We’re hard at work building the best chat app on earth for you. Earlier this year, we released our brand-new Android app, removed our waitlist and opened Beeper up to everyone! Since then, we’ve published a number of Android app features like archive (follow the fun in our Changelog). But we haven’t released many new iOS or Desktop updates. What’s the deal?
New Beeper Desktop and iOS Apps
The deal is that we’re in the process of doing a complete overhaul of our Desktop and iOS apps! We’re rewriting both apps to be fast and beautiful. The new iOS app is being built mostly from the ground up, while the foundation of our new Desktop app comes from the excellent Texts.com app.
Our goal with this rewrite will be to have Beeper clients available on all operating systems, featuring a consistent and beautiful experience. Both new apps will adopt the design language that debuted in the new Beeper Android app. The technical architecture that makes Beeper Android so fast is coming to iOS and Desktop as well! Read more about that on our blog.
Finally, we are continuing to migrate all connections to other chat networks from the cloud to a direct connection inside each app. We released a ‘local’ Signal (vs cloud) bridge in April inside Beeper Android. The new iOS and Desktop apps will feature 100% local bridges, which means that no cloud server is needed to send or receive messages. This will increase the security and privacy for Beeper users, and most likely enable more reliable connections. We’ll also be bringing these local bridges to Beeper Android.
The entire Beeper team is hard at work on this expansive project. We aim to have the first versions ready for testing later this year. In the meantime, expect to see fewer iOS and Desktop app updates as those teams will be exclusively focused on building the new apps.
Alpha Testers Wanted!
We’re looking for some brave friends to join us and help test early versions of these new apps. If you’re open to trying new things, have a keen eye for finding bugs, and willing to take screenshots of issues you spot, please apply to join our Alpha Test group. Unfortunately, we will not be able to accept all applicants at this time.
If you haven’t already heard of Beeper, welcome! Beeper is a universal chat app for Android, iOS and desktop. Our goal is to build the best chat app on earth.
It has a few killer features:
One chat app to rule them all. Send and receive messages on 14 different chat networks.
Stay on top of your chats with a universal inbox. One place to check and chat with all your friends.
Search instantly across your entire digital history. Find a friend’s address they sent you, or their spouse’s name, in a snap.
Plus, simple obvious features that chat apps should have had years ago, like auto-copying 2FA codes, scheduling messages, archiving, folders and a fantastic desktop experience.
Beeper is built on an open source chat protocol called Matrix. Over time, we’ll help people migrate from proprietary, siloed chat networks to an open standard for chat. If you’re interested in learning about this, we’ve written more about our intentions.
FYI: Beeper does not currently support iMessage, but there’s good reason to be cautiously optimistic about the future. In March, the US government took up our fight and sued Apple for blocking Beeper Mini’s access to iMessage. The FCC is also investigating. 🤞
Apple has also announced that iPhones will support RCS chat protocol in 2024. Good news – Beeper already supports RCS! This should fix most iPhone ↔ Android chat problems, like low resolution images/videos, lack of typing indicators and encryption.
No more waitlist. Download now!
Since we announced Beeper in 2021, over 115,000 people have helped beta test our app. We’ve learned a lot and made a ton of tweaks. We’re finally ready to invite the 466,000 extraordinarily patient folks on our waitlist, and the entire world!
Beeper is now available for everyone to download. We have apps on Android, iPhone/iPad, ChromeOS, macOS, Windows and Linux. Head over to beeper.com/download to grab it.
It’s free to use, and includes access to all chat networks. At a later point, we will also offer an optional paid subscription, which includes additional features like being able to add multiple accounts per network and more.
Beeper is joining Automattic
Next big piece of news – we’ve been acquired by Automattic! It’s a really big deal. I’ve known Matt, their CEO, for years. We’re extremely excited to have the support of an organization known for fantastic open source projects like WordPress, WooCommerce, Pocket Casts and Simplenote. Beeper as you know and love it will continue to thrive. Our whole team is moving over to Automattic, and we’ll continue operating as an independent team. Read more in the announcement blog post.
Our new Android app is now out of beta
You may have caught our announcement from a few weeks ago – we’ve built a new Android app from scratch to be fast, clean and beautiful. Thank you to our 10,000 eager Android friends who have been beta testing the app! Today we’re releasing the app to everyone.
The new app features:
Beautiful new design
Instant chat opens. Instant message sends.
Set up and modify chat networks in the app, no desktop required
All chats are cached locally on-device
Full message search
Fully end-to-end encryption local Signal bridge (local WhatsApp and all e2ee network bridges coming soon)
Download now on the Google Play store. The old app won’t auto-update, you must download the new one manually.
Read about the rewrite and our new local end-to-end encrypted architecture on our tech blog.
Next up
Now, we’re merging with the Texts.com team (who were acquired by Automattic last year) to work together on our shared mission to build the best chat app on earth! We’ve got a lot of new features and improvements in the works. Beeper iOS and Desktop app are being overhauled, and updated with the new design language from Beeper Android. We’re working on a ton of Beeper Android improvements (ahem, archive) as well. Lots more to come soon.
Onwards!
Eric + Beeper Team
(Oh, we also have a new website, and our blog is now on WordPress! 📝 📟)
I’m excited to announce that Beeper has been acquired by Automattic. This acquisition marks the beginning of an exciting new chapter as we continue our mission to create the best chat app on earth.
If you haven’t heard of Beeper before, welcome! We make a universal chat app – one app to send and receive messages on 14 different chat networks. You might have also heard about Beeper Mini, our briefly available iMessage-on-Android app.
In many ways, our journey has only just begun. Beeper has just over 115,000 users and was, until today, in beta. Given the state of the messaging landscape today, we believe there is a huge opportunity for us to push boundaries and create new experiences in chat. The majority of other chat apps have stagnated, entrenched in their positions, with no significant new players emerging since Discord’s launch in 2015. Given the state of the messaging world, we’ve long felt the need for a strong ally with the resources to support us on our quest. Automattic has a long history of putting user control and privacy first with open source, and great bilateral relationships with Meta, Apple, Microsoft, Google, Matrix and others that we hope can usher in a new era of collaboration.
