Expo Push Token Security

  1. SDK Version: 38
  2. Platforms(Android/iOS/web/all): Android/iOS

I’m interested in using the ExpoPushToken to send push notifications to my users. I am concerned that if the ExpoPushToken is leaked, a bad actor can send arbitrary notifications to users. I noticed that in the Node library: https://github.com/expo/expo-server-sdk-node, there is a reference to “enabling push security” and providing an access token but I didn’t find any information on how to do this. Is this a planned feature that hasn’t been implemented yet, or is there a place where I can read up on it? Thanks

Hi @jazonrizehq,

Yes, we are currently testing a feature to provide an additional layer of security in case your users’ push tokens were compromised. If you’d like to help us test before it is generally available, just let us know which account you would be testing on.

Cheers,
TC

Hi, I am interested. The testing account is @jazonrizehq. Thanks!

Hi @jazonrizehq, you should be all set up! You can access the setting for additional push security from https://expo.io/settings/access-tokens.
Please let me know once you have a chance to try it!

Cheers,
TC

Thank you so much!

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.