Why do we need push notifications? Is it safe technology? How does it work, and how necessary are such messages in business communication?

What is a PUSH message?

PUSH notifications are special messages sent on Android/iOS directly from Google, Apple, or Huawei. Such notification messages are sent as plain or encrypted text. The purpose of such messages is to send messages to an application when it is inactive. The maximum length of such a message is 4 kilobytes.

When you switch to another app on your iPhone, the previous application almost stops immediately. You see the app in recently opened ones, but this is just an image.

The same goes for Android devices. There is no decent multitasking like in Windows or Linux because phones have stricter battery consumption limitations.

Thus, the application does not work in real time if it is not open on the screen or if the phone is locked in your pocket. However, in iOS and Android OS there are privileged system services that always work, and one of them is the service for receiving PUSH notifications. This service allows the server to send messages to the phone app that can’t receive them itself in the “sleep” mode.

Once, the appearance of the PUSH message technology in iPhones made the distribution process quicker for WhatsApp, according to Yan Kum, the main developer of the application.

Where does a phone get a PUSH notification?

PUSH messages are received over the internet, via the TCP protocol. The service for delivering PUSH notifications for Google, Apple, and Huawei uses the following ports:

  1. Google Firebase Cloud Messaging (FCM) (previously Google Cloud Messaging – GCM):
    • Port 5228 — main port that is used for connection with FCM servers.
    • The ports 5229 and 5230 can also be used, but 5228 is the most common.
  2. Apple Push Notification Service (APNS):
    • Port 443 (HTTPS) or 2197 is used for connection with APNS.
    • Port 2195 was previously used for connection to the older versions of APNS but it was replaced with HTTPS.
  3. Huawei Mobile Services (HMS):
    • Port 443 (HTTPS) is used for connection with HMS.

These ports must be open in a local network to successfully receive any PUSH notifications on phones connected to your Wi-Fi.

PUSH messages in MyChat business messenger

When you send any message in a private dialogue or conference, the server detects whose mobile devices are not connected to the server (away), and it sends the command to a special PUSH server that makes and sends push notifications to Google, Apple, or Huawei. Then, these services deliver them to mobile devices.

Obviously, there is a question of security. Messages shared in an isolated network are safe, but what about external sharing?

In MyChat, you can completely turn off the option for sending PUSH notifications with the help of a firewall. Then, mobile devices would receive and see incoming messages only when MyChat is unlocked. This is not a very convenient way but the most secure one because you are assured that your data — encrypted or not — does not go to Google or Apple. To do this, limit the outgoing access of your MyChat Server to the host mychat-server.com with the TCP port 52000.

If you still want to receive PUSH messages (especially when you work not only on a local network but over the internet too), then let’s learn how it’s done on the technical side.

General work scheme of a mobile application for receiving PUSH notifications in MyChat

  1. CLIENT — at the start, it checks if it’s possible to connect to port 443 (or other that is configured in the connection parameters for MyChat).
  2. CLIENT — connects and executes the command LOGIN for authorization on the messenger’s side.
  3. SERVER — sends the service information for connection and session key for encrypting PUSH messages (the key is generated for each new server launch).
  4. CLIENT — when a phone is locked or you switch to another app, MyChat disconnects and goes into standby mode for PUSH messages.
  5. SERVER — performs message sending by encrypting it with a session key, and via the AES algorithm sends it to PUSH-SERVER mychat-server.com, port TCP 52000.
  6. PUSH-SERVER — divides incoming messages according to target OS ( android, ios, huawei), forms corresponding packages, and sends to provider servers.
  7. PROVIDER — send a message according to the specified deviceID as regular notification messages.
  8. CLIENT — receives a message and decrypts it with a key received during authorization on the own MyChat Server.

In conclusion, PUSH notifications are a very convenient way of real-life communication. However, if business messenger works in a closed network with sensitive information going around, then you do not have to believe its developers. Speaking about privacy, we need to balance between paranoia and convenience. You can always forbid using PUSH notifications.

Or allow them and take advantage of the convenient notification tool on your mobile devices with Android and iOS.

Share the article via favorite platforms!
By MyChat features, MyChat toolsLeave a Comment on PUSH notifications and security in business chat

Leave a Reply

Your email address will not be published. Required fields are marked *