Android iPhone & iPad Desktop

<< View More Posts

A Note About Notification Encryption and Privacy

December 10, 2023 by joshua stein

In the news recently is a report that “foreign officials were demanding [push notification] data from Alphabet’s Google and Apple”.

While we have no knowledge of any targeting of push notification data of our customers, we have had some questions about how we deliver push notifications and what data is made available to Google and Apple.

Pushover Notifications are Encrypted

Since 2015, Pushover’s iPhone/iPad and Android apps have supported notification payload encryption, and enforced it for all devices as of 2019. Pushover’s desktop client only communicates directly with Pushover’s servers over TLS, though macOS desktop notifications (registered through Safari) are processed directly by macOS and cannot be encrypted. This is changing for macOS with the recent availability of W3C Web Push in Safari, which can be used now with our web push beta, as it allows some client-side processing of notification data before the operating system displays it.

This encryption for iOS and Android is activated at device registration time by the device generating a secret key and sending it directly to Pushover’s API servers over a standard TLS-encrypted connection. When Pushover’s servers receive a new message for a device, our servers encrypt the title, message body, URL, and all other message metadata with that device’s secret key and send it over a TLS-encrypted connection to Apple’s (APNS) or Google’s (HTTPS) push notification servers. The only data that Apple or Google can see through their push notification servers is an encrypted string, for which they do not have the decryption key.

Once the device receives an encrypted push notification, it is handed off to the Pushover application’s notification handler which then decrypts it using its stored key, and hands it back to the operating system as a notification to display on the screen. This also allows our application to download any image attachments or custom sounds directly from our API, again over a standard TLS-encrypted connection.

If you have ever received a Pushover notification on iOS after restarting your device but before unlocking it, your Pushover notification will have shown “[Could not decrypt notification. Please open the Pushover app to unlock.]” This is because iOS had not yet unlocked access to the application’s settings which include its decryption key, so the notification could not be decrypted.

If you have any further questions about Pushover’s security or privacy, please feel free to contact us.