I suggest you ...

End-to-end encryption of mobile notifications

If a user is sending highly sensitive information over a Mattermost deployment, having it traverse Apple's and/or Google's servers unencrypted en route to a mobile device may not be acceptable. At the same time, configuring the server to exclude the message body removes a significant amount of potentially-valuable context from the notification.

The conflict between these concerns could be resolved by having the Mattermost server encrypt mobile notifications with a per-device key prior to submission, and having the mobile app decrypt the notification before presenting it to the user.

This can be done on iOS with a Notification Service Extension: https://developer.apple.com/library/archive/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/ModifyingNotifications.html
This can be done on Android with FCM data payloads: https://firebase.google.com/docs/cloud-messaging/android/receive

6 votes
Vote
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Elyscape shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base