APNS certificate issue for free and paid version - ios

I have two Applications in iTunes. A free version and a paid version. The paid version does not have advertisement. The two versions have different App Ids.
I have set up APNS for one of the App Ids. How can I handle notifications for both Apps?

Each application requires its own certificate (since each App Id has its own push certificates).
Therefore, your server will have to hold a different certificate for each App, and maintain a separate connection with the APNs server for each App (since you use the certificate to open the connection).
This means that when one of your apps sends a device token to your server, you have to know which app sent the device token, and mark it accordingly in your DB (in order to know which connection to the APNs server to use when pushing a notification to that device).

Related

Why iOS MDM is the way it is?

I am developing an MDM Server for my office(around 20-25) so that we can push our company's IOS apps(only 2) to users devices. We will not be managing the devices.
There are around 20-25 sub-offices around the globe and each has their own server(hosted only in intranet) and set of users. None of them intervene with one another.
The APNs Certificate way of MDM looks convenient to me.
I have looked at few MDM providers. They ask each customer to create their own APNs certificate in the Apple Certificate Portal. Why can't the MDM providers have their own APNs certificate and use it to manage the devices of customers?
Can there be a centralized MDM Server which provides its SSL Certificate details, APNs Certificate details and Profile details for the .mobileconfig and also take care of profile and app installation
so that users will connect to the centralized server and download the .mobileconfig but the individual servers should decide on who should download the .mobileconfig and see the status of installtion of apps on those particular devices?
Is this solution possible?
My company uses Airwatch and there is very little user setup. We download the Agent, tech department sends a qr code to email, user scans it, puts in their username and email for our network, and it just does all the setup. Then they can go to a catalog and download our applications. I develop these applications and have enrolled maybe a hundred devices and haven't had to do much of anything on the client side.
What you are saying would work if you change the phones OS to check into this central MDM server. This would actually break Apples streamlined way of doing this. Hate it or love it, APNS makes it so there is only one way of doing things.
iOS does not allow it but Android does.
You have to think like Apple to see why the MDM vendors have you make an APNS push certificate to give them. Say one day, your MDM server goes absolutely bonkers and starts sending commands every second to devices that makes them unusable for users (constantly locking the screen or erasing devices every day). How can Apple prevent your rampant abuse of the MDM protocol that is ruining customer experience? Well, if they revoke the APNS certificate, you can't command your devices any more as the devices will never get notified there are new MDM commands, and the users will no longer be affected.
If there was a MDM vendor who had one APNS certificate for hundreds or thousands of different companies, the abuse by a single company could lead to Apple revoking the APNS certificate and now all those other companies are unable to use their MDM because of one abuser.

Can we host two APIs (APNs providers) on single machine who send notification to two different apps?

I am very new to iOS app development and APNs. I have developed two apps which are configured to receive push notification.
In my test environment, I am hosting two APIs apiAppX and apiAppY written using Javapns library on same machine. apiAppX and apiAppY generate push notifications(alerts) for appX and appY respectively. I am using different p12 file for different app.
The problem is, if I generate APNs certificate for appX first then it receives notification but appY doesnt. If I generate APNs certificate for appY first then it receives notification but appX doesnt.
I think this issue is being caused because I am hosting two providers on one machine. I came to conclusion after reading this documentation. Especially, after reading following paragraph:
Note that provider connection is valid for delivery to only one specific app, identified by the topic (bundle ID) specified in the certificate. APNs also maintains a certificate revocation list; if a provider’s certificate is on this list, APNs may revoke provider trust (that is, refuse the connection).
Am I right?
Thanks.

Why should I use my own server to validate iOS receipt?

I want to validate iOS receipt.
I thought I would send a receipt to the App Store verification server (https://sandbox.itunes.apple.com/verifyReceipt or https://buy.itunes.apple.com/verifyReceipt).
But Apple reference says:
It is not possible to build a trusted connection between a user’s
device and the App Store directly because you don’t control either end
of that connection.
And apple recommend sending a receipt to my server then send it to the App Store verification server to validate.
(https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html#//apple_ref/doc/uid/TP40010573-CH104-SW1)
I don't understand why a connection between a device and the App Store is not trusted regardless of using HTTPS connection.
Your app is running on hardware controlled by the user. They have physical access to it, and can do anything they want with it. The operating system doesn't make it easy for a user to mess with things, but it can be done and hackers do it.
You can validate the iOS receipt on the iOS device. But you cannot be sure that the receipt is actually valid. The user could have hacked the device to make you think the receipt is valid.
I don't understand why a connection between a device and the App Store is not trusted regardless of using HTTPS connection.
HTTPS does not protect you from a hacker who has physical control over iOS device. A hacker can install different SSL keys on the device, allowing it to connect with a different server.
When your app tries to communicate with Apple's server, any network administrator can change it so that some other server is contacted instead of Apple's one. This server would normally be rejected because the SSL key will be untrusted... but if the user controls the device, they can make it trust an invalid SSL key.
Your server, however, is controlled by you. Your customers do not have physical access to it. And therefore your server (hopefully!) cannot be hacked. This means your server can be trusted, unlike the device. When your server establishes an SSL connection to Apple's server, you know you really are talking to Apple's server. Not one that your user installed to bypass in-app purchasing.
So, if the user buys something in your app... you don't want to store the thing being purchased inside the app. You want to store it on a server, and that server only sends the purchased data to the device after it has verified the receipt with Apple's server.
If you don't want to spend money running your own server, then you will simply have to accept that any tech savvy person with a few hours of free time can create fake iOS purchase receipts and convince your device that they are valid.

Same APNS token returned by two different applications

How can same APNS token be returned for two different applications installed using profiles created from two completely different apple enterprise accounts?
However the notifications are properly received by the respective applications! just curious to know how apple manages to map with correct device and the right application.
All apps on the same device get the same device token. Apple knows which app should receive the notification because the certificate you use to send the notification is unique for each app.
Seem like up to iOS 6, the token was the same for all apps on the same device, the way to difference them, it was the certificate.
From iOS 7+, the token is unique for each app and device. So every app on the same devices will get a different APNS token.

Service Web with APNS serving two apps = two certificates?

I'm developing a iOS app. This app has two targets (free version and premium version). Then I want to send push notifications throw my Service Web.
So, Do I need two certificates? Because my app (free or premium) uses the same Web Service and the same database. And when I want to send a push notification, now do I have to store and look if it's one version or another?
Can I use one certificate? Can I merge two certificates in one?
Thanks.
You can't use one certificate, since each certificate it tied to an App ID, and the App ID is different for each App (it contains the bundle ID of the App which is unique for each App).
You must use two certificates, which means your server will have to know which Device Token belongs to which App, and use the appropriate certificate. Perhaps, when you send the device token from your app to your server, you should send some additional info that indicates which App sent the token).

Resources