Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing.
Apple's iMessage offers end-to-end encrypted messaging for its customers, but only if those customers want to talk to someone who also has an Apple product.
When an Apple customer tries to message an Android user, the data is sent over SMS, a protocol that debuted while Wayne's World was still in its first theatrical run.
Computers are all roughly equivalent, so there's no reason that an Android device couldn't run an app that could securely send and receive iMessage data.
If Apple won't make that app, then someone else could.
That's exactly what Apple did, back when Microsoft refused to make a high-quality MacOS version of Microsoft Office: Apple reverse-engineered Office and released iWork, whose Pages, Numbers and Keynote could perfectly read and write Microsoft's Word, Excel and Powerpoint files.
Beeper Mini stands out among earlier attempts at this by allowing users' devices to directly communicate with Apple's servers, rather than breaking end-to-end encryption by having messages decrypted and re-encrypted by servers in a data-center.
It blocked Beeper Mini users just days after the app's release.
If Beeper Mini indeed posed those risks, then Apple has a right to take action on behalf of its users.
The only reason to care about any of this is if it makes users more secure, not because it serves the commercial interests of either Apple or Beeper.
Apple's account of Beeper Mini's threats does not square with the technical information Beeper has made available.
Apple didn't provide any specifics to bolster its claims.
Large tech firms who are challenged by interoperators often smear their products as privacy or security risks, even when those claims are utterly baseless.
The gold standard for security claims is technical proof, not vague accusations.
EFF hasn't audited Beeper Mini and we'd welcome technical details from Apple about these claimed security issues.
While Beeper hasn't published the source code for Beeper Mini, they have offered to submit it for auditing by a third party.
The company released an update on Monday that restored its functionality.
If Beeper Mini does turn out to have security defects, Apple should protect its customers by making it easier for them to connect securely with Android users.
One thing that won't improve the security of Apple users is for Apple to devote its engineering resources to an arms race with Beeper and other interoperators.
Apple needs to acknowledge that it isn't the only entity that can protect Apple customers.
This Cyber News was published on www.eff.org. Publication date: Wed, 13 Dec 2023 19:43:04 +0000