top | item 20890624

(no title)

eridius | 6 years ago

It's pretty weird how the article doesn't even bother to mention that Apple has an official API for doing encrypted notifications, and I really have no idea why these apps are abusing the VOIP stuff instead of using the actual encrypted notification feature. The article quotes someone as claiming APNS isn't reliable, but with zero evidence, and it seems pretty darn reliable for all of the non-encrypted apps using it.

discuss

lacker|6 years ago

In Apple's API you can send an encrypted message and have the app decrypt it. But you can't send an encrypted blob of data and have the app decide whether that blob of data was a message to be shown to the user, or a different sort of data like a read receipt. So the server needs to be able to differentiate the types of data packets sent from user to user, in order to use Apple's notification API, which is less private.

oneplane|6 years ago

And that would be a problem if having 'is typing...' and 'was read' notifications had to be pushed realtime to an app that was in the background. What is the point of those notifications arriving in the app when the user isn't using it.

madrox|6 years ago

From PushKit's documentation:

PushKit notifications also have the following advantages over user notifications:

- The device wakes only when it receives a PushKit notification, which can improve battery life.

- Upon receiving a PushKit notification, the system automatically launches your app if it isn't running. By contrast, user notifications aren't guaranteed to launch your app.

- The system gives your app execution time (potentially in the background) to process PushKit notifications.

- PushKit notifications can include more data than user notifications.

Sounds like PushKit notifications are treated like a full app launch, which gives your code access to APIs which regular push notifications don't give you (trivial example being location) https://developer.apple.com/documentation/pushkit?language=o...

mobilio|6 years ago

Correct!

But also some authors uses PushKit to keep their app constantly running in background.

joecool1029|6 years ago

> The article quotes someone as claiming APNS isn't reliable

I looked into that, the second answer here gives better but slightly dated insight on the matter, it makes sense: https://security.stackexchange.com/questions/119624/how-is-w...