End-to-end encryption of mobile notifications
If a user is sending highly sensitive information over a Mattermost deployment, having it traverse Apple's and/or Google's servers unencrypted en route to a mobile device may not be acceptable. At the same time, configuring the server to exclude the message body removes a significant amount of potentially-valuable context from the notification.
The conflict between these concerns could be resolved by having the Mattermost server encrypt mobile notifications with a per-device key prior to submission, and having the mobile app decrypt the notification before presenting it to the user.
This can be done on iOS with a Notification Service Extension: https://developer.apple.com/library/archive/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/ModifyingNotifications.html
This can be done on Android with FCM data payloads: https://firebase.google.com/docs/cloud-messaging/android/receive
Elyscape
shared this idea
-
Jens K. commented
This would greatly simplify the deployment. The deployment proxy (https://github.com/mattermost/mattermost-push-proxy) could be eliminated while at the same time increasing message security. And we don't need to distribute custom builds on iOS with Apple's Enterprise Developer Program.