Commenters on Freeman's Google+ page, where he also discussed iMessage Chat, pointed out the danger of trusting a third-party app with an Apple ID. "Seems to be a quick way to get pwnd in some way or another," said Hugo Visser, a Dutch developer of Android apps.
Commenters also noted that the China-based server was running SQL Server, which was accessible from the Internet, posing yet another threat to anyone who used iMessage Chat. Even if the developer was on the up-and-up, and wasn't harvesting Apple IDs, the server could be hacked by others, who would then be able to sweep up the credentials.
Someone who identified themselves as "Hu LuWa" — the name used for the developer's website, according to Google Play — dropped in on Freeman's Google+ page to post one comment, but did not answer any of the several questions others posed.
The developer's website — huluwa.org — was offline Tuesday. A message left on a Google+ page assigned to Hu LuWa was not returned.
A Google spokeswoman confirmed the company had pulled the app. "We remove apps from Google Play that violate our policies," she wrote in an email reply to questions.
Sign up for CIO Asia eNewsletters.