<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 5, 2015 at 8:24 PM, Matthias Wessendorf <span dir="ltr"><<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">While working on the doc for AGPUSH-1258, I found this in Apple's "iOS Developer Program License Agreement":<div><br></div><div>...</div><div>Further, as a condition to using the APN, You agree not to transmit sensitive personal or confidential information belonging to an individual (e.g. a social security number, financial account or transactional information, or any information where the individual may have a reasonable expectation of secure transmission) as part of any Push Notification, and You agree to comply with any applicable notice or consent requirements with respect to any collection, transmission, maintenance, processing or use of an end user’s personal information.<br></div><div>...</div><div><br></div><div>That means, if an app-developer sends something like "Your blood donation appointment is tomorrow" to a user of his mobile app, the app-developer is breaking the Apple terms _and_ the law in a lot of countries (at least in all EU countries) :-) </div><div><br></div><div>BTW. for Google I don't seem to find a similar paragraph, but IMO they are not that thoughtful on privacy terms (compared to Apple). </div></div></blockquote><div>Yeah but as you said just above, privacy will be protected by EU Laws and in many cases by national laws, like in France with have the CNIL (<a href="http://www.cnil.fr/english/">http://www.cnil.fr/english/</a>) which is very powerful on this area (Google has even lost a trial against them :) ) </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div><br></div><div><br></div><div>Now, for our UPS guide (or documentation), I will add a few sentences to make it clear that our app-developers should NEVER submit sensitive personal or confidential information with a push.</div><div><br></div><div>Regarding a "Privacy Policy", I will also make clear what data of the push we store, for analytic reasons.</div></div></blockquote><div>good point </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>You'll see a PR during my Friday.</div><div><br></div><div><br></div><div>Greetings,</div><div>Matthias</div><div><br></div><div><br></div></div><div class=""><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 4, 2015 at 2:53 PM, Matthias Wessendorf <span dir="ltr"><<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">I have created AGPUSH-1257 and AGPUSH-1258</div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jan 30, 2015 at 3:22 PM, Matthias Wessendorf <span dir="ltr"><<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><p style="margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px;margin-top:0px!important">Hi,</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">earlier this week there was some discussion about storing the payload of the push notifications ([1]).</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Right now, we store some metrics (e.g. client that send the push, number of devices, deliveryStatus etc) <em>and</em> the entire content of push notification. This includes custom key/value pairs, the name of the sound file or even the size of the badge.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Is all of that, storing the entire push notification payload really needed? <em>No!</em></p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">What do we need, and why?</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">For counting the number of sent pushes (over time), the metrics are good enough. We do <em>NOT</em> need any of the push content for that, that's correct!</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">But we want to do more on the 1.1.0 release. We want to introduce some analytic features, to give our app developers (our users) a better understanding of their push usage (see [2]).</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">In order to see details on how successful a push was (or not), we need to only store the value of the alert key: <a href="https://aerogear.org/docs/unifiedpush/aerogear-push-ios/img/PushMessage.png" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none" target="_blank">https://aerogear.org/docs/unifiedpush/aerogear-push-ios/img/PushMessage.png</a></p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Ok, let's change that (see [3])!</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">For our app developers, using the UPS to reach out to their mobile app users ("user engagement"), it's important to understand which push was more successful:</p><ul style="padding:0px 0px 0px 2em;margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px"><li>"Get 10% discount today" (sent on a Monday)</li><li>"Our shop got new site, check it out and get 5% discount" (sent on a Friday)</li></ul><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">With the upcoming analytics we can help them to improve usage of their app. User interaction is very important to a successful mobile application and push is a key driver here! Our app developers want an app that is actively used by their users (Nobody wants his app sitting on the last page of the device or, even worse, in a folder together with Apple-Maps). Therefore it's critical for our app developers to understand the relevance of their push messages sent and how it impacts the usage of their app. That's why we do the analytics described in [2]. And, yes - only the alert, not the entire payload is needed for that.</p><h3 style="margin-top:1em;margin-bottom:16px;line-height:1.43;font-size:1.5em;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="14b5b33fd1882ea6_14b54ddbb375879a_14b3b38c7b34ae00_user-content-privacy" href="https://gist.github.com/matzew/b6459083f39394a892c5#privacy" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Privacy</h3><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">On the mentioned PR there was also some discussion about privacy violations and stuff, when we store the content of the notification. An example where <em>sensitive</em> data was sent over push was given. Something like: "Dear Mr. Joe, your blood donation appointment was scheduled for 3 p.m"</p><ol style="padding:0px 0px 0px 2em;margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px"><li>This is not how push notifications are used for mobile apps. Push is to signal, not carry actual (sensitive) data around.</li><li>In a lot of countries, at least almost all European countries, you are not even allowed, by EU law, to give "data" to 3rd party providers (like the push-networks of Microsoft, Apple or Google).</li></ol><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">How does the actual (sensitive) data come to an app?</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">As said above a push is used to signal/ping an app, to indicate that there is real data for the mobile app user. In the background the mobile app tries to connect to the backend of the company, running/maintaining the mobile app. After the real data was fetched, "local notifcations" are used to give the user a visible notification, like "Dear Mr. Joe, your blood donation appointment was scheduled for 3 p.m", or simply "New appointment scheduled".</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">If the app was a chat system (and not a blood donation app from the Red Cross), it would be the same: After a signal, the app connects to "chat server" and receives the actual chat message from there. A reply would go over the same "chat server" connection. None of this would go over a 3rd party push network provider like Google, Microsoft or Apple.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">What would we store from these silent notifications?</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Nothing, since there is no alert, we would just store the metrics (e.g. client that send the push, number of devices, deliveryStatus etc). If the signaling is actually done with an alert (e.g. alert:"you got a new Chat text" or "New appointment scheduled"), we would store that.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">I hope this helps a bit to understand what is stored and also why we do need a little bit of information.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">BTW. our documentation already says that push is used for signaling, not carrying actual data around, but based on this email I will update it to have explicit information on best practices. Also, the documentation will be clear about what (the alert only) is stored by the UPS, and why. (see [4])</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Greetings,</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Matthias</p><ul style="padding:0px 0px 0px 2em;margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px"><li>[1] <a href="https://github.com/aerogear/aerogear-unifiedpush-server/pull/478" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none" target="_blank">https://github.com/aerogear/aerogear-unifiedpush-server/pull/478</a></li><li>[2] <a href="https://issues.jboss.org/browse/AGPUSH-971" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none" target="_blank">https://issues.jboss.org/browse/AGPUSH-971</a></li><li>[3] JIRA TO CREATE: to only store ALERT and not the full payload</li><li>[4] JIRA TO CREATE: update doc regarding push message storage and best practices</li></ul><span><font color="#888888"><div><br></div>-- <br><div>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a></div>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a></div>
</div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a></div>
</div>
</div></div><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div></div>