An Android application claiming to offer Apple iMessage access to the Google mobile operating system can read users' messages, install malware and steal their Apple passwords.
Called iMessage Chat, the app is available free from the Play Store and while it it allows Android users to chat with Mac and iOS users, it routes all sent and received messages through servers in China, then dupes Apple into accepting the traffic by posing as a Mac Mini.
UPDATE: The application and profile page of its developer have been removed from the Play Store.
Application developer Jay Freeman, also known as Saurik, creator of the Cydia app store for jailbroken iPhones, has raised concerns that users' information may not be secure when they use the app. Fellow developer Adam Bell tweeted to say the app is "super sketch[y] and is spoofing iMessage requests as a Mac Mini."
In response to questions from Twitter users, Bell said the app is not safe to use, and anyone who has used it should change their Apple ID password.
Grab your password
iOS security researcher who goes by the name of Pod2g tweeted: "Please do not use this Android iMessage app, never ever! They can grab your Apple ID and password! It can't be worse...And if you tried that app for the sake of curiosity, my advice is that you quickly change your password...Message to Google: revoke that application, quick."
Last updated on 24 September, the application was, according to its Play Store listing, created by a developer called Daniel Zweigart and it appears to be the only app he has released for the platform. The Play Store page says the app has been downloaded between 10,000 and 50,000 times.
Adding to the dubious nature of the app, Freeman said in a Google+ post: "The developer is even responding to reviews about login issues asking only for user's Apple IDs, which makes it sound like even the authentication must be under his direct control (where it can be logged and debugged given only the username)."
Another developer, Steve Troughton-Smith, tweeted to say the app can silently download code onto devices in the background, hidden from unsuspecting users - a feature that could be used to install harmful malware onto the phone.
Security expert Graham Cluley said the iMessage Chat application "sounds extremely dodgy to me...I would warn users not to install it."
Speaking to IBTimes UK, Cluley said: "Once again, it sounds like the Google Play store is allowing dubious apps to rear their head. There have also been a bunch of bogus BlackBerry BBM apps recently.
"It's perfectly within Google's ability to block it from their Android app store, but that's not going to stop it turning up on third-party marketplaces."
IBTimes UK has contacted Apple to ask if it will seek to have the application removed from Google Play, but we are yet to hear back.