The Evil Twin of Apple’s iMessage

25 Sep 2013
by James Westhafer
Comments are closed
The Evil Twin of Apple’s iMessage

Unofficial iMessage App Removed from Google Play

Google Inc. removed a popular app from the Play Store on Tuesday for violating its store policies. Titled “iMessage Chat”, the app enabled users to send and receive text messages through Apple’s iMessage platform, allowing them to bypass traditional SMS (short message service) texting charges imposed by mobile carriers. The app was received with great fanfare when it first appeared on the Google Play store on Sept. 12, but soon drew major concerns when it was revealed that confidential user information had been compromised.

Intrigued app analysts took a deep dive into the network traffic of “iMessage Chat” and revealed some alarming details. By logging into the app with their Apple ID username and password, users were unknowingly subjecting personal information (i.e. credit card access, addresses and phone numbers) to fraud. IP Lasso can confirm the Apple ID credentials were harvested from the fraudulent app and passed through an overseas server. Additionally, the server being used by the “iMessage Chat” developer lacked basic security infrastructure allowing for outside hackers to view information collected from Android devices. The developers website, registered to “Luo Wangyi” of Fuzhou, China, went offline Tuesday — an imminent resolution to this sticky situation seems unlikely.

In theory, “iMessage Chat” provided Android users the flexibility of direct messaging without incurring text-messaging charges. In reality, the app stole sensitive information from thousands of users and released it onto an insecure server in an undisclosed location. Our society’s continued reliance on mobile apps can be both a blessing and a curse. Don’t sacrifice your privacy for convenience; always check permissions and app details before hitting the download button. A few seconds of misjudgment in the mobile marketplace could lead to months of future complications.

Additionally, IP Lasso ran a search for “iMessage” apps and found the following replica apps:

App Platform App Name App Publisher Link to App
Apple iMessage™ Plus Ynfo.Apps Go to App
Apple iMessage – Bluetooth Message! Ynfo.Apps Go to App
Google iMessage Blue iPhone GO SMS aBbtdesigns Go to App
Google iMessage Ynfo.Apps Go to App
Microsoft iMessage Persian Hussein Habibi Juybari Go to App

 

 

IP Lasso © 2020  - Privacy  - Terms