All messages are end to end encrypted. Also you don’t need an Apple account and it connects directly to Apple servers.

  • Bri Guy @sopuli.xyz
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    huh, interesting. so from a security perspective is there any other concern with this protocol? at least they’re not using a mac relay server like Nothing Chats was

    • If the diagrams in their explainer are correct, their servers are only involved to forward Apple’s push messages to your phone through Firebase. That means Beeper knows when you’re receiving messages and how often, but nothing more than that; the phone syncs up with Apple’s servers.

      I can’t find the source code so I can’t say much about the encryption code this app uses, but assuming they implemented the encryption well, security should be solid. However, the blog post explaining their architecture does link to another blog post that seems to have kicked off this project that says the most commonly documented format is the outdated encryption system without forward secrecy. I can’t find whether Beeper implemented the newer pair-ec encryption or not.

      There is the risk that Apple bans you for breaking the ToS by using this service, of course, and it’s possible Beeper’s servers get blocked, the company gets served by a cease and desist. If Beeper does go down, the app will stop working well, and you’ll need to unregister your phone number with Apple or your iOS friends won’t be able to text you until that registration auto-expires.