Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How secure are apple APNS push notifications?

Tags:

security

ios

apple-push-notifications

push-notification

Does anyone know where the vulnerabilities are in Apple's APN push notification services?

We can ensure that our notifications are sent securely to Apple, so we just need to know whether they can be intercepted from that point?

Motivation: We have built an iOS messaging app that we are making as a 100% secure solution, with some features that have never been exploited before in security.

like image 711
TimWhiting Avatar asked Sep 22 '15 14:09

TimWhiting

People also ask

Are Apple push notifications encrypted?

iMessage makes extensive use of the Apple Push Notification service (APNs). Apple doesn't log the contents of messages or attachments, which are protected by end-to-end encryption so no one but the sender and receiver can access them. Apple can't decrypt the data.

Are push notifications secure?

Push notifications authenticate the user by confirming that the device registered with the authentication system – typically a mobile device – is in fact in the user's possession. If the device is compromised by an attacker, then push notifications are compromised.

Should I allow push notifications on my iPhone?

If you allow notifications on your iPhone from every app you use, you may spend more time checking your notifications than getting things done. While some notifications can be very important – phone calls and text messages, for example – too many notifications is bad for our sanity.

1 Answers

Apple released the UNNotificationServiceExtension last year, allowing developers to send fully-encrypted notification payloads through APNS and then let the app on the end-user's device itself do the decryption (or load any additional supporting data) before displaying the notification:

The UNNotificationServiceExtension class provides the entry point for a Notification Service app extension, which lets you customize the content of a remote notification before it is delivered to the user. A Notification Service app extension does not present any UI of its own. Instead, it is launched on demand when a notification of the appropriate type is delivered to the user’s device. You use this extension to modify the notification’s content or download content related to the extension. For example, you could use the extension to decrypt an encrypted data block or to download images associated with the notification.

My team is investigating this further as a means to send useful notifications in a fully HIPAA-compliant manner, with no ability for Apple to see the plaintext of the notification. We're optimistic.

like image 51
jabbett Avatar answered Oct 04 '22 22:10

jabbett
Sign in to Comment

Related questions

What is the big-O notation for iteration through NSSet and NSDictionary
BLE Swift write characterisitc
Xcode 6 - Push segue to same view controller
How to do match_parent in iOS
Watchkit: table with two templates in dynamic rows
Speech recognition using ionic framework
Scenekit Pan 2D Translation to Orthographic 3D only horizontal
How do I determine whether a UIImage is empty?
How do you exclude a UIButton from VoiceOver?
Update constraints after superview frame dimensions change
UIPopoverBackgroundView contentViewInsets must be implemented by subclassers
Swift Generics & Upcasting
Can i set different orientations for IPad and IPhone (Universal) app in cordova?
Advantage of telling the Swift Compiler an object's type, instead of inferring?
Disable mobile Chrome 43's "Touch to Search" feature programmatically
UIAutomation and XCTestCase: how to wait for a button to activate
UIImageView should be as circle view instead of diamond in UICollectionView
Manage a UIPickerView from an External Class - Using Swift
Removing the cancel button from Custom camera
cellForRowAtIndexPath is not being called from custom class

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!