vgecko / android-notifier

Automatically exported from code.google.com/p/android-notifier
0 stars 0 forks source link

HTTP Notification method #156

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

Like the uPNP ticket describes, if you're behind a router, it's difficult to 
setup notifications.  It would be great if the notifications could be posted to 
an HTTP(s) URL.  The Desktop notifier would also connect to the web service and 
request notifications for specific Android_ID's.  The web service would only 
return notifications for the requested Android_ID.  Perhaps someone would set 
up a free notifications web service at e.g.  http://android-notifier.org or 
similar?  :)

Original issue reported on code.google.com by mbarc...@gmail.com on 19 Sep 2010 at 7:30

GoogleCodeExporter commented 9 years ago
Wow, no! 
Everyone's texts and contacts' numbers being sent to a third party? And who is 
going to be funding this insecure service?

Original comment by zip...@gmail.com on 3 Nov 2010 at 1:19

GoogleCodeExporter commented 9 years ago
The app already has a security feature to encrypt notifications, so it's not 
like some third party could actually read the messages.  Of course that's not 
enabled by default and the app will currently blast notifications in the clear 
across public networks, so third parties can already intercept everyone's texts 
and contacts.

I would assume the server software would be open source like the app, so any 
user with $8 and a dreamhost account could run their own service.

Original comment by mbarc...@gmail.com on 3 Nov 2010 at 2:15

GoogleCodeExporter commented 9 years ago
This could definitely be brute-forced by a malicious server owner (I'm security 
paranoid ;-) A big problem is that anyone could make a request to the server 
for any Android_ID; it would take effort but you know someone would do it for 
access to private data!
You have an idea that would be great if it could be more secure, but I think a 
central database of the notifications proves much less safe even compared to 
unencrypted notifications across a localised network :(

Original comment by zip...@gmail.com on 4 Nov 2010 at 2:43

GoogleCodeExporter commented 9 years ago
So, the idea is to allow notification method plugins in the long run, then any 
methods including this one can be added as plugins. Being a plugin, each person 
can use his judgment on the security vs ease of use tradeoff :)

Original comment by rdamazio@gmail.com on 5 Nov 2010 at 6:42