Google yanks sketchy iMessage clone for Android from app store
People who probed the app's innards suspected it was harvesting Apple ID credentials
Computerworld - An app that purportedly spoofed a Mac so that Android smartphone and tablet owners could send and receive text-like messages through Apple's iMessage service disappeared today from the Google Play app store.
Google confirmed that it yanked the app for violating its store policies.
Dubbed "iMessage Chat," the app came under quick fire Monday from other app developers who said the program may have been harvesting Apple ID usernames and passwords by passing packets through a China-based server.
The app first appeared on Google Play on Sept. 12 and was available as late as Monday. By today, however, it had been scrubbed from the app store.
iMessage is Apple's proprietary technology that is embedded in the Message apps for iOS 5 and later and OS X Mountain Lion. When users text another iOS device or a Mac, they sidestep their mobile carrier's traditional SMS (short message service), avoiding texting charges.
The Android app was designed to let users piggyback on Apple's iMessage service to send and receive texts.
But concerns about the implications quickly surfaced.
"iMessage for Android app has code to download APKs in the background? TOTALLY SAFE. Not rootkit-ing your phone or anything? :D," tweeted Steve Troughton-Smith, an app developer with High Caffeine Content, on Monday.
The term "APK" in Troughton-Smith's tweet referred to the file format used by Android to install apps and other code on the operating system.
Others pointed out that users of the app were required to log in using their Apple ID username and password, and that the developer may have simply built the program to collect those valuable credentials, which are used to access iOS devices remotely for data wiping, purchasing content on iTunes and buying goods, including iPhones and Macs, through Apple's online store.
Jay Freeman, who goes by the online nickname "saurik," dug inside the app and tracked the packets it sent and received. Freeman is best known as the developer of Cydia, the open-source application installer that acts as an App Store substitute for jailbroken iPhones.
He found that iMessage Chat for Android essentially inserted itself into the middle of the normal back-and-forth between a user and Apple's iMessage servers. In a thread on Hacker News, Freeman spelled out his findings.
"I believe that this application actually does connect to Apple's servers from the phone, but it doesn't then interpret the protocol on the device," Freeman wrote on the thread. "Instead, it ferries the data to the third-party developer's server, parses everything remotely, figures out what to do with the data, and sends everything back to the client decoded along with responses to send back to Apple."
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts