I do understand that Apple emphasizes security but I have to ask: is there any way that a 3rd party app can access all notification data? Like the NotificationListenerService available in the Android API?
I did come across ANCS, but I guess that's only accessible to BLE devices. Please tell me I'm wrong.
No, Apple does not provide access to the Notifications of other apps, nor does it provide access to any listener service, or notification queue.
Here is a link to the Apple doc, which describes the provisioning that is required to set up and access APNS: APNS Provisioning and Development
Related
I am developing an MDM Server for my office(around 20-25) so that we can push our company's IOS apps(only 2) to users devices. We will not be managing the devices.
There are around 20-25 sub-offices around the globe and each has their own server(hosted only in intranet) and set of users. None of them intervene with one another.
The APNs Certificate way of MDM looks convenient to me.
I have looked at few MDM providers. They ask each customer to create their own APNs certificate in the Apple Certificate Portal. Why can't the MDM providers have their own APNs certificate and use it to manage the devices of customers?
Can there be a centralized MDM Server which provides its SSL Certificate details, APNs Certificate details and Profile details for the .mobileconfig and also take care of profile and app installation
so that users will connect to the centralized server and download the .mobileconfig but the individual servers should decide on who should download the .mobileconfig and see the status of installtion of apps on those particular devices?
Is this solution possible?
My company uses Airwatch and there is very little user setup. We download the Agent, tech department sends a qr code to email, user scans it, puts in their username and email for our network, and it just does all the setup. Then they can go to a catalog and download our applications. I develop these applications and have enrolled maybe a hundred devices and haven't had to do much of anything on the client side.
What you are saying would work if you change the phones OS to check into this central MDM server. This would actually break Apples streamlined way of doing this. Hate it or love it, APNS makes it so there is only one way of doing things.
iOS does not allow it but Android does.
You have to think like Apple to see why the MDM vendors have you make an APNS push certificate to give them. Say one day, your MDM server goes absolutely bonkers and starts sending commands every second to devices that makes them unusable for users (constantly locking the screen or erasing devices every day). How can Apple prevent your rampant abuse of the MDM protocol that is ruining customer experience? Well, if they revoke the APNS certificate, you can't command your devices any more as the devices will never get notified there are new MDM commands, and the users will no longer be affected.
If there was a MDM vendor who had one APNS certificate for hundreds or thousands of different companies, the abuse by a single company could lead to Apple revoking the APNS certificate and now all those other companies are unable to use their MDM because of one abuser.
I've read the Apple docs on APNs and there's one thing I'm not sure about. First, some background on where this is coming from.
In the company I work at, we develop an SDK that interfaces with our webservices. One part of the SDK is sending messages and we're thinking about push notifications when the user is not online (app suspended/not running). We don't have an app ourselves, but would like to provide this feature to users of the SDK and our platform.
So: Can we create an authentication token or certificate of our own to connect to APNs and then push a notification to an app developed by a 3rd party (with their app token)? Or do we need to collect all the information from the 3rd party and basically impersonate them?
Google and Microsoft provide a service like that, but I'm not sure what's happening behind the scenes.
Can someone please elaborate?
We are using Stripe gateway for Apple Pay integration. It provides way to check if Apple Pay configured on device, but I'm curious if it is possible to show a kind of system dialog asking to configure Apple Pay. Opening system preferences (ex. How to open Settings programmatically like in Facebook app?) will also do, though I'm not sure if it's the allowed approach, and the app will not be banned by Apple.
Thanks.
PKAddPaymentPassController is intended for banks who want to add their own cards directly to Apple Pay. You won't be able to use it for what you're intending.
Instead you should use PKPassLibrary -openPaymentSetup, which will allow you to open the Apple Pay setup flow (either in Wallet on iPhone, or Settings on iPad).
So my client wants an app that works like this:
one user presses a button on his device
other user(s) get a push notification
no third party server
So I have been looking into the Apple Push Notification Service but I don't want to have a third party "provider" server. Would it be possible for an iPhone to act as a "provider"?
I have already looked at this question which sounds like what I want to do but I am not satisfied with the answer. More specifically:
Would encrypting the APNs key with another key hardcoded into the app be secure enough? Any other ideas for dealing with that issue?
The tokens will always stay the same for a given app for a given device, right? If that's the case, I can deal with creating the token database. If that's not the case, my app won't work.
Will Apple accept such an app?
Would encrypting the APNs key with another key hardcoded into the app be secure enough?
I believe the main issue is you'll need to deliver APNS certificate and private key with your app, and renew it when needed (on all devices). Regardless of it being encrypted or not, if it is available for your app, it might become available for attacker (by dumping its plaintext representation from memory, or by disassembling your decryption code) and make it possible to impersonate your app. So no, it is not secure.
The tokens will always stay the same for a given app for a given device, right?
Not really. Documentation claims that a device token is not a unique ID that you can use to identify a device. Device tokens can change after updating the operating system on a device. As a result, apps should send their device token.
Will Apple accept such an app?
I believe there were no precedents because of the reasons above.
I am working on an enterprise application to be distributed in-hously. As a feasibility study, I have read & have developed push notifications using APNS. Here is something I want to ask regaring APNS.
My humble request to.enthusiastic developers,
"Answer this if they have encountered or have any idea or have done some sort of work like this. Please do not just point to any arbitrary tutorial or question links of Stack Overflow."
What are the security aspects involded (from information security point of view) on the PayLoad that I will be sending to APNS server. My client cares because of the information Security policies that I too have to abide.
Is it possible to send / receive notification from the APNS from being within a VPN. How ?
Is it possible to completely bypass the APNS server & have a one in-house server, that can send notification to my device directly. How ?
What if, if I want to implement APNS but do not want to share my
payload with APNS server.?
Thank you for reading my question.
Although end points of the APNS architecture are TLS encrypted, Apple may see your data in clear text. You have to clarify with your customer, if this is ok or not.
Yes, but you'll need some open ports
No, this is not possible
You may use some kind of token as the payload and request the confidential information from your own server using this token.