Greetings from China
In his tests of iMessage Chat, Jay "Saurik" Freeman, who maintains the Cydia app repository for jailbroken iOS devices, discovered that iMessage Chat routes all communications through a server in China and then forwards the data to Apple.
Tom's Guide found that Huluwa.org, the website listed by Daniel Zweigart on the iMessage Chat page on Download.com, is registered to a person named Luo Wangyi in Fuzhou, Fujian province, China.
The Huluwa.org website also lists a PC and Android client for iCloud, Apple's proprietary cloud-storage and email service.
A Twitter account listed on the Google Play page for iMessage Chat was set up just this morning (Sept. 24) and is being used by someone with halting English.
Handing over the keys
Messages sent via iMessage Chat arrive at the destination unchanged, but the data itself — including your Apple ID and password, previously known only to you and Apple — could easily be stored on a Chinese server for later exploitation.
Your Apple ID and password are your keys to the Apple universe. Whoever runs that server could steal those keys and hijack your iCloud account, change your registered address to his own and, if you've let Apple save your credit-card information, buy music, movies and apps on your dime.
More worryingly, an Irish app developer named Steven Troughton-Smith discovered that the app can also download and install software on your phone in the background, much like a rootkit on a PC.
Although no one has yet identified exactly what software might be installed by iMessage Chat, this could potentially put your financial data and passwords at risk, thanks to malware that can read your credit-card information when making purchases on sites like Amazon.com.
It's unlikely that Daniel Zweigart, or Luo Wangyi, developed iMessage Chat with the intent of stealing your private information. Nevertheless, with security holes as large as these, iMessage Chat is an Android app you should definitely avoid.