苹果 APNS 推送通知的安全性如何? [英] How secure are apple APNS push notifications?
问题描述
有谁知道苹果 APN 推送通知服务的漏洞在哪里?
Does anyone know where the vulnerabilities are in Apple's APN push notification services?
我们可以确保我们的通知安全地发送给 Apple,所以我们只需要知道从那时起它们是否可以被拦截?
We can ensure that our notifications are sent securely to Apple, so we just need to know whether they can be intercepted from that point?
动机:我们已经构建了一个 iOS 消息应用程序,我们正在将其作为 100% 安全的解决方案,其中一些功能以前从未在安全方面被利用过.
Motivation: We have built an iOS messaging app that we are making as a 100% secure solution, with some features that have never been exploited before in security.
推荐答案
Apple 发布了 UNNotificationServiceExtension 去年,允许开发人员通过 APNS 发送完全加密的通知负载,然后让最终用户设备上的应用程序在显示通知之前进行解密(或加载任何其他支持数据):
Apple released the UNNotificationServiceExtension last year, allowing developers to send fully-encrypted notification payloads through APNS and then let the app on the end-user's device itself do the decryption (or load any additional supporting data) before displaying the notification:
UNNotificationServiceExtension 类提供通知服务应用扩展的入口点,让您可以在远程通知发送给用户之前自定义其内容.通知服务应用扩展不显示任何自己的 UI.相反,当适当类型的通知发送到用户设备时,它会按需启动.您可以使用此扩展来修改通知的内容或下载与扩展相关的内容.例如,您可以使用扩展程序解密加密的数据块或下载与通知关联的图像.
The UNNotificationServiceExtension class provides the entry point for a Notification Service app extension, which lets you customize the content of a remote notification before it is delivered to the user. A Notification Service app extension does not present any UI of its own. Instead, it is launched on demand when a notification of the appropriate type is delivered to the user’s device. You use this extension to modify the notification’s content or download content related to the extension. For example, you could use the extension to decrypt an encrypted data block or to download images associated with the notification.
我的团队正在进一步调查此问题,以作为一种以完全符合 HIPAA 的方式发送有用通知的方法,而 Apple 无法查看通知的明文.我们很乐观.
My team is investigating this further as a means to send useful notifications in a fully HIPAA-compliant manner, with no ability for Apple to see the plaintext of the notification. We're optimistic.
这篇关于苹果 APNS 推送通知的安全性如何?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
