> I do not want to have my Apple ID login routed through a third party
Then don't use Beeper.
> I trust an established, trillion dollar company far more with that sensitive info than I do a fast-moving, eager-to-break-things startup. And the list goes on.
Thankfully, you don't necessarily have to trust them since the entire process runs on your device.
> I really don't believe they're entitled to parasite off the undocumented iMessage API.
Do you also believe it's "parasitism" for a tool manufacturer to create a screwdriver that fits another manufacturer's screw shapes? That's more or less exactly what's happening here - they made a tool that fits the existing proprietary API and interacts with it.
> Which part of your screwdriver is costing the original manufacturer money every time you turn a screw?
The true cost is so insignificant as to not matter. The normal iOS push notification spam uses orders of magnitude more resources than whatever Beeper uses, and yet Apple doesn't seem to mind those.
The screwdriver would cost a lot to a screw company that based its business model on being the only seller of compatible screwdrivers though, and that's why Apple is mad about this and trying to break it.
This is more like a 3rd party releasing a tool that unlocks a proprietary security shroud so you can plug in a wireless router to an ISP POP. You aren't authorized to unlock that shroud or rebroadcast that internet, just like Beeper Mini is not authorized by Apple to use their authorization-required iMessage service.
If I sold internet off that wireless router and the next OSP tech that gets into that POP (rightfully) unplugs it, why should I have any right to call my ISP and chew them out because people gave me money for that internet access?
Beeper Mini is not "unlocking" anything more than a real iPhone does. It's not exploiting anything, it's following exactly the same protocol and registration flow as the real thing (that's why it works in the first place). No security is being broken here.
You could argue that it's using an (insignificant) amount of resources on Apple's side without having paid for it (since most users wouldn't have purchased an iOS device), but Apple can trivially mitigate that by offering an officially-supported registration flow that charges a reasonable fee.
You can't use iMessage without authenticating, and Apple didn't provide a way for Android devices to authenticate. Beeper Mini, while it may be using the APIs through a questionably obtained binary, is handling authentication for you so a non-approved device can become authorized to send/receive iMessage data. A non-authorized device is gaining access to an authorization-required service in a way the service provider is not happy about. If it isn't technically unlocking something Apple doesn't want unlocked, it's realistically gaining access to a restricted service. Just because I can make a key that unlocks my neighbors door doesn't mean I have the right to use it without his permission.
Then don't use Beeper.
> I trust an established, trillion dollar company far more with that sensitive info than I do a fast-moving, eager-to-break-things startup. And the list goes on.
Thankfully, you don't necessarily have to trust them since the entire process runs on your device.
> I really don't believe they're entitled to parasite off the undocumented iMessage API.
Do you also believe it's "parasitism" for a tool manufacturer to create a screwdriver that fits another manufacturer's screw shapes? That's more or less exactly what's happening here - they made a tool that fits the existing proprietary API and interacts with it.