New E-Mail Gateway Options

We’ve updated our e-mail gateway with some new features today in response to valuable feedback from our users.

E-mail notifications can now specify a particular sound, specific timestamp, and even an application API token to make notifications appear with an app’s icon and grouping in the Pushover device clients.

These new features require a slightly different e-mail address format, which is detailed in our FAQ. Don’t worry though, we will always continue to support the old format of just

For help with these new features, send us an e-mail or visit our user discussion forum.

API: SSLv3 Support Disabled

Note: This announcement is only about the rarely-used version 3 of the SSL protocol. We continue to support (and in most cases require) SSL using more modern and secure TLS protocols. For most users and developers, this will not require any changes on your part.

Effective October 15, 2014, Pushover’s API, main website, Desktop client, and receipt callback service have disabled support for version 3 of the SSL protocol (only this version) due to the recently announced “POODLE” attack which can theoretically allow an attacker to retrieve the plaintext of a secure connection between you and an SSL server, such as Pushover. Pushover’s servers continue to support TLSv1, TLSv1.1, and TLSv1.2 for SSL connections.

This urgent change has also been adopted by companies like Google and Twitter, as well as browser vendors like Mozilla. We urge customers to update their systems and browsers to disable SSL v3 support.

While most modern libraries and systems do not prefer SSL v3 for SSL connections and should not require any changes, there may be some very old systems that do not support newer TLS protocols and are no longer able to connect to our API. Since this change to remove SSL v3 support is not limited to Pushover’s servers and is being widely adopted in the industry, customers with legacy systems should contact their software vendors to ask about updates to SSL libraries as this security vulnerability will probably affect a large number of systems and services.

Recent Delays Receiving Pushover Notifications on Android

During the evening of Wednesday, October 8 starting at about 17:00 CDT, our servers started experiencing problems handing off notifications to Google’s Android messaging servers. These problems included large delays, server timeouts, and increased server error responses from Google which started slowing down the rate at which we could hand off notifications. A related problem on our end also caused a brief delay in processing notifications bound for Apple’s notification servers which was quickly resolved.

The problem with Google’s notification servers sporadically cleared up on its own but then returned a few more times that evening, each time causing a backlog of a few thousand notifications on our servers but then quickly clearing out once Google’s servers started responding quickly again. We reached out to Google’s support resource for its notification servers and tried additional workarounds such as delivering notifications from different servers in case of possible network issues on our end.

By about 23:45 CDT, we had sent out all of our backlog of notifications while also keeping up with new notifications received by our API.

The problem with Google’s servers returned again on the morning of Thursday, October 9 and we rewrote our message sending system to try different strategies for trying to deal with the slow receiving side at Google. Eventually we found an appropriate level of concurrency and timeout length that allowed us to clear out our backlog while keeping up with new incoming messages received during our peak time.

This new solution worked throughout the day until about 00:10 CDT on Friday, October 10 when our message sending system encountered an internal bug which caused a backlog, which was entirely our fault. We believe this problem has been properly resolved by putting in additional error condition checks as well as additional server-side monitoring of this system. As of 3:00 CDT we are back to operating at near-realtime delivery of Android notifications.

We realize that our customers rely on timely delivery of notifications and we are doing everything we can to meet that expectation as we have for the past two and a half years. We apologize for the inconvenience these delays have caused you and we welcome any and all feedback from you.

Bulk Licensing and Trial Versions of Pushover Now Available

Back in May, we discussed an upcoming change to our iOS and Android apps where both would be free to download in the app stores but require an in-app purchase after 5 days. This was being done to support fully-functional, time-limited trials of our apps as well as allow us to do bulk sales of licenses to larger organizations.

These features required some significant changes to our mobile apps as well as updates to our backend infrastructure. We thank our many users for dealing with our frequent app updates that were released in the past two months to support these changes and work out the bugs. We’re happy to announce that as of today, our Android, iOS, and Desktop clients are all free to try for 5 days.

