I've checked through other questions and responses here at StackOverflow but couldn't see something exactly like this; I would like to be able to push a token via APNS. The purpose of this is to verify that a subsequent user request to a restful web service comes from an iPhone device and not from a non-iPhone source (it's trivial to change HTTP headers to fake looking like an iPhone request).
Couple of questions:
Is it permissible under Apple Guidelines to insist that push notifications be enabled ?
Is it possible to send a SILENT push notification carrying some small text payload?
Does anyone know if this would pass Apple's scrutiny or run afoul of their guidelines
Many thanks.
You cannot force user to accept push. A user always has option to refuse.
Yes you can send a notification with no sound / text, and add metadata.
Yes, sending a token seems an acceptable use for Apple.
However, I do not personally think this use case does cleverly fit the push use case at all. You will have to many edge case to make it reliable enough (delivery delay and non garantee of delivery, etc)
It is easier to have other mechanisms in place (like secret + signature in the URL by the app).
I see that folks are still looking at this question. FYI, for enterprise dev which is the area I mostly work in, you simply register the iOS app as a VOIP app and it will accept silent notifications without a need for the user to approve.
Related
I have an app-server process that needs to check if the device making a request is an actual iOS device. I used to do this by taking advantage of push notifications. The user first authorizes push. Each time the user makes a specific type of request, I push a code to that device with which the app uses to make a second "authenticated" request to the app server. That additional channel of going through APNS would, in a sense, prove the authenticity of the requester's device. This makes it difficult for a person to spoof the request because they would not be able to receive the push notification with the needed code.
Recently though Apple started enforcing the rule that apps cannot require the user to accept push notifications in order to use the app, even though we do not use push notifications for alerts.
Is there any comparable way for my app server to check with Apple that a request is coming from my app on an actual iOS device? Or is this an unrealistic expectation to be able to determine this.
I could not find the article now, but some guys managed to register raspberry pi as a iOS device and receive push notifications via wifi... that I believe would be concrete proof that not even your first "2 way authentication" is really safe...
Now, directly answering, NO, there's no way for your app server to check if the request did come from a iOS device because all info in a TCP/UDP package is 100% "spoofable"...
We are currently implementing push notifications (for IOS only for now), and we are planning on using Urban Airship. We want to send a push message to a device if they have our app installed and push enabled, and send an SMS message if not. Our users pay for the notifications, so we want to make sure as much as possible that they always get either a push message or a SMS message. Sending the push messages itself works fine, but I am confused about how to keep track of who we can actually send push messages to.
As far as I know, the only way to really making sure if a user can receive push messages is to, before sending a push message, make an additional call to the urban airship api to check if the device exists and is active. I would prefer to not do 2 api calls for each push message, so an alternative could be to keep track of all registered devices in urban airship locally, and update that list once per hour or so. However, this would mean the 'active devices list' is not always completely accurate, and that we have to keep track of all registered devices ourselves, which feels like re-implementing a part of urban airship.
Is there any other (better) way to do this? As far as I can see, when I send a push message to urban airship the api always returns that it was sent succesfully, regardless of whether or not a device is active, or if it even exists.
I can't imagine that I am the only one with this problem. Does anyone have a better way of solving it, or am I stuck with the 2 options that I figured out myself?
Urban Airship shares the following two options:
In any case, applications should expect and handle inactive device
tokens properly. We recommend that developers either:
Register the device token every time the application is opened, like our sample app does
Use our feedback API regularly, store inactivated device tokens in your own database, and send registrations when the device token
becomes active again.
If you make an additional call to the Urban Airship to check if the device exists and is active, even then the 'active devices list' may not always be completely accurate because Urban Airship relies on periodic updates from Apple Feedback Service:
Apple tells us that the application has been uninstalled via the
feedback service, which we check on a regular basis.
Also, do remember what Apple has stated about the delivery of Push Notifications:
Important: Delivery of notifications is a “best effort”, not guaranteed. It is not intended to deliver data to your app, only to notify the user that there is new data available.
I am working on an application that must notify the user of a server-initiated event. These notifications are only useful for a short space of time (30-60 seconds). For this reason, I am looking for a method that can both deliver a notification quickly, and, importantly, can somehow invalidate (retract/cancel/timeout) the notification after it has already been delivered.
My understanding is that the APNS is not suitable for this. They 'send and forget', giving no ability to check/modify/delete a notification. This functionality is integral to my app though, so I am open to any suggestions for methods or services that might let me achieve this.
In my mind there are several options:
Server sends notification to user. Server then later sends 'cancel' message to user, which removes the notification.
Server sends notification to user, which has a built in timer. This timer is monitored locally, and once it elapses, the notification is removed.
App periodically polls server and schedules/cancels a local notification according to what the server says.
My preference is option 2, because it is self contained and efficient. One message initiates both the scheduling and cancellation. Option 3 has issues with iOS shutting down the app if it's in the background (not to mention the rate at which it would have to poll the server given the notification would only be useful for ~30 seconds).
Do any services such as Urban Airship offer some functionality that could achieve this? Any other suggestions/complete work around methods? All very appreciated.
Thanks for your time!
Matt
EDIT: In the interests of encouraging out of the box thinking, another idea might be that the server initiates an automated phone call with the app user. If the user answers the call, the required information is given to them. If not, the information is no longer available. Bit wacky, and my instinct is that it would be costly, but I'm open to anything!
Anything that happens asynchronously can be done with push notifications as it already provides a unidirectional, instant communication channel between you and your customers, so no need to do strange phone calls (which can interrupt your users' activities, bothering them).
You can go for a dual solution, in which you notify your users of how many unread notifications they have in their inbox. Then can you implement your own in-app message inbox, which connects to your servers and fetches the relevant data (in case it hasn't expired - if it has, just let the user know -).
This way users would be able to know how many notifications have been made available to them, but they could only check the ones that are still valid. UrbanAirship employs this approach for their Rich Push feature.
Apart from this, you need to bear in mind push notifications can be very intrusive for the user, so use them wisely or you'll see your users unsubscribing from them or even worse, uninstalling your app.
Well my guess you are out of luck, since your only option is APNS.
There is no support for canceling notifications.
Apps can't access the notifications for the app, only the one the user uses to open the app. Also you can't really run apps in the background is they are not used for location, media, VOIP or need to access some kind accessory.
See my point where you can't really run app in backgroud.
Third party services can not add extra functionality to the APNS server as provided by Apple.
As to your suggest that the server will the app, you can't intercept call, sms,... on iOS. I really you only solution is to build a VOIP app that will call the user when ever the notification needs to be displaid.
Apple has no solution that will suite you needs, guess it will have to be an android app then :S
I want to create an iOS chatting app using APNS. If I have 10,000 active and they are continuing chatting, will apple block my developer account ? Is there any limitation regarding this?
I would discourage you from using APNS as a backbone of an "chatting app".
If you need fast chatting functionality you should write your own TCP-socket based server.
If every-few-second syncing is o.k. you can get away with a HTTP-based server backend (but all the pull-syncing can be hard on network traffic - so TCP-socket is still better choice).
You could however use APNS for fallback - when your app on certain device is not responding (i.e. is not connected to server) you can send an initial message trough APNS (to wake up your app & to notify the user there is a message waiting for him).
As soon as the user opens your app you should switch back to your TCP-socket or HTTP request based server communication.
As for your question: no, Apple would most probably (one can never know for sure) not reject your app just because of using APNS for chatting. But note (as the others said allready): messages between two users will get "lost" if they would interact too frequently - see the link Roman Barzyczak gave you.
"If you are sending multiple notifications to the same device or computer within a short period of time, the push service will send only the last one."
more information: http://developer.apple.com/library/ios/#technotes/tn2265/_index.html
but Apple wont block your developer account :)
You can use them for messaging but you are going to quickly find out that there is no guarantee they will arrive. This is known as the black hole of push notifications. ;-)
I like this answer here.
First try to use an APNS only solution.
Make your push notifications stateless (they only serve as "Hey you have some new stuff in the server").
So when the client gets a push notification it asks the server for new data (messages or other stuff).
Use OneSignal to simplify the code that sends push notifications (from the back-end). If a user in your app gets a message after 10 seconds he dose not care if you used TCP,socket.io or xmpp...
Even Whatsapp's messages can take couple of seconds to arrive.
A chat app is not a realtime game. A delay of couple of seconds will be acceptable by end users.
I want to use "push notification" in my apps, In general, I have a basic knowledge about push notification and I want to use urbanairship service for message broadcasting.
Also, my apps have not centralized web service, handle device's tokens, therefore, I have no solution to keep tracks of device tokens. ( uninstalled apps etc. )
After analyzing urbanairship api, I noticed that urbanairship do that for me, but I'm not sure 100%, so am I understand correctly?
Also, I think that registration of device token into urbanairship servers made by urlrequest like:
Convert device token to hex formatted string.
Creating urlrequest like: https://go.urbanairship.com/api/device_tokens...
Then we call NSUrlConnection.
Or urbanairship has built-in solution for it too and I missed it.
Thank you.