openhab-cloud
openhab-cloud copied to clipboard
openhab
Hide notification message from Google/Apple
Currently push messages are sent to a service from Google or Apple and they redirect it to the device. These connections are (I haven't checked it, but they should) secured so noone besides the openHAB server, cloud instance, app and Google/Apple can read the messages. IMO this is one party too much. While thinking about this problem I came to two solutions:
- End-to-end encrypt all notifications. This is might not be easy to implement and requires key exchange between openHAB server and the apps
- Remove message body from gcm notification and add a cloud instance wide uniq id. With this id the client can download the message body from the instance via a new api.
My thoughts here is that a) using native mobile push notifications implies a trust relationship between the user and either Google or Apple and 2) For those who do not trust them, there are other push services supported in openHAB like pushover or email, and 3) I have not seen this requirement in my own professional environments, even from our more demanding clients like banks, financial and healthcare. Of course this is just my opinion : -)
None of the supported services offer end-to-end encryption. I wrote a script to send pgp encrypted mails and installed k9mail + openkeychain on my phone. This setup has its disadvantages, e.g. non technical users don't understand why they need a second mail client, higher battery usage, etc. So I wrote a second script which uses the signal messenger. It works better, but know I cannot differentiate between openhab messages and 'real' signal messages. I also won't be able to profit from features like severities. In the end I think it should be possible to easily send messages and noone besides the user (oh server + app) and oh cloud (can be selfhosted) can read them.