tags:

views:

267

answers:

1
Q: 

validate iphone push notification token?

I've not yet implemented push notifications in my app. My understanding is that the app running on the device must request a token, then send this token to my server, and that my server must pass this token to Apple whenever I want to push a message to the device / app.

Is a requested push token specific to the app, or do all apps on the device share a token?

Is there any way for me to validate that the token the device sends to my server was indeed generated by a request within my app?

I'm concerned about a possible spoof where a rogue app could send a valid token to my server that wasn't a token my app requested. This would trick my service into sending push notifications to that device/app.

I understand this is an unlikely scenario. I'm trying to create a mechanism to verify that when my app sends information to my server I am indeed talking with an instance of my app, not some rogue client. Push notifications seem like a possible way to achieve this.

+1  A: 

Is a requested push token specific to the app, or do all apps on the device share a token? No the requested token is specific to your Application and each device.

Is there any way for me to validate that the token the device sends to my server was indeed generated by a request within my app? There is a service with apple in which you can query and find out if a token is "still valid", this is used for things such as when a user deletes your application and their token is invalidated, you can query the service and check if the token is still valid and if not delete it from your database...So you can also use this service to make sure any tokens given are valid...anyway if u try to push to an invalid token i suspect nothing will happen...

hope this helps

Daniel  2010-06-18 17:47:49
The token is actually unique to the combination of device and application. So the same app, on the same iTunes account, on a different device gets a different token. That's so the user can control which devices the notifications get sent to.
Alex  2010-06-18 17:53:32

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode