You’re now watching this thread. If you’ve opted in to email or web notifications, you’ll be notified when there’s activity. Click again to stop watching or visit your profile to manage watched threads and notifications.
You’ve stopped watching this thread and will no longer receive emails or web notifications when there’s activity. Click again to start watching.
Vindivoh OP
Created Jan ’24 Replies 1 Boosts 1 Views 1.4k Participants 2
I've learned that providing an APNS “Key (Cannot expire)” instead of an APNS “Certificate (Can expire)” will provide the app "access to all topics" for all apps within the organization ‘team’ that the key is forged from.
1.) Can someone elaborate on the specifics for what that means from a security prospective?
For instance, if my organization 'team' manages many applications under the same umbrella account and provides the same (or different) APNS key to each app, but one of the apps accidentally (or intentionally) wants to utilize the APNS key to affect the other apps, what are the potential consequences?
And, is it possible to create a new APNS key for each app to close any security concerns for multiple apps managed under the same account, or are we stuck with every key having access to all topics?
Answered by Engineer in 776574022
The concern over the "Key" would be if it escapes, then whomever has obtained it will be able to use it to send notifications to the apps under that team. It is the team's responsibility to protect it, and revoke it if there is a suspicion that it may have escaped.
It is not possible to have a different key for each app. If that is the required security model, then certificates is the way to go. The downside being they will expire and will need to be renewed (new certificates created and updated at the push servers) by the team who manages them.
Share this post
Copied to Clipboard
Replies 1
Boosts 1
Views 1.4k
Participants 2
Engineer OP
Apple
Jan ’24
Accepted Answer
The concern over the "Key" would be if it escapes, then whomever has obtained it will be able to use it to send notifications to the apps under that team. It is the team's responsibility to protect it, and revoke it if there is a suspicion that it may have escaped.
It is not possible to have a different key for each app. If that is the required security model, then certificates is the way to go. The downside being they will expire and will need to be renewed (new certificates created and updated at the push servers) by the team who manages them.
