Apologies if this has already been reported but it was posted on the forum where i moderate and i thought i would pass it on-
Called iMessage Chat, the app is available free from the Play Store and while it it allows Android users to chat with Mac and iOS users, it routes all sent and received messages through servers in China, then dupes Apple into accepting the traffic by posing as a Mac Mini.
Application developer Jay Freeman, also known as Saurik, creator of the Cydia app store for jailbroken iPhones, has raised concerns that users' information may not be secure when they use the app. Fellow developer Adam Bell tweeted to say the app is "super sketch[y] and is spoofing iMessage requests as a Mac Mini."
In response to questions from Twitter users, Bell said the app is not safe to use, and anyone who has used it should change their Apple ID password.
Grab your password
iOS security researcher who goes by the name of Pod2g tweeted : "Please do not use this Android iMessage app, never ever! They can grab your Apple ID and password! It can't be worse...And if you tried that app for the sake of curiosity, my advice is that you quickly change your password...Message to Google: revoke that application, quick."
Last updated on 24 September, the application was, according to its Play Store listing, created by a developer called Daniel Zweigart and it appears to be the only app he has released for the platform. The Play Store page says the app has been downloaded between 10,000 and 50,000 times.
Adding to the dubious nature of the app, Freeman said in a Google+ Post: "The developer is even responding to reviews about login issues asking only for user's Apple IDs, which makes it sound like even the authentication must be under his direct control (where it can be logged and debugged given only the username)."
Malware
Another developer, Steve Troughton-Smith, tweetedto say the app can silently download code onto devices in the background, hidden from unsuspecting users - a feature that could be used to install harmful malware onto the phone.
Security expert Graham Cluley said the iMessage Chat application "sounds extremely dodgy to me...I would warn users not to install it."
Speaking to IBTimes UK, Cluley said: "Once again, it sounds like the Google Play store is allowing dubious apps to rear their head. There have also been a bunch of bogus BlackBerry BBM apps recently.
"It's perfectly within Google's ability to block it from their Android app store, but that's not going to stop it turning up on third-party marketplaces."
IBTimes UK has contacted Apple to ask if it will seek to have the application removed from Google Play, but we are yet to hear back.
Source: Android iMessage App Steals Passwords and Hacks Messages - IBTimes UK
Users, please avoid using this Android knock-off at all costs. As already highlighted in the article, you will have to log in using your Apple ID. Meaning you're essentially giving away your credit card at will. The messages are routed towards the developer's server before heading towards Apple's iMessages servers. What this essentially means is that one, they have access to your Apple ID since you blatantly provided them with it, and two, your iMessages are no longer secure from Apple-external viewers.
If you've participated in the use of this scam, IMMEDIATELY monitor your credit card activity, and IMMEDIATELY change your Apple ID password. Note that this is only the Android App. At this point in time, please be reminded that the host can view all traffic, meaning they can view messages going to and from the 2+ parties. Unless you're 100% certain that the recipient is using an iPhone, iPad, iPod Touch or Mac, do not share any personal or sensitive information via iMessages until this has been resolved.
Called iMessage Chat, the app is available free from the Play Store and while it it allows Android users to chat with Mac and iOS users, it routes all sent and received messages through servers in China, then dupes Apple into accepting the traffic by posing as a Mac Mini.
Application developer Jay Freeman, also known as Saurik, creator of the Cydia app store for jailbroken iPhones, has raised concerns that users' information may not be secure when they use the app. Fellow developer Adam Bell tweeted to say the app is "super sketch[y] and is spoofing iMessage requests as a Mac Mini."
In response to questions from Twitter users, Bell said the app is not safe to use, and anyone who has used it should change their Apple ID password.
Grab your password
iOS security researcher who goes by the name of Pod2g tweeted : "Please do not use this Android iMessage app, never ever! They can grab your Apple ID and password! It can't be worse...And if you tried that app for the sake of curiosity, my advice is that you quickly change your password...Message to Google: revoke that application, quick."
Last updated on 24 September, the application was, according to its Play Store listing, created by a developer called Daniel Zweigart and it appears to be the only app he has released for the platform. The Play Store page says the app has been downloaded between 10,000 and 50,000 times.
Adding to the dubious nature of the app, Freeman said in a Google+ Post: "The developer is even responding to reviews about login issues asking only for user's Apple IDs, which makes it sound like even the authentication must be under his direct control (where it can be logged and debugged given only the username)."
Malware
Another developer, Steve Troughton-Smith, tweetedto say the app can silently download code onto devices in the background, hidden from unsuspecting users - a feature that could be used to install harmful malware onto the phone.
Security expert Graham Cluley said the iMessage Chat application "sounds extremely dodgy to me...I would warn users not to install it."
Speaking to IBTimes UK, Cluley said: "Once again, it sounds like the Google Play store is allowing dubious apps to rear their head. There have also been a bunch of bogus BlackBerry BBM apps recently.
"It's perfectly within Google's ability to block it from their Android app store, but that's not going to stop it turning up on third-party marketplaces."
IBTimes UK has contacted Apple to ask if it will seek to have the application removed from Google Play, but we are yet to hear back.
Source: Android iMessage App Steals Passwords and Hacks Messages - IBTimes UK
Users, please avoid using this Android knock-off at all costs. As already highlighted in the article, you will have to log in using your Apple ID. Meaning you're essentially giving away your credit card at will. The messages are routed towards the developer's server before heading towards Apple's iMessages servers. What this essentially means is that one, they have access to your Apple ID since you blatantly provided them with it, and two, your iMessages are no longer secure from Apple-external viewers.
If you've participated in the use of this scam, IMMEDIATELY monitor your credit card activity, and IMMEDIATELY change your Apple ID password. Note that this is only the Android App. At this point in time, please be reminded that the host can view all traffic, meaning they can view messages going to and from the 2+ parties. Unless you're 100% certain that the recipient is using an iPhone, iPad, iPod Touch or Mac, do not share any personal or sensitive information via iMessages until this has been resolved.
Facebook
Twitter
Instagram