Apps can get woken up when a remote notification arrives that has the content-available key. Apps are woken up in background mode, at which point they have a few seconds to do whatever they need to do to refresh their content cache. This, of course, often leads to the app making a connection to the server, which exposes the user’s IP address.
I think the sin here is that some apps always set the content-available key regardless of whether there is content to be retrieved or not. That turns the notification into a surveillance tool, allowing the app to check in periodically.
Apps can get woken up when a remote notification arrives that has the
content-availablekey. Apps are woken up in background mode, at which point they have a few seconds to do whatever they need to do to refresh their content cache. This, of course, often leads to the app making a connection to the server, which exposes the user’s IP address.I think the sin here is that some apps always set the
content-availablekey regardless of whether there is content to be retrieved or not. That turns the notification into a surveillance tool, allowing the app to check in periodically.So it’s not so much what data is shared, but how it’s triggered to do this at unnecessary times is where the intent is likely nefarious.
I think so.