It’s a fantastic match. Automattic is best known for supporting WordPress and WooCommerce – two open source software projects that underpin huge portions of the internet’s publishing and ecommerce infrastructure. Together, we’ll develop software for a third fundamental pillar of the internet: chat.
Matt, Automattic’s CEO, and I have known each other for years. He was an early user, supporter and investor in Beeper. We’re very well aligned on our goal (build the best chat app on earth), approach (open source where possible), and independence (Beeper will operate independently as part of Automattic’s Other Bets division).
This is a big bet. Automattic is doubling down on chat after their acquisition last year of Texts.com, a messaging app with a similar mission. Our teams and products will merge, and I will take on the role leading the team as Head of Messaging. It will take a bit of time for us to integrate and combine forces under the Beeper brand. We’ve got big plans! I’m really excited about the future of chat 📟
Eric Migicovsky Beeper CEO → Automattic Head of Messaging
For Beeper users…
The Beeper app you know and love is only going to get better with the support of Automattic! In fact, today we’re making Beeper available to everyone – no more waitlist. Learn more.
Our privacy policy and terms of service remain the same, though they may change in the future.
As always, Beeper (and now Automattic Inc.) cannot view any of your historical chat history. All messages are encrypted with a key that only you have before being stored. Read more about our security and privacy commitments.
Our business model is unchanged. We build a fantastic free chat app, then charge for additional premium features.
If you no longer would like to use Beeper, visit account.beeper.com to delete your account.
This blog post is the second in the series of how Beeper works. The first, How Beeper Mini Works, was published back in December with the release of our incredibly popular, but short-lived iMessage-on-Android app. This post will describe how we’re continuing to evolve our all-your-chats-in-one-app experience to have better performance and security.
Restating our previous post, we believe that it is critical for you to be able to trust the software that you use, especially something as important and sensitive as your chat app. We work to earn and keep your trust in three ways:
Transparency – since we started Beeper 3 years ago, we’ve been taking opportunities like this to explain how Beeper works. We have a proud history of building products, like Pebble, and standpublicly behind our work.
Open source – each major piece of software that we’ve built to interact with other chat networks is open source at github.com/beeper.
Privacy and security-aligned business model – we make great software and will charge for an optional premium subscription. Simple as that. No ads. Your data stays private.
How Beeper Works Today
Beeper is our all-your-chats-in-one-app experience that we’ve been building for the last 3+ years. The architecture is heavily based on Matrix, a open, decentralized and secure chat protocol that we believe is the future of chat. Your Beeper username is a bonafide Matrix account, which allows you to securly chat with anyone on any Matrix server in the world. Our original clients were all derived from the open source Element suite of clients, which we’ve extended over the years to better support our chat aggregation features and our focus on personal chat.
In order to aggregate all your contacts on all your networks into a single chat experience, we take advantage of Matrix’s ability to “bridge” other networks into the Matrix network. Whenever you connect one of your other chat accounts to your Beeper account, we’re running a piece of software that whenever you send or receive messages from that account it’s bridged into your Matrix account, which is then served to any clients you are running. While we take advantage of Matrix’s built-in message encryption to make it so only your clients can read your message history once it’s been bridged, this does mean that you have to trust us with your access tokens and keys to each of your accounts to send and receive messages on your behalf.
While this approach does have a number of advantages when it comes to reliability, speed, and smoth syncing across all your Beeper clients, it’s not as privacy-preserving as we would like. To mitigate this, we’ve invested heavily in the security of our services, and have open sourced our software to connect to other networks so they can be audited and understood by the community.
Additionally, we’ve built systems for tech savvy users to self-host the bridges themselves. Users can use a server they already own, or rent an inexpensive virtual machine and host our open source bridge software on their own hardware. When using self-hosting, our servers only see your messages once they’ve already been encrypted with Matrix encryption, and we never see your account credentials or access tokens.
With our new Beeper Android app, we’re also starting to offer the ability to run your bridges locally inside your Beeper Client, but more on that later.
The Rewrite
Our new Android app is a beautifully designed, ground up rewrite of our previous Android app. Contemplating a rewrite is always a challenging decision for engineering teams, as a huge amount of effort could be spent to produce something that’s not as good as what you started with. We resisted this decision for a while, and continued to try to incrementally improve our fork of the open source Element Android app to get it to where we wanted it to be.
However, we made the decision a few months ago based on a few key points.
The old Android app was heavily built around a few legacy Android libraries, such as Epoxy for the UI and Realm for the database. These libraries made our builds take longer (full rebuilds were around 15 minutes) and made the app run slower, and were so deeply integrated they were hard to remove without a rewrite. Our new Android app is built using Jetpack Compose for the UI and Room for persistence, and builds in 2-3 minutes, which means it’s faster for our team to fix issues and ship new features.
The old Android app was just too large, as its role as the reference Matrix client meant it had to support every feature created for Matrix. Our old Android app was roughly 240k lines of code, where the new one is only 110k (70k~ Kotlin, 40k~ Go, more on that later). Having a smaller codebase that we built ourselves allows us to move quickly to fix bugs and add new features.
We had a great starting point with Beeper Mini, which was a new codebase that we built in house. Beeper Mini is much simpler than our full Beeper app, but it gave us a great starting point that gave us confidence we could replace our legacy Android app by adding Matrix support to Beeper Mini.
The effort to replace our old Beeper Android app with a new one based on Beeper Mini began at the start of January 2024. We were able to start sharing an early version with our friends, family, and alpha testers by the middle of February, and launched it in beta for anyone to try out on March 14th. The feedback has been incredibly positive, and while we’re still missing some features (inbox auto-archive coming soon!), the new app is a huge step forward from the old one.
Matrix with Go
Something we’ve always struggled with is maintaining 3 different codebases (Android, iOS, desktop) that all implement the same Matrix client bits. Our desktop app has struggled with restoring room encryption keys immediately after login. Our old Android app was slow to send messages because it was slow to share room encryption keys with users. Our iOS app had occasionally send failures because it had issues tracking who it had already shared keys with. Each platform implemented the Matrix protocol in its own way, and had its own bugs. Fixing one didn’t mean that it was fixed everywhere.
With our Android rewrite, we decided to implement the same strategy that Element decided to use, with a common SDK for all their clients. Ours is built in Go instead of Rust.
We decided to build our own SDK instead of using matrix-rust-sdk for a few reasons.
At Beeper, we’re narrowly focused on personal chat (think WhatsApp), which means our use case is a little different from Element. For example, where matrix-rust-sdk requires sliding sync to handle users being in 1000s of rooms with potentially 10s of 1000s of members. For us, our users are in much fewer rooms, with much fewer members. To satisfy this, we designed something that we refer to as “Streaming Sync”, where there are no timeline limits or lazy loaded members, your phone simply receives every event in every room in real time. Such different requirements lead to different design decisions.
We also wanted a different architecture and scope than matrix-rust-sdk. matrix-rust-sdk is intended to be a full client that you wrap a UI around, and is intended to be a reference Matrix SDK that implements the full spec. This has a size and complexity cost, and weighs in at around 127k lines of Rust code. We wanted to have a thin-client approach, where our SDK would handle syncing data and decrypting it and little else, and handing most of the responsibilities up to the app layer. This allows us to have a much simpler SDK of only around 40k lines of Go, and to use the libraries native to the client platform to manage things like the room members or the timeline. The Go SDK handles receiving events from the Matrix API, decrypts them, and then just sends them up to the Kotlin App layer for processing and storage.
Our team already knows Go inside and out and maintains mautrix-go, a full Matrix client library. The vast majority of the Go code in the Android app is just mautrix-go, with only another 4k lines to adapt mautrix-go to being used as a mobile client SDK. We already knew that mautrix-go would allow us to build a great client, as Tulir has already built a command line Matrix client named gomuks using it, which also powers Beepy. We also knew that Go would work well inside an Android app based on our experience using our iMessage Go library to power Beeper Mini.
This approach has worked wonderfully, and work has begun on moving our Beeper Desktop and Beeper iOS codebases over to using our new Go-based Matrix SDK.
Local Signal Bridge
The other thing that this architecture allows us to do is to include additional Go libraries to enable adding more networks than just Matrix to our Android chat app. With our new Beeper Android app, we’ve included an experimental local Signal bridge, powered by the same library that we use for our open-source Signal bridge. This allows users to use their existing Cloud-based bridges through Matrix, while also connecting directly to the Signal servers for the most secure experience, using an approach very similar to How Beeper Mini Works.
That means that with our local Signal bridge, your Signal keys never leave your device, and end-to-end encryption is completely preserved.
At a high level, when a new Signal client is connected to your Signal account that client creates a random client-specific password and passes that to the Signal server at registration time. This password, along with the user’s ACI (ACcount Identifer, a UUID that represents the user’s Signal account), becomes a set of credentials that the client can use to connect to the Signal servers through a websocket. Whenever a message is sent to that user’s account, the Signal servers will notify the websocket that a message was received. This message will be encrypted with the client’s Signal encryption keys, which only the client has, and are different than the client-specific password created earlier.
With Android applications, Android itself limits how often your code can run in the background in order to minimize impact on battery life. In order to process messages immediately when they’re received, we need to wake up the Android application immediately when a message is received. We need something that can stay always available to receive the notification, even when your Android app is asleep.
We use the same Beeper Push Notification Service (BPNS) we used for Beeper Mini, adapted to handle Signal credentials instead of iMessage credentials. The local Signal bridge running inside the Beeper Android app shares the ACI UUID and the client-specific password with BPNS, and then it can connect to the Signal websocket on behalf of the client when the Android app is asleep. BPNS will be notified whenever a message is sent to the user, and then BPNS can use Firebase Cloud Messaging to wake up the Android app to reconnect the same websocket, receive the encrypted message, decrypt it, and show a notification.
BPNS can not see the message content since it’s encrypted with the Signal message encryption keys, and thanks to technologies like Sealed Sender, BPNS doesn’t even know who the message was from. Only the Android device that you own can read your Signal messages, and no Beeper servers can send or receive messages on your behalf.
Our local Signal Bridge is still experimental, as there are several challenges to solve. Only Beeper Android supports the local Signal Bridge, which means that if you’d like to use Signal on Beeper Desktop or Beeper iOS, you’ll still need to use our cloud-based connection until we add local bridge support to those clients later this year. Features such as scheduled messages will need to be rebuilt as the local Signal Bridge on your phone that can send a message and it may not be immediately available. Since this bridge is not connected in any way to your Matrix homeserver, bots or other integrations built against the Matrix HTTP API won’t be able to interact with your chats.
Even with all these challenges, we think local bridges are the best way to securly connect your Beeper clients to your accounts on end-to-end encrypted networks. We’re active working on bringing the Local Signal Bridge out of its experimental phase, enabling local bridges in all of our Beeper clients (not just Android), and supporting more networks than just Signal (especially the end-to-end encrypted ones, such as WhatsApp and iMessage).
It’s the day all you Beeper Android fans have all been waiting for…our new app is ready for you to try out!
Our team has been working hard on this stunner of an app. Forget everything you thought you knew about Beeper on Android. This app is a complete rewrite, built from scratch to be fast, clean and beautiful. We can’t wait to hear what you think.
If you have a Beeper account already, you can download it now. If you do not have an account, there is a waitlist (for just a bit longer!) or grab an invite from someone who is already on Beeper.
New Features
FAST. Oh boy, is it fast.
Instant chat opens. Instant message sends.
All chats are cached locally on-device
Full message search
Beautiful new design
Minimal and Pro inbox options – less on-screen info vs more
New themes: OLED black and Material You
Tablet and foldable dual-pane view
Android OS chat bubbling
Home screen widget
And lots more…
Set up and modify your chat networks in the app, no desktop required
Experimental preview: on-device Signal bridge, now fully end-to-end encrypted
New Design and Architecture
Our first generation Android app was built as a fork of an open source Matrix client (Element Android). This allowed us to get our app up and running quickly, but proved difficult to optimize and improve. The design of our first app was clunky, and didn’t mesh perfectly with Android. We knew we had a lot to fix.
As all software developers know, there’s always tension between two development paths – rebuild in-place or a full rewrite. We attempted to rebuild as much as we could, but we realized over time that our architecture design goals were fundamentally different from other Matrix clients. While those clients are primarily meant to be Slack or IRC alternatives (designed for large unencrypted group channels), our priority is to build a great consumer chat app for encrypted DMs and smaller group chats.
Last year, we made the tough decision to begin a complete rewrite of our entire Android app.
On the interface design side, our design team created a unified design language and re-imagined every surface of the app. We took care to mesh Beeper into Android OS, taking cues from Material design and deeply integrating with native Android features like Chat Bubbles, Material You and dual-pane view for foldables.
The technical architecture has been re-engineered from the ground up for speed and performance. We redesigned how incoming chat messages flow from the internet, through the app, to be displayed on screen. All chats are now cached locally on your phone. We swapped the old Matrix Android library for mautrix-go, the same open-source Go library that powers all of our Matrix bridges. Similar to the technical architecture of iMessage in Beeper Mini, our new Android app features an integrated on-device Signal bridge. More details on-device bridges to come in the future. The remainder of the Android app is written in Kotlin and Jetpack Compose.
Our goal is to make the app extraordinarily fast and snappy. We’re not done yet, but we’re getting darn close.
Roadmap
Keep in mind – this is a beta release! There are bugs – please help us improve the app by reporting any issues you spot (⚙️ Settings → Report a problem). We will do our best to fix them. Please send feature requests through the same button!
Known issues
Initial sync may take up to 8 minutes (for large accounts).
Google Messages set up may take 2-3 tries to set up. Will be fixed soon
Tapping on message in search results does not open the chat
Scrolling up/down in the inbox or chat view may accidentally trigger a sideswipe action.
Interacting with full screen image viewer is a bit funky
Links in notifications are not tappable
Upcoming features and improvements:
Many UI tweaks and clean-ups
Deleting chats
On-device iMessage bridge (like Beeper Mini) is not enabled at this time. You may continue to use Beeper Mini alongside this app
WhatsApp and Google Messages on-device end-to-end encrypted bridges
Context menu for pinned chats
Tap other peoples name/avatar in group chats to send a DM
Network disconnection alerts
Android Auto
Gallery: sending and receiving
Archiving and marking as low priority
Viewing list of who has reacted to a message
Scheduled send
Mentions (mentioning folks in chats with @)
lots more!
Heads up!
You need to have a Beeper account to use Beeper Android at this time. Get an invite or hang out on the waitlist for a bit longer!
We’re super proud of this app. It’s been a massive effort from the team. Many people have reached out to ask us how they can financially support Beeper. We’re excited (for our own sake) to say that we will be activating paid subscriptions in the very near future.
Each time that Beeper Mini goes ‘down’ or is made to be unreliable due to interference by Apple, Beeper’s credibility takes a hit. It’s unsustainable. As much as we want to fight for what we believe is a fantastic product that really should exist, the truth is that we can’t win a cat-and-mouse game with the largest company on earth.
With our latest software release, we believe we’ve created something that Apple can tolerate existing. We do not have any current plans to respond if this solution is knocked offline. The iMessage connection software that powers Beeper Mini and Beeper Cloud is now 100% open source (github.com/beeper/imessage). Anyone who wants can use it or continue development.
Beeper Mini is beautiful, fast and fun. Our main goal with the app is to upgrade chats between iPhone and Android users from unencrypted green bubble SMS to encrypted, fully featured blue bubble chats. This is a huge win for both iPhone and Android users in the US, where texting via SMS is the default form of chat. The only people on the ‘other’ side of this debate seem to be Apple and some ardent online supporters.
Apple and other commentators have made a number of claims about Beeper Mini, including a public statement to The Verge. These claims are serious, but flawed.
“These techniques posed significant risks to user security and privacy, including the potential for metadata exposure”
It’s straightforward to verify that Beeper Mini is not a malicious app designed to steal your messages and accounts, or harvest your data. If you want, you can inspect the code of our core open source iMessage bridge (which is embedded inside Beeper Mini), and self-host it yourself to prove that it only connects to Apple servers. So let’s put to rest the idea that Beeper Mini is inherently insecure. If Apple wants to accuse us of being insecure, they need to back that up with hard evidence. We’re eager to fix any security issues reported by Apple or anyone else.
The truth is that Beeper Mini upgrades insecure chats between iPhone and Android contacts and makes them secure with end-to-end encryption. By blocking Beeper Mini, Apple is actively harming their own iPhone customers by forcing them to fall back to insecure SMS chats. We believe that, for this reason alone, their actions are morally indefensible.
“��exploit fake credentials in order to gain access to iMessage”
As we shared in our recent blog post, Beeper uses real registration data from real Macs and iPhones. These credentials are being used by real people, with real Apple accounts, to send real iMessages. Many Beeper Mini users tell us that they are Apple customers with Macbooks or iPads, etc, but choose to use an Android smartphone. All they want to do is continue their iMessage chats on their phone. Honestly, we don’t understand this claim at all.
“…enabling unwanted messages, spam, and phishing attacks”
Uh, isn’t that what SMS is for? 😂 With iMessage, Apple even has the ability to block spammers and scammers at the network layer. It’s much easier for them to block iMessage spam than SMS spam, which can only be blocked client-side. We don’t really understand this argument at all.
Keep in mind that from an iPhone user’s perspective, there is no way to tell if it’s a new iMessage or a new SMS message in the inbox. You can’t tell that they are different until you open the chat.
“Apple’s going to support RCS next year, just wait for that!”
On Nov 16, Apple sent a 3 sentence statement to 9to5Mac saying that they are planning to support RCS. This would be great! Beeper has supported RCS since August. We’d immediately switch to using this for iPhone ↔ Android chats. Very few hard facts are available. It’s not clear if Apple’s RCS will support the same encryption protocol as Google’s RCS.
Just one year ago, Tim Cook had this to say about RCS: “I don’t hear our users asking that we put a lot of energy in on that at this point. […] Buy your mom an iPhone.”
Long story short, I will believe it when I see it. Apple has a long history of claiming they will support an open standard, then failing to add support. In 2010, Steve Jobs promised that Apple ‘would make FaceTime an open industry standard’. That never happened. More recently, in 2021, Apple promised to open their Find My network to competitors like Tile. Instead, they’ve penalized Tile by additional warnings in front of their app.
Beeper Mini has a working solution to this problem today. Why should iPhone customers and Android users have to wait for Apple to adopt RCS? What if their implementation is delayed? What if they cancel it?
“Apple is within their rights to run iMessage how they see fit”
This might be true if Apple was a small company. But they aren’t. They control more than 50% of the US smartphone market, and lock customers into using Apple’s official app for texting (which, in the US, sadly, is the default way people communicate). Large companies that dominate their industry must follow a different set of rules that govern fair competition, harm to consumers and barriers to innovation. We are not experts in antitrust law, but Apple’s actions have already caught the attention of US Congress and the Department of Justice.
“But you guys are making money off Apple’s servers!”
We stopped charging for Beeper Mini on Dec 11, and Beeper Cloud has always been free to use. Additionally, Beeper Mini users chat with paying Apple customers on the other side of the conversation! If Apple proposed some way for us to reimburse them for the (minuscule) infrastructure costs of enabling paying iPhone customers to text Android users, we’d be happy to comply with that.
Our preference is to charge for our app because it allows us to align our interests with those of our customers, compared with ‘free’ apps that do questionable things with user data to make money.
At this stage, Apple’s actions to block Beeper Mini look increasingly hard for Apple to defend. The only potential reason Apple has left is that they might make less money selling iPhones if iMessage were available on Android. Some Apple folks have admitted that ‘iMessage on Android would simply serve to remove an obstacle to iPhone families giving their kids Android phones’. Our hope is that Apple has more faith in their overall product offering than to think that people buy iPhones just to get a blue bubble.
We’re extremely sorry that the iMessage connection in Beeper has been so unreliable over the last two weeks. We knew when we started Beeper that this would not be easy. Regardless, we’re deeply aware of how painful this experience has been to those of you who came to rely on Beeper to communicate with your friends and family via iMessage.
We’ve found a solution to fix and stabilize the iMessage situation for Beeper Cloud and Mini users. From our internal testing, this fix works well and has been quite reliable. Even better news – we’ve even figured out how to get phone number registration working in Beeper Mini! Your phone number will be blue again.
Here’s the catch – you will need access to an old iPhone, Mac computer, or find a friend with a Mac.
Yes, we realize this solution is not ideal
While we understand that this solution will not work for everyone, please know that we’re doing our best given the circumstances. Unfortunately, if you don’t have access to a Mac or iPhone, your iMessage connection in Beeper will not work reliably. You can either keep your chat history if you plan on acquiring a device in the future, or delete the connection from Beeper Desktop.
Please read our detailed blog post about our response to Apple’s claims regarding Beeper Mini. Long story short – after today’s release, we will not be continuing to fight a cat-and-mouse game.
What does that mean for me?
If you are a Beeper Cloud user and you:
🍎 Have a Mac with Beeper Desktop installed – please update to the latest version (v3.90.21) then click ⚙️ → Chat Networks → iMessage → Click ‘Reconnect’ and follow the instructions. Not all macOS versions are yet supported (learn more).
👭 Do not have a Mac – ask a friend with Beeper on their Mac to share their iMessage registration code, which you can enter into the latest Beeper Desktop app. In our testing, 10-20 Beeper users can safely use the same registration data. Learn more.
If you are a Beeper Mini user and you:
📱 Have an old iPhone (6s/SE1/7/8/X) and a Mac or Linux computer (Raspberry Pi works) – you’re in luck! Follow our instructions (takes only 10-15 minutes) to jailbreak your iPhone, install a Beeper tool to generate iMessage registration code, then update to the latest Beeper Mini app and enter your code. Phone number registration will now work! Leave the iPhone plugged into power, at home, connected to wifi.
💲 Do not have an old iPhone – sign up here to rent (few dollars per month) or buy (~$30-50) an old iPhone preloaded with the app. This service will be available in the new year, if there is enough interest.
🍎 Have Beeper Desktop installed on a Mac – use your iMessage registration code to set up Beeper Mini. Phone number registration is not available with this method.
The latest Beeper Mini app (v1.2.30) is available on the Play Store. If you encounter any issues, you may need to uninstall and reinstall the app.
🔒 iMessage Registration data is used only to indicate that a Mac or iPhone is available during registration. The Mac or iPhone that generates the data does not have access to your account, or your messages.
Here’s the backstory. When you sign in to iMessage on Beeper, we need to send identification information called ‘registration data’ from a real Mac computer. We have, up until now, used our own fleet of Mac servers to provide this. Unfortunately, this has proven to be an easy target for Apple because thousands of Beeper users were using the same registration data.
Beeper Cloud (Mac version) and old iPhones can now generate unique registration data just for you. This 1:1 mapping of registration data to individual user, in our testing, makes the connection very reliable. If you use Beeper Mini, you can use your Mac registration data with it as well, and Beeper Mini will start to work again. Beeper needs to periodically regenerate this data even after you’ve connected, roughly once per week or month, so the Mac needs to be switched on regularly.
Open Source
Since we started working on Beeper, we’ve been committed to open sourcing all the Matrix bridges that we’ve created. All are available on github.com/beeper.
Today, we’re proud to release our open source iMessage bridge, as well as the Mac app and iPhone app that generates iMessage registration codes. You are free to inspect our code and confirm the security claims that we’ve made, and if you prefer, you can self-host it.
FAQ
I don’t have a Mac or iPhone – what are my options?
Ask a friend with a Mac and Beeper to share their iMessage registration code. Use your Beeper invite if necessary!
Sign up here to rent or buy an old iPhone pre-jailbroken and ready to register a phone number for Beeper Mini
Delete the iMessage connection from Beeper Cloud and stop using Beeper Mini.
Can I use an old iPad, or iPhone that isn’t on the list (6/6s/SE1/7/8/X)?
No, it probably won’t work.
If I use a friend’s Mac registration code, can they see my messages, or can I see theirs?
No. iMessage Registration data is used only to indicate that a Mac or iPhone is available during registration. The Mac or iPhone in no way is given any access to your account, or your messages.
What happens if I share my code one too many times, and it starts having problems? Can I regenerate it?
Can I generate Mac registration code on a Mac without Beeper Desktop?
Yes, anyone familiar with macOS command line can download mac-registration-provider and run it without Beeper Desktop.
Do I have to leave my Mac or iPhone on 24/7?
No, but periodically (once a week/month) iMessage will re-request registration data and your Mac or iPhone will need to be online for that. We’ll be updating the system soon to give you a warning when you need the Mac to be awake.
Can I share my iPhone registration code with someone else?
No. iPhone registration code can only be used by one Beeper Mini user at a time. If a second Mini uses the same code, it will break the first Mini.
We’ve created an updated version of Beeper Mini that fixes an issue that caused messages not to be sent or received.
You can get the update directly from beeper.com/update on your phone. We are still doing some final testing before submitting the update to the Google Play Store for distribution to all users. If you encounter any issues, you may need to uninstall and reinstall the app.
We even added in a few new feature improvements: chats now open at the last unread message, and we polished the video player a bit!
Four other things to note:
The security and privacy of Beeper Mini is unchanged. It is still local, end-to-end encrypted on your device, as we described in our post.
Phone number registration is not working yet. All users must now sign in with an AppleID. Messages will be sent and received via your email address rather than phone number. We’re currently working on a fix for this.
We’ve made Beeper free to use. Things have been a bit chaotic, and we’re not comfortable subjecting paying users to this. As soon as things stabilize (we hope they will), we’ll look at turning on subscriptions again. If you want to keep supporting us, feel free to leave the subscription on 🙂.
Our Play Store ranking dropped precipitously on Friday. Leaving us a nice review there would help tremendously.
It’s been an extremely busy, tiring, exciting, and eventful week. Props to the entire Beeper team for working basically 24/7 to get Beeper Mini working again. Huge thanks to you, the Beeper and broader community, for supporting us.
What happened
Beeper Mini launched on Tuesday and rocketed to top 20 of Play Store charts. It was an instant hit. From what we can tell, Beeper Mini was the fastest growing paid Android application launch in history. In the first 48 hours, it was downloaded by more than 100,000 people.
The reason for its success is clear: Android and iPhone customers desperately want to be able to chat together with high quality images/video, encryption, emojis, typing status, read receipts, and all modern chat features. We all want a fun, easy and secure way to chat. For a glorious 3 days last week, Beeper Mini made this possible.
On Friday, we started getting reports that Beeper Cloud and Beeper Mini users could not send or receive messages. We investigated the issue and started working on a fix.
Within 24 hours, we fixed the issue for Beeper Cloud and published an update. Beeper Cloud users can now send and receive messages. It’s working exactly as it did before Friday.
Note: Beeper Cloud’s new Oct 2023 iMessage bridge never used Mac relay servers and still does not today. It uses a similar method to Beeper Mini, but runs on a cloud server.
At the same time, we took steps to deregister all phone numbers associated with Beeper Mini, and we sent push notifications to all users updating them on the situation. In hindsight, our timing was a mistake: we should have communicated to our users sooner. We’re extremely sorry for the inconvenience caused by the outage.
Today, less than 3 days later, we are publishing an update to fix Beeper Mini. Users can now sign in, send and receive messages. Beeper Mini is back.
Despite reaching out, we still have not heard anything directly from Apple.
Apple’s statement
I got a call from David Pierce over at The Verge on Saturday. Apple had sent them a statement:
At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users.
We—of course—expected a response. What we didn’t expect was 1984-esque doublespeak. The statement is complete FUD. Beeper Mini made communication between Android and iPhone users more secure. That is a fact.
Make no mistake, the changes Apple made on Friday were designed to protect the lock-in effect of iMessage. The end result is that iPhone customers have less security and privacy than before.
Before Beeper Mini, Messages app (the default chat app on iPhone) forced all iPhone customers to send unencrypted, unsecure green bubble SMS messages to Android friends, family and colleagues. Even worse, when iPhone customers added an Android phone number to an existing iMessage secure encrypted group chat, the Messages app would by default switch the entire group chat to using unencrypted, unsecure SMS. This immediately made communication between iPhone customers in the group chat less secure.
Beeper Mini fixed this problem (and many others), and made it possible for Android and iPhone customers to enjoy a secure, easy and high quality chat experience. We are working to make chat more secure, and enable consumer choice.
Many people have asked, ‘why don’t people just use Signal or WhatsApp?’. The answer is that Messages App is the default chat app for all iPhone customers. Not only is it the default, iOS makes it impossible to change the default chat app. In the US, where the majority of people have iPhones, this means that the easiest way to chat is by tapping on your friend’s name in your contact list and hitting the ‘message’ button.
We deeply object to the allegation that Beeper Mini ‘poses significant risks to user security and privacy’. This is completely untrue. As we explained above, the opposite is actually true. Beeper Mini increases the security and privacy of both Android and iPhone customers. To prove this, we published a detailed blog post about how the app keeps data secure and private. Beeper Mini is end-to-end encrypted. The underlying connection method is open source, for anyone to review.
Today, we’re taking that dedication to security and privacy even further.
If Apple doubts the security and privacy of our app, we’re willing to share the entire Beeper Mini codebase with a mutually agreed upon 3rd party security research firm.
If Apple insists, we would consider adding a pager emoji 📟️ to metadata on all messages sent via Beeper Mini. This would make it easy for Messages App to filter out any messages from Beeper Mini users.
At the end of the day, we are committed to building the best chat app on earth. We will continue working on that.
Today, we’re excited to announce Beeper Mini. It’s our beautiful new Android app built specifically to send and receive blue bubble messages to friends with iPhones.
It’s available to download today, no waitlist. Get it now on Google Play!
Beeper Mini has four major new features:
Your Android phone number is now a blue bubble.
Beautiful new design, blazing fast speed.
Full end-to-end encryption.
It’s a standalone Android app – no server, laptop, Mac or iPhone required.
Your Number Is A Blue Bubble!
Now you can send and receive blue bubble texts from your phone number. As soon as you install Beeper Mini, your Android phone number will be blue instead of green when your iPhone friends text you. It’s easy to join iPhone-only group chats, since people can add your phone number instead of your email address. All chat features like typing status, read receipts, full resolution images/video, emoji reactions, voice messages, editing, un-sending, and more are supported.
Increased Security and Privacy
Unlike every other attempt to build an Android app like this (including our first generation Beeper app), Beeper Mini does not use a Mac relay server in a data center. Instead, the app connects directly to Apple servers to send and receive end-to-end encrypted messages. Encryption keys never leave your device. No Apple ID is required. Beeper does not have access to your Apple account. Learn more about how Beeper Mini works.
Beautiful New Design
While creating Beeper Mini, we focused on making it blazing fast with all the modern chat features you expect. We simplified the experience to be clean, modern and straightforward, and we brought our favorite features of blue bubbles to Android through Material Design. Our vision for Beeper Mini was to bridge the best of both worlds, allowing you to chat with iPhone friends confidently in a cohesive and interoperable way.
Beeper Mini is free to try for 7 days. After that, the app is $1.99 per month. Our business model is simple: we build a great app and earn money from those who find value in it. We feel that this business model aligns our success with your best interests. No ads. Complete data security and privacy. And we stay incentivized to continue improving Beeper Mini with new features and improvements.
Download the app today on the Google Play store and try it out for yourself!
Mini FAQ
What if I’m already using Beeper?
Beeper Mini works great alongside Beeper Cloud (previously known as Beeper)! You can use Beeper Mini to register your Android phone number, then continue to use Beeper as your primary chat app. Just remember to keep Beeper Mini installed, as it periodically re-registers your phone number. If you prefer to use Beeper Mini for chatting, you can disable double notifications inside Beeper Cloud → ⚙️ gear icon → Notifications.
What about all the other chat networks?
Over time, we will be adding support for 15 chat networks into Beeper Mini. Encrypted chat networks, like WhatsApp and Signal, will connect directly rather than going through a cloud server and be fully end-to-end encrypted in Beeper Mini, similar to iMessage. Read more about our product roadmap.
How does Beeper Mini work? How secure is it?
Beeper Mini is fully end-to-end encrypted. Your messages are end-to-end encrypted. Neither Beeper, Apple, nor anyone except the intended recipients can read your messages or view attachments. No Mac relay server is used. Beeper does not have access to your Apple account. All messages are processed locally within the Beeper Mini Android app. No cloud Mac server is in the loop, unlike all other competing apps.
We’ve written this blog post to help you understand how Beeper Mini works. At Beeper, we believe that it is critical for you to be able to trust the software that you use, especially something as important and sensitive as your chat app. We work to earn and keep your trust in three ways:
Transparency – since we started Beeper 3 years ago, we’ve been taking opportunities like this to explain how Beeper works. We have a proud history of building products, like Pebble, and standpublicly behind our work.
Open source – each major piece of software that we’ve built to interact with other chat networks is open source at github.com/beeper.
Privacy and security-aligned business model – we make great software and charge a small subscription fee. Simple as that. No ads. Your data stays private.
Security and privacy
Read the entire post for the full story. TLDR: the following features of Beeper Mini ensure that all communication is encrypted and secure.
All messages are end-to-end encrypted before being sent. Beeper (and Apple) cannot see your messages.
Encryption keys never leave your device.
Beeper Mini connects directly to Apple servers. There is no Mac server relay, like other apps.
No Apple ID is required. Beeper does not have access to your Apple account.
Your contact list never leaves your device.
Don’t believe this is possible? Try the open-source Python proof of concept on your own computer to see for yourself. Security researchers are invited to verify all claims that we make, see appendix below.
How it works
Beeper Mini works differently than Beeper Cloud in important ways that increase your privacy and security. Beeper Mini is a standalone Android app. It does not require a cloud server to send and receive messages. It also implements Apple’s end-to-end encryption protocol natively within the Android app itself. All messages are end-to-end encrypted before they are transmitted directly from your device to Apple servers. Learn more about iMessage encryption on Apple Platform Security page.
This is now possible because the iMessage protocol and encryption have been reverse engineered by jjtech, a security researcher. Leveraging this research, Beeper Mini implements the iMessage protocol locally within the app. All messages are sent and received by Beeper Mini Android app directly to Apple’s servers. The encryption keys needed to encrypt these messages never leave your phone. Neither Beeper, Apple, nor anyone except the intended recipients can read your messages or attachments. Beeper does not have access to your Apple credentials.
We built Beeper Mini by analyzing the traffic sent between the native iMessage app and Apple’s servers, and rebuilding our own app that sends the same requests and understands the same responses. Learn more by reading jjtech’s blog post, iMessage Explained, and his proof-of-concept Python implementation on Github. Anyone can download this code, run it on any computer that supports Python, login to their iMessage account, and send and receive iMessage protocol messages. No Apple hardware required.
Another change is that Beeper Mini does not use the Matrix protocol, encryption or code like Beeper Cloud. It is a completely new codebase, versus our first Android app, which was a fork of Element. In the future, we are planning to add Matrix network support back in, along with support for the 15 other chat networks in Beeper Cloud. Read more about our roadmap.
Inside the Beeper Mini Android app
1. Sign in
When you first start the Beeper Mini app and sign in with Google, a registration request is sent to our Beeper API Server. This service only exists to verify your subscription status, as well as give our support team the information they need to debug any issues that you may be running into (including your name and email address). No iMessage credentials or messages are transmitted through these servers, which are for Beeper Mini account management only.
2. Permissions and registration
After that, you are prompted to allow notifications, which sends a push token to Beeper Push Notification service, which enables our servers to send push notifications to your Android device. These push notifications do not contain the contents of messages.
Next, you are prompted to grant contact list and SMS permission access.
Contact list access is used to match phone numbers to contact names, and display profile pictures. Your contact list is never sent to Beeper servers.
SMS access is used to send an SMS text message from your number to Apple’s “Gateway” service. The gateway sends a response via SMS, and the contents from that SMS response are sent to Apple to register your phone number as a blue bubble. Your SMS chat history is also used to determine if any of your recent SMS chats were with people who have iPhones. If so, these chats are shown in the inbox.
It’s at this point that the app generates encryption keys that are used for end-to-end encrypted messaging. The public key is sent to Apple servers, and the private keys are stored in the Android device local filesystem. Beeper Mini is now signed in.
3. Optional Apple ID sign in
Optionally, you may also sign in to your Apple ID to enable sending/receiving from your email address. This will also enable you to send and receive messages from other Apple devices like iPad or Macs. The Apple ID login sends your username, password and a 2-factor code using encrypted HTTPS requests directly to Apple servers.
4. Sending and receiving messages
Apple’s iMessage protocol works over Apple Push Notification service, which most developers would be familiar as the service that allows them to send push notifications to their iOS applications. For iMessage protocol, all messaging traffic flows over this service in both directions, encrypted with keys generated locally on each device. Beeper Mini connects to APNs over TCP, using the credentials generated during the login process.
A persistent connection to APNs is needed to be notified of new incoming messages in real-time. On an iPhone, an APNs connection is maintained by the operating system, and connected at all times. In Beeper Mini, the connection can only be maintained when the app is running, since Android does not support APNs natively.
To work around this limitation, we built Beeper Push Notification service (BPNs). BPNs connects to Apple’s servers on your behalf when Beeper Mini Android app isn’t running. We can do this while preserving user privacy thanks to Apple separating the credentials needed to connect to APNs to send and receive content (the “push” credentials) and the keys needed to encrypt and decrypt messages (the “identity” keys). Push credentials can be shared securely with the Beeper Push Notification service, and BPNs can connect to APNs on your behalf. Whenever BPNs receives an encrypted message that it won’t be able to decrypt, it simply disconnects from APNs and sends an FCM push notification to wake up the Android app, which then connects to APNs, downloads, decrypts and processes the incoming message. BPNs can only tell when a new message is waiting for you – it does not have credentials to see or do anything else.
BPNs will be notified when you receive a message, but without the encryption keys it can’t decrypt anything BPNs receives. Also, without the identity credentials, BPNs can’t send messages on your behalf. If you don’t mind not receiving real-time push notifications for new messages, your BPNs can be disabled entirely by going to Settings → Manage Connection → Enable Push.
When you create a new chat, the phone number or email address of your intended recipient is transmitted to Apple servers. If the contact is on iMessage, a public key is returned.
Sending messages is even simpler. When you hit send, the message is encrypted with the public keys of the intended recipients and sent directly to Apple servers via an SSL encrypted TCP connection over APNs.
5. Analytics and other services
Beeper Mini connects to a few other services as part of its operation. We use a self-hosted installation of Rudderstack (https://rudderstack.beeper-tools.com) for analytics and diagnostic events, which we use for improving the app but can be disabled in Settings → Preferences →Share Diagnostics. We use OneSignal to send education and account related push notifications, and RevenueCat to help integrate Google Play subscriptions.
Other than that, that’s it! No other servers or services are used. Beeper Mini keeps your messaging secure by keeping all messaging credentials, keys, messages and media local to your phone, and only sends them directly to Apple’s servers after encrypting them with iMessage’s end-to-end encryption algorithm.
We value, actually, we treasure feedback. If you run into a bug or have a feature request, there’s a button in-app to report a problem. We read every single report.
Brad Murray and Eric Migicovsky Beeper cofounders
Appendix
To write this blog post, we performed a red team analysis on our own app. We made extensive use of the excellent mitmproxy project to capture the network traffic coming from a real phone running a modified version of the Beeper Mini client. A modified version was needed for this analysis in order to disable certificate pinning, so that the Beeper Mini Android app would accept being connected to mitmproxy instead of only accepting Apple’s certificates for that connection. If researchers would like a copy of this version of Beeper Mini (with cert pinning disabled) to perform a similar analysis, please contact us at security@beeper.com.
Below is a capture of the requests that we make with Apple’s servers over HTTPS when logging into iMessage with your phone number. We first register with a service named albert.apple.com, which sets up our “push” credentials and allows us to connect to APNS. We then make two requests to get the number we need to send an SMS to register our phone number which is different for each carrier (This capture was taken with a device registered with Rogers, a Canadian cell phone carrier 🇨🇦). Finally, we take the contents of the response SMS (not shown here) and send it to identity.ess.apple.com, registering our account with iMessage and generating the “identity” credentials we’ll use to send and receive.
Optionally, you can also register your Apple ID with Beeper Mini as well, as shown in this capture. You first provide your username and password over encrypted HTTPS directly to Apple’s servers, followed by a second request to provide your 2FA code. We can then register for iMessage again, this time providing the certificates from both the earlier phone number registration and our new Apple ID registration. Registering these together in the same call links them together, allowing any other device that you’re logged in with your Apple ID to send and receive with both your Apple ID emails and your phone number.
Next, a capture of the keys shared with the Beeper Push Notification sevice (hostname imux.beeper.com). Note, the RSA private key in this request is your “push” credentials that allow you to connect to APNs, not your “identity” credentials that allow you to encrypt and decrypt iMesssages. Push credentials cannot be used to escalate permissions or access anything other than the presence of a new APNs push notification. Check out apns.py in pypush PoC to learn more about push credentials.
Sending and receiving is not shown here, as they are not done over HTTP but instead through an SSL encrypted TCP connection to APNs. The APNs servers are hosted at *-courier.push.apple.com , where the asterisk is replaced by a number between 1 and 30. All message contents and media are encrypted with your “identity” keys, which never leave your Android phone.
There is a /login endpoint on Beeper servers, but as mentioned previous, this is only for subscription management purposes. The client submits the token received from the Google login process to our servers, and the response contains their subscription status. No iMessage credentials are ever sent to Beeper servers.
Note: Beeper and Beeper Mini are entirely independent software products, with no relationship to, or endorsement by, Apple, Google, or any other supported chat networks.
iMessage, Apple, Mac and iPhone are trademarks of Apple, Inc.
You must be logged in to post a comment.