Saturday , June 23 2018

Google pulls questionable iMessage Chat app from Play Store

playstore

People who have come across to Android from an iOS platform may have wanted a means to use Apple’s proprietary iMessage system to communicate with their iOS-wielding friends, and may have thought that the arrival of a working iMessage app on the Play Store was a godsend.

Most things that seem too good to be true often are, and this probably was.

Computerworld reports this morning that Google has removed the app from the Play Store for violating store policies. iMessage Chat came under fire earlier this week from other app developers keen to work out how the app did what it did, when they discovered that users’ AppleID usernames and passwords were passed through a server based in China.

While the app did what it was supposed to do — it did actually work — there’s a real risk that passing this information through a third party server could lead to things like harvesting usernames and passwords for other purposes. Why’s this risky? Well, with your username and password, a nefarious type could purchase any content from Apple’s iTunes store, including apps, music, videos, and even desktop apps for Macs through the Mac App Store. Things could get expensive, and fast.

Not only this, but the iMessage Chat application also contained code for downloading Android APK files in the background, which seems completely unnecessary for an Android application. Well known iOS developers and hacker (in the friendly sense, not the nasty sense) Jay Freeman had this to say:

“I believe that this application actually does connect to Apple’s servers from the phone, but it doesn’t then interpret the protocol on the device,” Freeman wrote on the thread. “Instead, it ferries the data to the third-party developer’s server, parses everything remotely, figures out what to do with the data, and sends everything back to the client decoded along with responses to send back to Apple.”

Ausdroid doesn’t like to engage in scaremongering, but we think anyone who’s used this app would be remiss if they didn’t change their AppleID password immediately. There’s probably a minimal risk.. but given the consequences of what could happen if that risk were exploited… well… I wouldn’t be taking it.

Source: Computerworld.

Chris Rowland   Editor and Publisher

Chris has been at the forefront of smartphone reporting in Australia since smartphones were a thing, and has used mobile phones since they came with giant lead-acid batteries that were "transportable" and were carried in a shoulder bag. He saw the transition from AMPS to GSM, loved the Motorola StarTac, and got into Palm technologies in a big way. The arrival some years later of the original iPhone, and then the early Androids, awoke a new interest in mobile technology, and Chris has been writing about it since.

Today, Chris publishes one of Australia's most popular technology websites, Ausdroid. His interests include mobile (of course), as well as connected technology and how it can make all our lives easier.

5
Join the Ausdroid Conversation

avatar
4 Comment threads
1 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
5 Comment authors
Peter MasseyNikolasJeniSkunkNOZ Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Ausdroid Reader

“downloading Android APK files” is now against Google Play policy. So apart from the inherent privacy concerns of sending username and password elsewhere this had the capability of downloading code on the fly that would not have been vetted by Google Play.

Nikolas
Valued Guest
Nikolas

Lol!

JeniSkunk
Valued Guest
JeniSkunk

Good to see it has been pulled. Shame it wasn’t pulled sooner, like before it could go live on the Play Store.
Are Google doing the RightThing and remotely pulling this piece of malware from users devices as well?

NOZ
Valued Guest
NOZ

Considering Ausdroid pretty much endorsed this yesterday…I was a lil disappointed tbh…like this wasnt gonna happen…

Peter Massey
Valued Guest
Peter Massey

I don’t see how you think Ausdroid endorsed it?

I read the same article and if anything they alerted me to the issues! I could have easily ‘just installed it’ but they alerted me to the potential problems with it!

I think the warnings and caveats were enough and if you chose to still install it then you should accept the consequences!

Check Also

Google’s Smart Lock seems to have lost Trusted Places, and now got it back again

Google’s Smart Unlock feature (which you’ll find in most modern Androids regardless of which company …