3

We currently have a customer that wants us to implement push notifications to our app. The problem is that for this customer, security is really, really important... I am not able to find any official documents, that state that the only way to send push a notification to an Android or iOS device via internet is the use of FCM / APNS. Sadly, I don't think that I can convince the decision makers to open ports to a Google / Apple service, if I can't show them that this is a real necessity.

I know how push notifications work etc. and I myself know that it is necessary, but as I said, I need to convince some decision makers, so it would be really helpful if I could show them something official...

Glorfindel
3,1676 gold badges28 silver badges34 bronze badges
asked Apr 9, 2019 at 11:21
1
  • 2
    There are no "official" documents. If your customer doesn't want to use a third-party service, they have to run it themselves or find some other way to send notifications to their app. Commented Apr 9, 2019 at 12:02

1 Answer 1

4

Well, there are third party services which offer push notification functionality and work over standard ports (443 / HTTPS). (Apple Push Notification Services requires non-standard port numbers 2195 and optionally 2196 to work). Case in point: Firebase offers iOS push notifications as well; for this, you need to upload your private key you'd normally use to communicate directly with Apple's APNS server. But you'll still be using a cloud service, of course, just a different one.

The fundamental reason for this limitation is that there's only so much an app can do in the background; this is done to enforce low battery consumption. Push notifications are one way to wake up an app in the background and Apple and Google are intentionally limiting the options here. There are ways to have the app periodically poll a server for new content, but they won't be as near real time as push notifications can be and they might be removed from or not admitted to the App Store / Play Store for this kind of behaviour.

In the end, the customer needs to decide if this feature is worth the hassle. A properly configured firewall should not pose a security risk in this scenario.

answered Apr 9, 2019 at 11:40
2
  • Thanks, thats the exact answer I want to give the bosses. But because I'm only a small developer, noone will believe me ;-) That's why I need an official document to prove my point. Commented Apr 9, 2019 at 11:48
  • Well, you can't send emails either without opening an (SMTP) port and having your mail server talk to a server outside the network (cloud or on-premise)... Commented Apr 9, 2019 at 12:16

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.