Mobile push notification service¶
Zulip’s iOS and Android mobile apps support receiving push notifications from Zulip servers to let users know when new messages have arrived. This is an important feature to having a great experience using the Zulip mobile apps.
For technical reasons (explained below), in order to deliver mobile push notifications in the app store versions of our mobile apps, you will need to register your Zulip server with the Zulip mobile push notification service. This service will forward push notifications generated by your server to the Zulip mobile app automatically.
How to sign up¶
Starting with Zulip 1.6, Zulip servers support forwarding push notifications to a central push notification forwarding service. You can enable this for your Zulip server as follows:
- First, contact firstname.lastname@example.org for instructions on registering your server (we hope to have a nice web flow available for this soon).
- Then, uncomment the
PUSH_NOTIFICATION_BOUNCER_URL = https://push.zulipchat.comline in your
/etc/zulip/settings.pyfile, and restart your Zulip server.
That should be all you need to do!
To test whether you’ve configured it properly, just configure mobile push notifications to always be sent, start the Zulip Android app, in the background, and then have another user send you private messages. They should appear in the Android notification area.
Why this is necessary¶
Both Google’s and Apple’s push notification services have a security model that does not support mutually untrusted self-hosted servers sending push notifications to the same app. In particular, when an app is published to their respective app stores, one must compile into the app a secret corresponding to the server that will be able to publish push notifications for the app. This means that it is impossible for a single app in their stores to receive push notifications from multiple, mutually untrusted, servers.
Zulip’s solution to this problem is to provide a central push notification forwarding service, which allows registered Zulip servers to send push notifications to the Zulip app indirectly (through the forwarding service).
Security and privacy implications¶
We’ve designed this push notification bouncer service with security in mind:
- All of the network requests (both from Zulip servers to the Push Notification Service and from the Push Notification Service to the relevant Google and Apple services) are encrypted over the wire with SSL/TLS.
- The code for the push notification forwarding service is 100% open source and available as part of the Zulip server project on GitHub. The service’s logging is designed to protect the privacy of users of Zulip servers that are using the forwarding service.
- The push notification forwarding servers are professionally managed by a small team.
If you have any questions about the security model, contact email@example.com.