Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
The Apple iMessage Chat app is now available for Android devices, but due to privacy and security risks, it is not recommended. The iMessage Android app seems to work perfectly so that Android devices can send messages to Apple devices. It is very attractive to many users because all they need is the app and an Apple ID. Cross-platform messaging is indeed a great development, but users must think about the privacy and security dangers that the Android app poses.
iMessage Chat for Android was developed by Daniel Zweigart, an independent third-party app developer. After just half a day on Google Play, more than ten thousand downloads were recorded. This is scary considering the security flaws that were discovered. The first was noticed by Jay Freeman, known as @Saurik. He is a famous Apple and Android hacker and developer. He discovered that the app does not directly deliver messages. It connects to Apple’s server from the user’s device, then sends the message data to a third party server. The data packets are unwrapped, analyzed, rewrapped, then sent on to the recipient. This makes iMessage Chat for Android very unsecure. Cyril Cattiaux, the famous iOS hacker who has discovered many iOS vulnerabilities, confirmed this. He is known as @pod2g, now a security researcher at QuarksLab, and has done his own study on the iMessage app. He says that the authentication system of iMessage is very complex and confused, and that it uses the latest in white box cryptography. It cannot be reversed, and so what was done for the Android app was the authentication of iMessage was taken and interfaced. He explained that this is why the Android app sends the user’s Apple ID and password to their servers. He says that the process is not really a hack, but it is still a huge privacy and security issue.
One part of the process is very disconcerting. The iMessage app for Android sends every message data packet from Apple to their server in China. iMessage authentication with an Apple ID should allow users to go directly through Apple. So rerouting the data is unnecessary. This just makes it dangerous because with an Apple ID, intruders can control the user’s device and give commands. They can get copies of every iMessage that the user sends. Users won’t even notice the fake devices added to intercept messages. It gets even more dangerous if the server is hacked, or if the Apple IDs and passwords are saved to a database that gets hacked.
Precautions for Using iMessages for Android
For those who know what they’re getting into and still want to use iMessages for Android, they will have to look for the app. It was pulled from the Google Play store shortly after its release last month. And users are warned to be careful to create a disposable Apple ID that is for use exclusively with the app. A user’s real personal information must not be used for this ID or the app because it poses serious security risks. And even if users put in fake addresses and phone numbers, a hacked Apple ID can be used to attack other users. And people using iMessage on Apple devices who receive messages from the Android app users put their privacy at risk. iPad and iPhone users are safe from having their Apple IDs stolen. But messages sent and received by the Android user can be read.
VPN for Android
Users of iMessage for Android should use a VPN for Android to help them better secure their communications. Users accepting iMessages on their iPads or iPhones should also run a compatible VPN connection. A VPN for Android will not protect user data that is stored on any servers, but it will help protect their identities in case a data breach occurs. Along with a “fake” Apple ID for exclusive use with iMessage Chat, users can increase their security. This helps them stay safe from the online scams and unwanted snooping that iMessage may be making them vulnerable to. A VPN for Android will encrypt a user’s connection so that all data and traffic cannot be intercepted or read by other people. At least this way, if there is a data breach, users will know that tey must look to Apples servers for answers.