Apple Push Notification Service - Multiple device tokens are valid for the same device

Question

In order for us to send users iOS notifications the following flow occurs: a user installs our app, registers with APNS, and sends the registration token to our server to be used later to send notifications.

The above process is repeated for every device on which the user installs our app; we'd like them to get notifications on all their devices.

In addition to this, the process is repeated when a user uninstalls our app and reinstalls on the same device.

Every time the process repeats we get a new, distinct registration token. This is all well and good however, we noticed that only recently when our app is uninstalled, the device token remains valid after it is reinstalled and a new token is generated. It is our understanding that a single unique token can exist for a device.

Apple's documentation seems to suggest this as well (https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Chapters/ApplePushService.html#//apple_ref/doc/uid/TP40008194-CH100-SW12)

The form of this phase of token trust ensures that only APNs generates the token which it will later honor, and it can assure itself that a token handed to it by a device is the same token that it previously provisioned for that particular device—and only for that device.

When a new token is generated after reinstall and sent to our backend, we've got two device tokens that point to the same device and as a result we send multiple notifications to that device. Are we misunderstanding the documentation? If so, what's the typical way of dealing with the reinstall scenario?

Thanks!

Answer 1

We just did a test here. On our iOS 8.4.1 test device after reinstalling our app we've received the same token, whereas on iOS 9.1 we always receive a new token after re-installing. This wouldn't be a problem if APNS invalidates the older device tokens, but as far as I can tell it does not. The result is that we're sending duplicate notifications to our users to the same device. Maybe it takes some time to invalidate older token?

We decided to do a server-side fix for this and remove duplicate tokens for one user from our database. Not a good and permanent solution, but a short-term fix for us since our users use the app usually on one device only.

Answer 2

Yes, I am seeing a single device with the same app (my app), which has been issued different APNS over its short life, many of which are still capable of still receiving a push notification (from production APNS server).

The easy fix would be to just have our backend APNS sending service to only honor the last APNS token received. This is doable, assuming there is another primary key that is unique to every iOS device. Well, since UUID is no longer available, then we have to rely on the Apple Vendor ID. That problem with the Apple Vendor ID is that value can also change over time, so be sure to account for that.

We currently only send push notifications to devices which have our unique member/user ID. This is known to our app, once a user has signed into our app. So, we could use our member/user ID, but if a member/user has multiple devices, that means if we use the last APNS token value as the one that wins, than the same member could NOT have multiple iOS devices receiving push notifications (think iPad and iPhone, pretty common these days).

So, with that being said, when upper-management wants to send push notifications to devices in which no unique member/user has actually signed into, there is a risk of the streams getting crossed.

Answer 3

We have the same problem that we found 2 valid device tokens for 1 device. However, when we tried to verify "uninstalling and reinstalling would generate a new device token, and the former device token is still valid", we got the opposite result. Namely, the new device token was generated, but the former device toke became invalid. I verified this on 3/9/2016 and 3/10/2016.

Not sure if Apple has fixed this bug partially:

a) when the app is uninstalled and reinstalled from now on, the old deviceToken become invalid. (no new issues)

b) currently valid device tokens will continue to be valid. (old issues can't be fixed, the device will still receive multi notificatioins from each valid device token)

Looks like we'll have to use "identifierForVendor" to distinguish a unique device: Cleaning our registration table (and keep the latest deviceToken only) if we see 2 deviceTokens share the same identifierForVendor.