I've not yet implemented push notifications in my app. My understanding is that the app running on the device must request a token, then send this token to my server, and that my server must pass this token to Apple whenever I want to push a message to the device / app.
Is a requested push token specific to the app, or do all apps on the device share a token?
Is there any way for me to validate that the token the device sends to my server was indeed generated by a request within my app?
I'm concerned about a possible spoof where a rogue app could send a valid token to my server that wasn't a token my app requested. This would trick my service into sending push notifications to that device/app.
I understand this is an unlikely scenario. I'm trying to create a mechanism to verify that when my app sends information to my server I am indeed talking with an instance of my app, not some rogue client. Push notifications seem like a possible way to achieve this.