Bubble Busters

The recent security drama caused by an iMessage workaround on Android shouldn’t minimize a simple fact: This is Apple’s fault.

By Ernie Smith

When you have friends that float across ecosystems, it can be hard to keep everyone happy.

Some people are on Facebook Messenger; some are on LinkedIn; some are on Signal; some, sadly, are still on Twitter. But the most disruptive place for a chatter to be on, at least for my specific use cases, is definitely iMessage. It’s not a bad app, by no means, and I begrudge none of my normal chat partners for continuing to use it. But you have to be fully committed to the Apple ecosystem to make the most of it.

I am not a fully committed Apple user, though. While I love my M1 and definitely find uses for my iPad, I mostly use Debian these days when I’m on the go, after a period of creating a “friction tunnel” for myself on an old MacBook Pro.

Which is why I watched the recent news about the upstart phone-maker Nothing attempting to bring iMessage to its phones with interest. I think that it reflected a real tension that phone-makers—and more broadly, Android users—have had with Apple’s ecosystem limitations.

This isn’t like Final Cut Pro or Logic Pro—exclusive apps that offer Apple a competitive advantage in some cases. This is something that people use to communicate with other people, that has turned into a socially ostracizing mess.


Want your own free GPT at your fingertips? Give Doctus24 a try. It’s a free Chrome extension that can answer questions about whatever you’re reading—helping you get a better understanding of all those articles in your feed. Check Doctus24 out here.

Green bubbles vs. blue bubbles is obviously stupid. But it’s also the work of a company that understands the role social psychology plays in the devices we buy. They know that if you’re reliant on iMessage’s software, you’re going to stick with iMessage-based devices—and tell your family and friends to do the same. Using a different phone may even cost you a chance with a significant other. At some point, ecosystem lock-in should be seen for what it is: deeply anti-consumer.

Anyway, Nothing, along with its software partner Sunbird, had a chance to pierce Apple’s blue-hued armor. The upstart phone-maker, led by departed OnePlus co-founder Carl Pei, nailed the marketing, getting MKBHD to announce the endeavor. The problem is, Sunbird botched the actual app. The company claimed to end-to-end encrypt its messages, but it did not. The problem was that, among other security issues, the company used a database, Firebase Realtime DB, that stored messages in clear text, which by its nature means that the messages are no longer end-to-end encrypted.

Even more embarrassing: Texts.com, a direct competitor to Sunbird that was recently acquired by Automattic, was the one to point this out. Sunbird wasn’t happy about it, and initially denied the design flaw before eventually taking down its own app, along with Nothing’s.

Should Nothing have actually dug into this further before making a splashy launch? Yes. Does it tarnish their brand somewhat? Maybe. But I ultimately lay the blame on Sunbird for this, as they told users they made a safe, secure app, only for a competitor to prove otherwise.

(Side note: Very reminiscent to the drama around AOL Instant Messenger clones back in the day.)

While I don’t necessarily think it’s the case, I’d like to think Apple’s decision to finally support RCS was an admission that they created this situation where companies were ready to weaken end user security just to get inside Apple’s walled garden.

Because, Sunbird’s obviously shoddy security aside, this problem exists because Apple decided to take something that people commonly do—talk to their friends in a text message—and make it a status symbol thing.

And Sunbird, of course, is not the only game in town. Beyond the moonlighting security consultants at its competitor Texts.com, I’ve periodically used the open-source app AirMessage, which essentially works the same way as Sunbird, with the difference being that you’re hosting the server yourself.

But even there, it has problems. In the midst of writing this, I installed the tool on my MacBook, which logs in via my Google account to connect my iMessage account to my Android device. To use it on the Web, which I’ll have to do if I want to use it on my Linux machine, I have to log in somewhere else with Google. It takes a lot of devices and a lot of additional logins to replicate something Apple could just offer to everyone for free.

But on the plus side, at least a smartphone company isn’t getting people to willingly do a man-in-the-middle attack on themselves anymore.

(I’m talking about Apple, of course.)

Links In The Middle

I love this Nieman Lab piece about Taylor Swift, which effectively shows how you can cover literally anything with an air of seriousness if you use a critical nose.

If he ever gets sick of being the CEO of Glitch, Anil Dash could probably have a great second career as a YouTuber, based on this review of different webcams he recently posted.

Google just added a wild new feature to its Bard AI engine—it can watch YouTube videos for you. I tested it, and it works insanely well, nearly nailing accurate descriptions on a group of videos describing what the host was wearing. (Of course, he was wearing an orange shirt, not a black one, but it correctly described what the shirt said!)


Find this one an interesting read? Share it with a pal! And be sure to check out today’s sponsor, Doctus24!

Ernie Smith

Your time was just wasted by Ernie Smith

Ernie Smith is the editor of Tedium, and an active internet snarker. Between his many internet side projects, he finds time to hang out with his wife Cat, who's funnier than he is.

Find me on: Website Twitter