Fake iMessage for Android Riddled With Security Problems

By Chris Mills on at

Android-wielding iPhone wannabes (you know who you are) were in luck yesterday, when iMessage for Android unexpectedly popped up in the Google Play Store. However, you might want to close the champagne and hide it far, far, away, since that app might've been sending stuff like your Apple ID back to a nefarious hacker.

In the short few hours that the app was alive in the Play Store before it was pulled, it was downloaded somewhere between 50 and 100 thousand times. Intruiged, famed hacker Saurik (aka Jay Freeman) pulled the app apart, to find how it worked.

Essentially, the iMessage data (including your Apple ID and password) were passed through a server in China, which spoofed as a Mac Mini and then sent the data on to Apple. As Freeman notes, not only does that put your Apple ID up for grabs, but it also means that the app can steal other data from your phone. Better hold off trying to track down the APK for now, and if you managed to grab the app while it was alive, maybe don't fire it up 'till this is sorted out, mkay? [Digital Trends]