier this year Gill had become intrigued by how Apple’s push notification service works, and how these bidirectional notifications might offer some clues into breaking open Messages.

First, he had to better understand how the Apple ID worked, so he reverse engineered how Apple Music operated on a Windows computer. He noted the traffic and how a non-Apple device registered with Apple servers. Next, he noted how a macOS computer signs into iMessage, then inspected that traffic. Then he reproduced it all in Python.

He began to put together a proof-of-concept that examined the various handoffs between the Apple ID, its push notification service, and its messaging technologies.

Most PopularGearPS5 vs PS5 Slim: What’s the Difference, and Which One Should You Get?By Eric RavenscraftGear13 Great Couches You Can Order OnlineBy Louryn StrampeGearThe Best Radios to Catch Your Favorite AirwavesBy Nena Farrell GearThe Best Robot Vacuums to Keep Your Home CleanBy Adrienne So

“In theory, iMessage uses public encryption keys, because that’s how end-to-end encryption works,” Gill says. (Gill is correct, in that asymmetric encryption or public-key cryptography relies on a public-private key pairing; one is used to encrypt a message, and the other to decrypt it.) “Pypush actually figures out how we can publish those keys to Apple’s key server and how you can retrieve keys from Apple’s key server,” Gill says.

“His proof of concept demonstrates that on any computer with Python, you can sign into iMessage and send and receive messages,” Migicovsky says. He was so impressed with Gill that he offered him a contract to work part-time at Beeper. Gill accepted, with parental approval.

Gill’s mother, Erin Gill, says she and her husband were slightly concerned about Gill’s ability to manage his time as a junior in high school, but he had handled his part-time job at McDonald’s well enough that they told him to “go for it.” His father is a computer engineer and helped him with the details of the contract. “I’m an artist, and I understood almost nothing of what he was telling me, other than he was excited about it,” Erin Gill says.

Migicovsky and the team quickly took Gill’s proof of concept, rewrote it, and added new features to it: support for photo and video sharing, group chat dynamics, and even someone’s typing status when they’re drafting a message. Over the past three months, the team folded all of those features into Beeper. The company’s original app, Beeper Cloud, still uses the Mac mini servers, but the new Beeper Mini runs entirely within the app client.

Color Wars

Migicovsky insists he’s not rushing out BeeperMini just because other upstarts have recently tried to hack Apple’s Messages, or because Apple recently acquiesced to a newer, Google-supported messaging standard that might make the blue-bubble/green-bubble wars less fraught.

“We were planning to launch this two weeks before Nothing tried this, but we decided to hold off,” Migicovsky says.

He’s referring to the Android phone maker Nothing, which said last month that one of its phones, the Nothing 2, would include a chat app powered by a service called Sunbird that supported Apple Messaging. (Apple has been pretty clear that it believes Apple Messaging on Android phones would be a bad thing, and that it would ultimately weaken Apple’s lock-in strategy.) Bizarrely, the app required users to fork over their Apple IDs and passwords, prompting former TechCrunch editor Matthew Panzarino to tweet, “I don’t care what the benefits are, giving a third party your Apple ID password is stupid. Don’t do it.”

Shortly after Nothing made this announcement, technologists called out the chat app for being “extremely insecure,” with credentials being sent over plaintext HTTP and lacking support for end-to-end encryption. Twenty-four hours later, the Sunbird app was “put on pause” in the Google Play Store.

As a reminder that Silicon Valley is both a global center for technology and an insular community, the person who first called out Nothing’s app for being insecure is the founder of Texts.com, which is owned by Automattic (the maker of WordPress), which is an investor in … Beeper. Beeper says it has shored up its own security, and that Beeper Mini is nothing like … Nothing.

Beeper Mini is fully end-to-end encrypted, both Migicovsky and Gill say. Neither Beeper nor Apple can see your messages. It connects directly to Apple servers and doesn’t use a relay system. And the encryption keys never leave a user’s device.

Most PopularGearPS5 vs PS5 Slim: What’s the Difference, and Which One Should You Get?By Eric RavenscraftGear13 Great Couches You Can Order OnlineBy Louryn StrampeGearThe Best Radios to Catch Your Favorite AirwavesBy Nena Farrell GearThe Best Robot Vacuums to Keep Your Home CleanBy Adrienne So

When the app is first installed it asks for access to a user’s contact list and asks for SMS permission access, but it doesn’t require a user to share their Apple ID. A user could opt into sharing their Apple ID, which would enable sending and receiving messages from their email address, which also enables messages across Apple devices like iPads and Macs. But the app still works phone-to-phone if you don’t share your Apple ID.

Migicovsky goes as far as saying that Beeper Mini consequently improves security and privacy for iPhone users. Because, right now, when an iPhone user texts a friend who’s on Android, it’s sent as an unencrypted SMS. This will all change when Apple adds support for encrypted RCS messaging next year, but until then Beeper is positioning itself as a more secure alternative to the current iPhone-and-Android SMS standard.

The big question, of course, is how Apple will react to the launch of Beeper Mini. Migicovsky seems unbothered when asked about this seven different ways till Sunday. He notes that reverse engineering for the purpose of interoperability is protected under the Digital Millennium Copyright Act.

And, he says, each major piece of software that Beeper has built to interact with other chat apps is available on the company’s GitHub page. Anyone can go read it. Even Apple. That’s the beauty of open source, he says.

About Lauren Goode

Check Also

How to Preorder the PS5 Pro (Before a Scalper Bot Does)

We’re barely done with the years-long period where it was almost impossible to get your …

Leave a Reply