No, Apple PushKit is not mandatory for reliable encrypted messaging apps

This article is a bit alarmist: Apple Change Causes Scramble Among Private Messaging App Makers

Apple will more tightly enforce the use of PushKit to make sure it is limited to only VoIP calls, as originally intended. Some messaging app makers were using this to receive and decrypt encrypted messages in the background, saying that PushKit provided a better / more reliable service.

This has not been my experience. When implemented well, standard Apple push notifications are enough to build encrypted messaging app. It even supports push notification encryption on the server and decryption on the phone, to display the decrypted message in the notification pop-up (for example when your phone is unlocked).

PuhsKit allowed a bit more fined-grained control on the notification, in the sense that the server could push without distinction messages and meta data (like typing indicator) and let the client decide if it was requiring a notification or not. It means that now, the server needs to know what is a message that will require notification display and what is a metadata to avoid pushing it. It requires to slightly change the processing boundary, to still keep those info encrypted on the server.

However, I think that having a flag on the type of encrypted content flowing through the server to tell if it needs to be pushed or not is not a serious privacy info leak. After all, the server already needs to know with who you are exchanging messages, to be able to route the content.

The bottom line is that those developers will indeed have to reimplement a few of their stuff to adapt to the newly enforced policy. However, I personally think this is a good change that will help to limit battery consumption for some apps that have been abusing PushKit.

*****
Written on