Teamtailor Notification Service

This is a notification service that modifies incoming notifications.

Currently it support communication notifications for ios. Adding company logo as avatar.

It also supports e2e encryption for notifications.

Installation in managed Expo projects

Just add ttmobile-notification-service as a config plugin in your app.json. Then send payload to apns like this:

sender: {
  id,
  avatarUrl,
  displayName
}

End-to-End Encrypted Push Notifications System

Overview

The system implements end-to-end encryption for push notifications across iOS and Android platforms using a hybrid encryption scheme combining RSA and AES.

Key Components

Key Management

Each device generates 2048-bit RSA key pair during initialization
Private keys stored securely in platform keychain/keystore
Public keys transmitted to server and stored with device tokens
Keys are accessible only after first device unlock (iOS) or with similar Android restrictions

Encryption Process (Server)

Prepares notification payload with title, message and data
Generates random AES-256 key and IV for GCM encryption
Encrypts payload using AES-GCM producing ciphertext and auth tag
Encrypts AES key with device's public RSA key (OAEP-SHA1 padding)
Packages encrypted components into notification:
- Encrypted AES key
- Ciphertext
- Nonce (IV)
- Authentication tag

Push Delivery

Server sends encrypted package through APNS/FCM
Includes fallback message for legacy app versions
Handles token invalidation and cleanup

Decryption Process (Client)

Device receives notification in background service
Retrieves private RSA key from secure storage
Decrypts AES key using RSA private key
Uses AES key to verify and decrypt payload
Updates notification content with decrypted data

Security Features

Industry standard algorithms (RSA-2048, AES-256-GCM)
Keys never leave secure hardware
Per-notification unique encryption keys
Authenticated encryption prevents tampering
Graceful fallback for pre-unlock state and legacy versions

Implementation Notes

Uses platform-specific secure storage (Keychain/Keystore) with appropriate access controls
Implements OAEP padding for RSA for enhanced security
Handles key rotation and device token management
Provides consistent cross-platform behavior
Includes error handling and logging

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
android		android
build		build
ios		ios
plugin		plugin
src		src
.eslintrc.js		.eslintrc.js
.gitignore		.gitignore
.npmignore		.npmignore
README.md		README.md
app.plugin.js		app.plugin.js
expo-module.config.json		expo-module.config.json
package.json		package.json
tsconfig.json		tsconfig.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Teamtailor Notification Service

Installation in managed Expo projects

End-to-End Encrypted Push Notifications System

Overview

Key Components

Key Management

Encryption Process (Server)

Push Delivery

Decryption Process (Client)

Security Features

Implementation Notes

About

Releases

Packages

Languages

Teamtailor/ttmobile-notification-service

Folders and files

Latest commit

History

Repository files navigation

Teamtailor Notification Service

Installation in managed Expo projects

End-to-End Encrypted Push Notifications System

Overview

Key Components

Key Management

Encryption Process (Server)

Push Delivery

Decryption Process (Client)

Security Features

Implementation Notes

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages