Open Radar

 
Summary:
Many iOS applications rely upon push notifications from the app developer to receive status updates, alerts, messages, etc.  These notifications are created manually or in an automated fashion from the app developer's environment, signed using a certificate signed by Apple, and sent to Apple's push notification service for delivery.  It's a fast and powerful system, but it is only viable when the notification is being sent from a host that the app developer controls.

If a notification needs to be sent from a host that the app developer doesn't control, then there is no  way to send the notifications from the host without exposing the app developers APNS private key.

To compound the problem, an APNS certificate is tied to an app bundle id, which must be owned by the developer.  This means that a third party cannot request their own APNS certificate for an application from another developer.

Steps to Reproduce:

Example:
Company A sells datacenter software that runs in Company B's datacenter and monitors the health of some other hardware in the datacenter.  A companion iOS application is provided by Company A which will receive push notifications from the datacenter software when the health of some monitored hardware changes.  For the push notification to be sent, the Company A's APNS certificate must be delivered with the datacenter software.  This introduces a vulnerability which could expose Company A's APNS certificate and cause them to break their agreement with Apple.

Expected Results:

One of the following:
- Apple should provide a way for an app developer (Company A) to request multiple APNS certificates for an app bundle id.  These additional certificates could then be distributed to individual third parties (Company B) to be installed in their environment, and allow sending push notifications to apps in use by a third party's employees.  Then if an individual third party breaks the rules for sending push notifications, that individual certificate could be revoked, rather than the developer's.
- Apple should provide a way for anyone to join the Apple developer program and create APNS certificates for apps developed by others. This would allow third parties to supply their own certificate to use in sending push notifications to an app from another party.

Actual Results:

Unable to send push notifications without security implications and breaking the Apple developer agreement.

Regression:

Has always been like this.

Notes:

This is a serious problem for large companies who sell service software (VMware, Microsoft, etc) rather than providing a hosted solution (Google, Facebook, Twitter, etc).  There is a possibility for a company to set up a sort of 'relay server' within their network, which could receive pushes from customer installations, then sign the push notifications before sending them to APNS.  However, this introduces another middleman into the transmission of data which: slows delivery, and introduces data security, privacy, and retention concerns.