Beeper is not exploiting any kind of vulnerability. The user is voluntarily providing their Apple ID credentials (or doing the SMS verification process to prove ownership of their number), just like they would on an iPhone.