Why securing mobile messaging?
But why should a message that travels through servers to mobile phones be encrypted and masked? After talks with customers and during close business relations, CM felt the urge to provide its clients with more security in how they communicate with their customers. An absolute must, CM developers find, because hackers are keeping up with software developers in their effort of securing company web portals, for example.
Encrypted and Masked Messaging
Encrypted and masked push notifications work with CM’s Appdominal push notification manager. App owners who work with Appdominal and its SDK are offered encrypted push notifications through the dashboard and API. They can select the encryption option by simply ticking a checkbox or indicating it in the API call on a per-message basis. The message will be encrypted along the whole route: from the moment the sender pushes the send button to the moment the receiver opens the push notification in the app.
No information revealed
When received, the device’s notification center shows a push notification has been received and is waiting to be read. None of enclosed information by the sender is revealed until the device owner unlocks the device and deliberately opens the application to which the push notification has been sent. Not even the developers of Appdominal and CM have access to the information when it’s being sent through its platform. The platform generates the push notification to the user to alert him there’s a message waiting for him to be opened. Only that device can open the message and download its contents. This way of mobile messaging with push notifications lowers the risks of man-in-the-middle-attacks and identity theft when a mobile phone is lost or stolen. In addition, users concerned with sending message contents over Apple and Google’s push notification system are protected as the actual message contents never passes through their servers.
The encrypted push notifications method is part of CM’s new hybrid messaging tool. The hybrid messaging tool enables the use of push notifications backed up by SMS when mobile internet is unavailable. For messaging CM makes the holy grail of fast, affordable, and good possible. CEO Jeroen van Glabbeek of CM states: “We combine the best of all worlds in messaging. The user always gets what they want, when they want it, on the best channel available at that moment. Your target will always receive your updates and notifications.”
Masked messaging & Encrypted Connection
"Encrypted Messaging by CM consists of two parts”, explains Alex Harbers, .NET developer at CM. „It consists of the so called Masked Messaging and the encrypted connection between server and user. In normal mobile messaging, when you send an SMS or push notification to a mobile phone, the message and its content are shown in the notification center which is accessible to anyone even without the knowing the devices’s security code. So anyone with that specific phone can read the notification. With masked messaging however it is possible to send the content of the notification masked. The notification center just shows there is a message waiting. To access the content you need the phones security code. None of the content is shown until the user has entered the phones security code and enters the app to which the message was sent.”
Encrypted and masked messaging is useful for banks thats send transaction verification codes to mobile phones or security companies that handle a large amount of One Time Passwords for their clients.
"The communication between the server and the app has been secured by an encrypted connection” Alex Harbers continues. „When the app has been installed, a unique encryption key is generated and sent to the server. De encryption key remains known in the app only. This mechanism has a public/private key. All messages that are sent from the server to the app are encrypted through this key. A man-in-the-middle attack cannot intercept the messages and their content. On the other hand, when a message is sent to the wrong recipient, the user cannot open the message because the key encryption is different. In short: encrypted and masked messaging prevents messages of being read by the wrong people.”
Encrypted and masked messaging are only a few features that Appdominal offers. There's a lot more to explore.