Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As we know, the devices are not attested, because beeper works. They're also not attested on old iPhone versions which are valid iMessage parties. Some new devices being bound to the hardware key doesn't change that.

Spam doesn't matter here - same app is used for SMS, which gets spam, so there's nothing new here.

But if Apple wanted to, they'd just sort out a deal that allows hardware signing of iMessage accounts on Android. That's not an unfixable problem.



>As we know, the devices are not attested, because beeper works.

This argument doesn't make any sense.

They managed to figure out a way to create valid attestation data via old Apple binaries. Just because a security (well. "security") measure was circumvented, doesn't mean it doesn't exist at all.


Software attestation of hardware is just pointless anti-competitive behavior.

Hardware Attestation however can have an actual security benefit.

If beeper was able to attest without hardware, Apple isn't doing hardware attestation and it's therefore just anti-competitive.


From the way I see it described here, it's more in-depth hardware attestation on newer models. So they're doing the good security thing here, but also not making millions of users' lives worse by outright blocking old phones that don't have the necessary hardware features to perform this attestation. x (5? 15?) years in the future they'll block super old stuff that doesn't meet these security requirements.


That's not how it works. Beeper uses the old binaries, because those come from older iPhones where the hardware signing was not possible yet. It's not circumventing anything as far as I understand, just connecting the way an older iPhone would connect.


I mean, we're splitting hairs on terminology here I feel like?

Apple does not want you to connect to iMessage with non-Apple hardware and Beeper uses old Apple binaries to let you do just that.

That, to me, does fall under the umbrella term of "circumventing" some measures that Apple put in place to stop you from doing that; but I guess I can see the point where you'd object to use of that word?


That's a different argument. I was responding to you saying "This argument doesn't make any sense." to the attestation not being required. Whether you call that circumvention or not, ¯ \ _ ( ツ ) _ / ¯

The point was that if you can replicate it in software, then they're not requiring hardware attestation.


Sort out a deal with… whom? 500 different Android device OEMs?


Google. The company that defines what can you call "Android". They can define it to include a hardware crypto chip, signed with the right keys for Apple interop.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: