Unofficial Android iMessage app can steal info and download malware

Android users who have dreamed about being able to use iMessage, Apple’s proprietary and free messaging solution, have been pleasantly surprised by the iMessage Chat for Android being offered for download on Google Play.

It works as advertised, and poses as a Mac mini when it connects to Apple’s iMessage server.

But, according to 9to5Mac, researchers and software developers are warning against its use.

For one, it hasn’t been created by Apple, but by a third-party developer named Daniel Zweigart, who may or may not have malicious intentions.

Secondly, the messages users send or receive via this app are first processed by a server located in China, then forwarded to Apple’s server.

Thirdly, to use the app, they have to either sing in with their Apple ID or create a new Apple account and then sign in – meaning that these login credentials will be handed over to – and could possibly be stored and abused – by Zwigert.

Last but not least, the app apparently has the ability to download additional APK code without the user’s knowledge – meaning that it could also download malware.

At this point, I wonder how come Google hasn’t yet detected and removed the potentially malicious app from their official Android store. But even if it does, third-party online Android app markets will probably welcome it.

Users are advised to avoid using the app until more details about it are known and foul play is ruled out.

UPDATE: Google has removed the app from Google Play.