Volume Licensing
In addition to our trial versions, a new Volume Licensing Tool is now available on our website for organizations looking to purchase licenses on behalf of their users or staff. This tool allows one to create an invoice for a number of iOS, Android, and/or Desktop licenses and pay it through our website or PayPal and have those licenses be instantly activated.

Our Volume Licensing Tool also allows an organization to purchase licenses for users that have not yet signed up for Pushover by listing the user’s e-mail address instead of a Pushover user key. As soon as that user signs up for a Pushover account, the previously purchased license(s) will be automatically activated.

Licenses can be purchased for as few as one user (for individuals unable to make an in-app purchase on iOS or Android) or as many as thousands of users with our bulk import functionality. Volume discounts are also available at certain numbers of licenses purchased when paid for all at once. See our Volume Licensing Tool for more information.

API: Change to Message Priority -1, New Priority -2

We’ve made a small change to our API that affects message priority. Previously on our iOS client, messages with a priority of -1 would only update the badge number for the Pushover app icon and not show any notification details. To provide more functionality and match our Android client behavior, these messages will now show a notification, though still without vibration or sound so as not to disturb you. Messages received during quiet hours will still use this priority.

A new priority -2 is available through our API which will only update the app badge on iOS, and as of our new version 2.2.1 Android client, will not generate any system notification on Android. This is useful for sending messages to your Android device that will only be used to interface with Tasker, since you will not have to dismiss these notifications afterwards.

Bulk Licensing and Trial Versions of Pushover

In the past two years, Pushover’s user base has grown tremendously, in particular among teams of network engineers, on-call technicians, and dispatchers. Functionality we’ve added such as Emergency-Priority notifications and Delivery Groups have made it a valuable tool for organizations relying on push notifications.

Bulk Licensing

One request that we’ve received from many of our larger customers is a way to purchase bulk licenses for our iOS, Android, and our new Desktop clients. Rather than require each employee to purchase our apps on their own devices and get reimbursed, managers want to make one bulk purchase and allow each employee to install our apps at no expense to them. Unfortunately, the way that Apple’s App Store and Google’s Play Store are structured, we have been unable to override pricing or easily distribute our iOS and Android applications this way.

Trial Versions

Another request we’ve heard from our individual users is for a trial version of our apps. While Apple provides no trial period for App Store purchases, Google only provides a 15 minute period which can make it difficult to setup Pushover with a variety of apps and properly test its functionality.

Providing Both via In-App Purchases

To accommodate bulk purchases and a longer trial period, Pushover for iOS and Android will soon be changing from the current up-front App Store/Google Play purchase to a “free” app with a required one-time, in-app purchase after 5 days. This will allow all users to download Pushover for free and experiment with it for up to 5 days at no cost. After the trial period, users will be prompted to purchase a license which can be done easily inside the app using an Apple App Store or Google Play account.

Organizations requesting bulk purchases/volume pricing of our apps can arrange payment by contacting us and their users’ licenses will be activated automatically before the 5-day trial ends with no in-app purchase required.

No Change for Existing Users

To be clear, all current Pushover users that have previously purchased our iOS, Android, and Desktop clients will have their licenses converted and no additional purchase will be required. You will continue to receive updates of our apps through Apple App Store and Google Play as usual.

If you have any questions about this upcoming change, please feel free to reach out to us.

Update (May 16): Our Android app has just been updated to be free in Google Play with an in-app purchase required after a 5-day trial. Similar changes to our iOS app will be coming soon.

Pushover for Desktop Now Available

Today we’re excited to announce that Pushover for Desktop is now available!

Pushover for Desktop is an in-browser desktop client for Pushover allowing you to receive instant push notifications on your desktop just like you already do on your iPhone, iPad, and Android devices.

While the Pushover for Desktop site is open in any tab of your Chrome or Firefox browser on Mac, Windows, and Linux/Unix, you’ll receive instant popup notifications for new messages with the same icons and sounds you’re used to from our mobile apps (which you can of course silence):

On Chrome, you’ll see notifications in its Notification Center which gives a quick history of your recent alerts:

On Mac OS X (Mountain Lion and newer), registering with Safari will take advantage of the new Notification Center and push notifications built into OS X, allowing you to receive push notifications without any browser open at all, even on your lock screen:

A handy feature of Pushover for Desktop is the ability to quickly send notifications to your other Pushover devices. While you’re on your desktop, you can quickly send a note or a webpage link to your phone for viewing later:

To get started with Pushover for Desktop, please visit our site. If you’re new to Pushover, also check out our Android and iOS clients.

