[Question] Source Code of the server and app

[JulianKropp]

Hey quick dumm question. I didn't had much time to search for it, can you provide the source code of the iOS app and the server?

I want to learn how it works and check if all data is encrypted. I use gotify to transfer onetime passwords. And if they are unencrypted that would be horrible for me. I saw you are using firebase. So alle messages are going through firebase? Are the push notifications stored on firebase? Not sure how your application works.

I'm very interested in this project, but only if I'm 100% sure where my data is stored. Could you pls explain it or provide the source code?

I don't like why your app is contacting google, aws and apple.

[androidseb25]

No i don't provide the source code public, because there a private keys and information for the login to the firebase.

[JulianKropp]

So what will be stored on firebase?

I don't want to blame you for your work. I just want to understand. And maybe at the moment it's designed like this, that all push notifications are stored unencrypted on firebase. If so we could improve this, so all data will be encrypted on firebase. And the data is real end to end encrypted.

[androidseb25]

AWS is used from Apple to display the badge in the readme file which you will find here in the GitHub repo. The Apple parts you'll find in any app with an In App purchase or push notification. The Google parts are needed for getting an Auth Token to receive the push notification and authenticate the device.

Why i use Firebase for push notifications over APN's? Because there is no service like this, that can easily transfer push's to iOS devices.

Will Google save my data on there server? Yes, temporally, i don't find anything if the data is encrypted or not. I think this is not a good idea either, which is why I'm currently working on a project that takes this into account.

Will Firebase save the payload? They save the payload to transmit the data to the devices, till the API gives a response that the payload is received. How long do they save the data afterwards? I don't know. There's no docs about it.

What data I see?

I only see the crashlogs which are triggered by a crash of the app including the informations which are coming by default from firebase such as:

• the model information (like iPhone 15)
• device orientation, ram size (for memory size out of range errors)
• free storage (for system size out of range errors)
• the os (like iOS 17.2)

There are no additional informations i can see (eg. title or messages)

[androidseb25]

@JulianKropp is that enough informationsa for you?

[JulianKropp]

I think so. First thank you for your quick answer. Still it would be nice if the code would be public available. Maybe the private keys or Access data could be saved in a .env file or environment variable which you wouldn't make public. So you don't have to publish those but the code would be still available.