A new app has appeared on Google’s Play store that purportedly offers Android users the ability to chat with iOS users via Apple’s iMessage platform, and it has security eyebrows raised, primarily because it wasn’t released by Apple. Cydia (app store for jailbroken iPhones) developer Jay Freeman delved into the code of “iMessage for Android” and discovered another alarming fact: the app appears to be authenticating not through Apple’s servers, but through some unknown platform in China, even though it requires a legitimate Apple ID to work. Another developer also noted that this app has the ability to silently download code to your Android smartphone, a permission that could lead to a malware infection. The app is very new and these security peculiarities have yet to be widely verified, but it has already been downloaded from the Play store over 10,000 times.
What this means for you:
Firstly, your Apple ID (which may have money and many, many apps, songs, movies, etc. tied to it) is being passed through an unknown server in China. There is no guarantee that the owners of that server aren’t collecting these IDs for nefarious purposes. Add this to the fact that the app can download code without notifying you, and the scales are now dipping alarmingly towards “dangerous” if not outright “malicious”. Also at stake is the trustworthiness of Google’s Play Store app vetting process – how could this app have possibly made it through without raising some red flags. Sure, there is no love lost between Apple and Google, but Google is usually smart enough to not poison its userbase with a dodgy app just so Android users can text chat with iOS users. It remains to be seen whether this app is truly on the up and up, but all signs indicate otherwise at this point. I’d err on the side of caution and avoid installing this app for now. If you really need to talk to that iPhone user, just send them a text!
Image courtesy of Idea go / FreeDigitalPhotos.net.