Pushover for Android - Now With Tasker Support

A common request we’ve gotten from our Android users is to create a plugin for Tasker, a popular automation application. Up until recently, Tasker did not support 3rd party event plugins which made it difficult for an application like Pushover to integrate with it.

The recently released Tasker 4.3 now supports 3rd party event plugins, and Pushover for Android 2.1.2 released today includes a Tasker event plugin.

Demo - Disabling WiFi from a Pushover Notification

To demonstrate the kind of functionality that Pushover and Tasker can provide, we’ll create a task that responds to a Pushover notification sent from our “WiFi” application (so other Pushover applications don’t trigger it) with a message “disable wifi”, and then actually disable WiFi on the device.

First, open Tasker and create a new profile.

Choose “Event”, then “Plugin”.

If you’ve updated to the new version of Pushover, you should see it listed here:

Now we’ll create some criteria for matching notifications. We’ll enter “disable wifi” as the message name to match (matching for all fields except “priority” is case-insensitive and matches any part of the string) and require the Application Name to match “wifi”.

After entering the criteria and tapping on the checkmark icon, Tasker will take you back to the home screen and prompt you for a task name. We’ll create one called “disable wifi”.

Now we’ll add an action to disable the system WiFi. Choose “Net” from the action list, and then “WiFi”. The default will be to turn it off.

Tasker Variables

In addition to just responding to notifications, Pushover exports the title, message, application name, URL, URL title, and priority to Tasker so you can use them in your tasks. Display the received message as a popup, open the URL automatically in your browser, etc.

For our “disable wifi” task, we’ll add a Popup dialog just for some confirmation. Add another action and choose “Alert”, then “Popup”.

Here we’ll create a title with “Pushover - %pushoverapplication” and a text of “%pushovermessage”. These two variables starting with % will be dynamically updated with the values from the Pushover notification you’re working with. The variables we export are:

  • %pushovertitle

  • %pushovermessage

  • %pushoverapplication

  • %pushoverurl

  • %pushoverurltitle

  • %pushoverpriority

Now we’ll send a new notification from the Pushover dashboard as our WiFi application, with the message text “disable wifi”. As soon as the notification comes in, Pushover hands it off to Tasker, Tasker disables wifi, and shows our popup:

We hope you find this new Tasker functionality useful in automating your devices. For more possibilities with Tasker, check out the Tasker User Forum and the /r/tasker Subreddit.

If you’re not a Pushover user already, check out our Android and iOS apps.

Pushover CVE-2014-0160 / Heartbleed Information

Like many websites, Pushover’s servers were vulnerable to the recently discovered OpenSSL bug CVE-2014-0160, also known as “Heartbleed”. All of Superblock’s servers, including those for Pushover, were quickly patched to fix this bug by the evening of Monday, April 7. As a precaution, we expired all user sessions and created a new session encryption key for once the bug was patched.

Once it became verified that private SSL keys could be extracted, we also requested and installed a new SSL certificate for * this morning, Saturday, April 12. We have requested revocation of our old certificate as well.

While we do not have any evidence that this security vulnerability was used to gain access to any of our user accounts or that our private SSL key was ever extracted, we encourage users to update their Pushover password at Users concerned about their user keys or application API tokens can contact us for manual regeneration of these tokens.

As always, please feel free to contact us with any questions or comments.

Upcoming Maintenance on March 11

On March 11, 2014 between 02:00 and 02:45 Central Time, Pushover will be undergoing maintenance which requires taking our systems offline.

During this maintenance window, our API and website will be offline and no messages will be queued or notifications pushed. E-mail to your address will most likely remain queued on the remote sending servers until our servers come back online to accept it.

If you have any questions about this maintenance, please feel free to contact us.