APNs duplicate tokens - ios

We have a push notification server which holds the data (device tokens) for several different applications. With Apple wanting to stop people using the UDID as identifier, I was looking into changing this server so that it does not rely on UDIDs to identify devices any longer.
I understand that the tokens returned by APNs are not globally unique, but rather unique per device. However, when going through our database, I noticed that there are several cases (a few hundred on 750k+ registrations) where the same token is used for different devices.
So I'm trying to figure out what's causing this. At this point, I see 2 possibilities:
There is an obscure bug in our server registration handling somewhere
Apple recycles these device tokens (perhaps after a device reset?). We always store the last time a certain device registered, and I noticed that there are always at least several days between registrations of different devices with the same token. As far as I can tell, there are no tokens that are concurrently used by different devices.
I would really appreciate it if someone could shed some light on this.

What we know is that Apple tells us to use the Device Token to push notifications to a device. So, as long as you are:
Querying the APNs for a new device token every time the application is launching and registering it in your database
Querying the Feedback service for inactive devices and purging them from your database
... you are doing what Apple is expecting you to do.
However, I do suspect that there may be a bug in your registration code because 100/750k is a pretty high conflict rate. Considering these device tokens are used to push notifications, a lot of people would be complaining about receiving notifications that don't belong to them...

Related

Is it acceptable to send APNS device token each time with user request instead of registering user?

I have iOS application where new data arrives each hour on server.
When new data arrives, I would like to notify user if there is something of interest for him, based on his alert definitions.
I learned that only way to achieve that is APNS (Background tasks are not an option for regular precise waking up and fetching data so far I can tell after reading a lot).
I don't want to add registration/login requirements for user.
Is it possible and aligned with Apple standards to retrieve device token and send it to server each time with each alert request created by user, so that I can notify him/her by push notification once it is fulfilled?
So I can pair device token with alert request in database on server.
I don't want to implement apps feature and to go through effort of implementing APNS both client and server side only to get application rejected by Apple. Therefore, any reference to if it is possible or not, personal experience or working solution proposal is much appreciated.
Unfortunately, iOS uses a UUID as "device token" and it changes frequently and randomly (to protect privacy) so unless your application handles users one way or another, you won't be able to pair users with devices.
A solution might be that when your application installs for the first time and opens, you generate a unique id, it can be a UUID or some random string and save it to the keychain or if possible loses are okay, just save it to userDefaults. Keychain persists between app install and even is the user switches phones and you can use this uuid as "user per device"

Firebase notification sent to an audience does not reach all devices it should

I have an interesting situation. For some time I have been collecting an audience based on a single user property. Now it has significant amount of devices included. The audience is for ios devices.
I then sent a notification to that audience and I that see some of the devices receive that notification, some don't. Why could that be?
Experiments show that devices that don't receive the notification, receive a notification targeted to single device only. Also they receive notifications send to all users. That makes me suspect that this is related to audiences. I have verified that at least one device that does not receive the notifications has proper value for the user property in question. However, it is possible that the during the past days device has had varying values for the property, based on the account used for logging in to the app. Sometimes it has had two versions of the same app installed at the same time.
I have similar audience for Android and as far as I can tell, all members in the audience receive the notification.
The audience's are in thousands, so the information is based only on few devices I see around me, plus Firebase and Google Analytics.
From Firebase documentation I learn that "a user is a permanent member of an audience after they are assigned to it", which explains why two opposite audiences combined may be bigger than the total number of users, but it makes it even more difficult to understand why someone having the properties required for the audience would not belong to it.
Any ideas on how to debug this or what could be the reason. Or even better, how to fix this? Since this is production software, I can not send excessive number of notifications to try different things.
While I probably still don't know all of the possible reasons for this, there are at least two things that seemed to have some effect on this in our case and third one that could have been the reason if not correctly understood:
1) Our app did register list of values with single call to setUserPropertyString and in some cases the string did exceed the 24 character limit, which caused the property not to be set and the user/device not to be included in an audience.
2) When sending the notification to iOS app, the "High" prority should be selected, otherwise it is possible, or even likely that the notification does not reach the device.
3) Firebase console texts for combining multiple audiences are not all that clear, especially the "does not ..." texts could be clearer in my opinion. This is what they mean in practice:
includes all of == AND, notification is sent if user is included in all selected audiences
includes at least one of == OR, notification is sent if user is included in at least one of the selected audiences
does not include all of == NAND, notification is sent if user is not included in all of the selected audiences, but user can be included in some of them
does not include at least one of == NOR, notification is sent only if user is not included in any of the selected audiences

iPhone act as Provider to APNs (Apple Push Notifications without third party server)

So my client wants an app that works like this:
one user presses a button on his device
other user(s) get a push notification
no third party server
So I have been looking into the Apple Push Notification Service but I don't want to have a third party "provider" server. Would it be possible for an iPhone to act as a "provider"?
I have already looked at this question which sounds like what I want to do but I am not satisfied with the answer. More specifically:
Would encrypting the APNs key with another key hardcoded into the app be secure enough? Any other ideas for dealing with that issue?
The tokens will always stay the same for a given app for a given device, right? If that's the case, I can deal with creating the token database. If that's not the case, my app won't work.
Will Apple accept such an app?
Would encrypting the APNs key with another key hardcoded into the app be secure enough?
I believe the main issue is you'll need to deliver APNS certificate and private key with your app, and renew it when needed (on all devices). Regardless of it being encrypted or not, if it is available for your app, it might become available for attacker (by dumping its plaintext representation from memory, or by disassembling your decryption code) and make it possible to impersonate your app. So no, it is not secure.
The tokens will always stay the same for a given app for a given device, right?
Not really. Documentation claims that a device token is not a unique ID that you can use to identify a device. Device tokens can change after updating the operating system on a device. As a result, apps should send their device token.
Will Apple accept such an app?
I believe there were no precedents because of the reasons above.

how to prevent APNS device token redundancy in database

I am using apns notification for my app, and for this i am storing the apns device token in my sql database.
The issue is that every time the user deletes or installs the app, it generates a new device token and this gets stored in the database, since the same user can have multiple devices, I cant update the token for that user and a new record gets created. this has let to many records for the same device and same user. it might lead to performance issue later.
Please help. How do I fix the issue storing multiple tokens for same user.
Sorry for replying late, we fixed the issue by running another job which used to delete APNS token stored in database other than the latest one.
Our database stored APNS tokens for each user and each device. Depending upon these uniqueness. only latest tokens for each device is kept in database to prevent multiple notification on same device.
another solution is to use upset (insert or update), if any device already has a token then update the same with new one or insert.
I feel IOS should provide reliable API to handle this. The present Delete token API is not reliable.

Does iOS distribution push notification need device token

I've used the following tutorial to implement push notification in my app.
http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1
And it works for development version. But I had include a device token in the payload (php) file.
Does this need to be the same for distribution as well. Do I need to gather all the device tokens from active users and send distribution push notifications, one by one?
I thought I would be able to do a broadcast without keeping track of all active device tokens. Is this not the case?
App is already on app store by the way.
Thanks.
Yes, you have to keep track of their device tokens. Also keep in mind that the device token might change for a single device, even though that doesn't happen frequently.
If you think that's too much trouble, you can use some service like Parse.com to do that for you, using their SDK.

Resources