Data includes ip addresses, etc… is that a surprise? How do most notifications work? Is the device client polling status updates to retrieve status changes to trigger a notification? If that occurs isn’t it obvious the user IP would be known?
Apps can get woken up when a remote notification arrives that has the content-available key. Apps are woken up in background mode, at which point they have a few seconds to do whatever they need to do to refresh their content cache. This, of course, often leads to the app making a connection to the server, which exposes the user’s IP address.
I think the sin here is that some apps always set the content-available key regardless of whether there is content to be retrieved or not. That turns the notification into a surveillance tool, allowing the app to check in periodically.
Data includes ip addresses, etc… is that a surprise? How do most notifications work? Is the device client polling status updates to retrieve status changes to trigger a notification? If that occurs isn’t it obvious the user IP would be known?
Apps can get woken up when a remote notification arrives that has the
content-availablekey. Apps are woken up in background mode, at which point they have a few seconds to do whatever they need to do to refresh their content cache. This, of course, often leads to the app making a connection to the server, which exposes the user’s IP address.I think the sin here is that some apps always set the
content-availablekey regardless of whether there is content to be retrieved or not. That turns the notification into a surveillance tool, allowing the app to check in periodically.So it’s not so much what data is shared, but how it’s triggered to do this at unnecessary times is where the intent is likely nefarious.
I think so.