Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.6K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

Public
Matthew Green

The problem here is that many app developers are pushing sensitive data through push messaging services. While providers offer e2e encryption for these messages, many developers don’t bother using it. This means the unencrypted data transits provider servers.

Public
Matthew Green

For example, this Android dev center article describes how to use Firebase Cloud Messaging, and specifically recommends adding message content to the payload. End-to-end encryption is possible but requires extra work and libraries, it isn’t native. android-developers.googleblog.

To post a notification upon the receipt of an FCM message, you should include all the data needed for the notification in the FCM message payload. The same applies to data sync--we recommend that your app send as much data as possible in the FCM payload and, if needed, load the remainder of the data when the app opens. On a well-performing network, there's a good chance that the data will be synced by the time the user opens the app so the spinner won't be shown to the user. If network connectivity is not good, a notification will be sent to the user with the content in the FCM payload to inform the user in a timely manner. The user can then open the app to load all the data.
You can also encrypt FCM messages end-to-end using libraries like Capillary. The image below shows a general flow of how to handle FCM messages.
ExploreLive feeds
About