Results 1 to 15 of 15

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Saurik Addresses Fake iMessage App, Potential Security Issues

  1. #1
    What's Jailbreak? Michael Essany's Avatar
    Join Date
    Aug 2009
    Location
    Valparaiso, Indiana
    Posts
    4,376
    Thanks
    17
    Thanked 1,491 Times in 577 Posts

    Default Saurik Addresses Fake iMessage App, Potential Security Issues


    A new messaging app has landed on Android and some are urging users to proceed with caution if they opt to download or use this obviously spoofed iMessage platform now available through Google Play.

    Called "iMessage Chat," the app is taking fire today and seeing intense and understandable scrutiny.

    Early this morning, Jay Freeman (Saurik) commented at length on the Android app and broached no shortage of valid points as to why prudence should be exercised when it comes to using the controversial app in question.

    "As far as I can tell the way it works is that the client does directly connect to Apple, but the data is all processed on the developer's server in China," Freeman posted on Google+. "This not only means that Apple can't just block them by IP address, but also that they get to keep the "secret sauce" on their servers (and potentially just run Apple code: there are some parts of the process in Apple's client code that is highly obfuscated)."

    Every packet from Apple is forwarded to 222.77.191.206, which then sends back exactly what data to send to Apple (along with extra packets that I presume tell the client what's happening so it can update its UI). Likewise, if the client wants to send a message, it first talks to the third-party server, which returns what needs to be sent to Apple. The data is re-encrypted as part of this process, but its size is deterministically unaffected.
    "Clearly," he deduced, "this is suboptimal from a security perspective."

    To read the complete post, click here.

    Source: Jay Freeman's Google+

  2. The Following User Says Thank You to Michael Essany For This Useful Post:

    bluevixen (2013-09-24)

  3. #2
    Didn't they say the same thing when Siri was ported to the iPhone4 and people freaked out saying it was going through Russian servers and that turned out to be fine. So whats the difference here?
    It works, you can access imessages on the Android so it works so its not a big scam everyone thinks it is.
    If it was a huge scam it wouldn't work to start with but it does work.
    I'm thinking it'll be like the Siri port. It needs to tell the Apple servers its coming from an iPhone instead of an Android thats why the server is there.
    And who says its not an Apple server in China its going through?

    I say when someone gets their Apple ID hacked then ok its a scam but as its working and doing what it says I say its not.

  4. The Following User Says Thank You to smith01 For This Useful Post:

    iH85CH001 (2013-09-25)

  5. #3
    Livin the iPhone Life slim.jim's Avatar
    Join Date
    Apr 2009
    Location
    Maryland, US
    Posts
    1,014
    Thanks
    116
    Thanked 129 Times in 99 Posts

    Quote Originally Posted by smith01 View Post
    Didn't they say the same thing when Siri was ported to the iPhone4 and people freaked out saying it was going through Russian servers and that turned out to be fine. So whats the difference here?
    It works, you can access imessages on the Android so it works so its not a big scam everyone thinks it is.
    If it was a huge scam it wouldn't work to start with but it does work.
    I'm thinking it'll be like the Siri port. It needs to tell the Apple servers its coming from an iPhone instead of an Android thats why the server is there.
    And who says its not an Apple server in China its going through?

    I say when someone gets their Apple ID hacked then ok its a scam but as its working and doing what it says I say its not.
    there is nothing stopping them from sending modified data back to your phone. Potentially a HUGE security risk if they find an exploit that will execute code embedded within the message. I would say it is more of a risk for the Android user but they could still use it to send something to an iOS or OS X user potentially infecting the receiving device.

  6. The Following User Says Thank You to slim.jim For This Useful Post:

    iH85CH001 (2013-09-25)

  7. #4
    I'm addicted to jailbreak luvmytj's Avatar
    Join Date
    Jul 2008
    Location
    New York
    Posts
    843
    Thanks
    32
    Thanked 112 Times in 83 Posts

    Wait... am I in the wrong forum? Android apps? Who cares, we don't use no stinkin' Android here?

  8. The Following 2 Users Say Thank You to luvmytj For This Useful Post:

    Jato_BZ (2013-09-25), thefinalhack (2013-09-24)

  9. #5
    Livin the iPhone Life slim.jim's Avatar
    Join Date
    Apr 2009
    Location
    Maryland, US
    Posts
    1,014
    Thanks
    116
    Thanked 129 Times in 99 Posts

    Quote Originally Posted by luvmytj View Post
    Wait... am I in the wrong forum? Android apps? Who cares, we don't use no stinkin' Android here?
    It allows an Android phone to send an iOS user an iMessage which bypasses the iMessage security by spoofing the originating device. So I think you missed the point.

  10. The Following User Says Thank You to slim.jim For This Useful Post:

    iH85CH001 (2013-09-25)

  11. #6
    I think another valid point is that in order to use iMessage on the android you have to provide your Apple ID and password. Now I'm pretty sure people don't realize they are giving this info to a 3rd party in order to spoof it on their android. This means they have access to your payment info via the apple AppStore. I would proceed with caution.

  12. #7
    Livin the iPhone Life bigboyz's Avatar
    Join Date
    Feb 2009
    Location
    North East Coast
    Posts
    2,095
    Thanks
    19
    Thanked 430 Times in 265 Posts

    Hmm. Interesting. You don't hear him say much about anything except Cydia related items. I would take him seriously. At the same time, you are free to make the choice. Time will tell.

  13. The Following 2 Users Say Thank You to bigboyz For This Useful Post:

    iH85CH001 (2013-09-25), Scheuerle (2013-09-26)

  14. #8
    Quote Originally Posted by reznor9 View Post
    I think another valid point is that in order to use iMessage on the android you have to provide your Apple ID and password. Now I'm pretty sure people don't realize they are giving this info to a 3rd party in order to spoof it on their android. This means they have access to your payment info via the apple AppStore. I would proceed with caution.
    thats what i was thinking when i first heard this story. Apps on android are iffy as well for malware but giving something access to your credit card info off your account could fraud millions of people out of millions of dollars if a bunch of people on android downloaded this app and it wasnt on the up and up

  15. #9
    It's already removed? I can't find it.

  16. #10
    Livin the iPhone Life slim.jim's Avatar
    Join Date
    Apr 2009
    Location
    Maryland, US
    Posts
    1,014
    Thanks
    116
    Thanked 129 Times in 99 Posts

    Quote Originally Posted by vikrants View Post
    It's already removed? I can't find it.
    Im sure you can find the APK file on the net somewhere

  17. #11
    Can't wait to try iMessage on windows! (Slowly getting there)

  18. #12
    iPhone? More like MyPhone
    Join Date
    Dec 2012
    Location
    San Diego, California, United States
    Posts
    222
    Thanks
    24
    Thanked 28 Times in 19 Posts

    I wonder if I can install this on BlueStaxx? If the app is still there I may try it and see what it does, I have an extra apple account with no card so it should b safe.

  19. #13
    This wouldn't be too big of a problem for most people unless you are not only storing you credit card on iTunes but also not running some form of protection on your android. Like. Those are two big no-nos.

  20. #14
    BTW, its gone now. Its been deleted from the store.

  21. #15
    That's why I stick with gift cards...

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •