Whatever you do, no matter how cool it sounds, do not use iMessage Chat for Android. The app, which allows Android users to send messages through Apple’s iMessage system and has already been downloaded between 10,000 and 50,000 times through Google Play, contains serious security flaws that put your device, privacy, and Apple ID account at risk.
Please do not use this Android iMessage app, never ever! They can grab your AppleID and password! It can’t be worse.
— pod2g (@pod2g) September 24, 2013
As International Design Times reports, numerous security researchers have found that iMessage Chat redirects all messages sent from Android devices to a third-party server in China, unwraps the messages (meaning they can be read by anyone with access to the server), and then sends them on to Apple. Developer Jay Freeman (aka saurik) lays out the technical details of how this works here and in the top comment here, if you’re interested.
A 3rd-party iMessage app was just released on Android; I believe all data sent from/to Apple is resent to/from China for processing: beware.
— Jay Freeman (saurik) (@saurik) September 24, 2013
Furthermore, the app likely sends your unscrambled Apple ID and password to the third-party server, as well – meaning you could be handing over access to your Apple account and all the payment data that goes with it, if you use this app with your regular Apple ID.
In addition, as 9to5Mac reports, app developer Steven Troughton-Smith discovered that the app includes code that allows it to install additional software on your Android device without your knowledge, a serious security problem that could result in your handset or tablet coming down with a major case of malware. This is probably the most problematic part of the app.
iMessage for Android app has code to download APKs in the background? TOTALLY SAFE. Not rootkit-ing your phone or anything? :D
— Steve T-S (@stroughtonsmith) September 24, 2013
We’ve reached out to Google to find out if they have any plans to review iMessage Chat, or pull it from Google Play. We’ll update this space when we hear back.
If you must give iMessage Chat a try – and we understand why you would; it’d be great if it worked without putting you at risk – create a throw-away Apple ID that is not linked to any payment credentials or your personal Apple account. But again, the app could potentially result in a malware infection on your Android device, so we highly recommend against using this app.
Update: Google has pulled iMessage Chat for violating the company’s policies, reports Computerworld.
- Critical MacOS Mojave vulnerability bypasses system security
- The best VPNs for Android
- Smart security cameras are creepy, but the Nest Cam gave me some peace of mind
- Google’s Titan Key ensures your phone and apps are virtually unhackable
- Google offers its own ‘Titan’ USB security key for password-free logins