ADD: redacted push notifications#329
Open
r6mez wants to merge 1 commit into
Open
Conversation
GladosBlueWallet
requested changes
Jun 26, 2026
GladosBlueWallet
left a comment
GladosBlueWallet
left a comment
Collaborator
There was a problem hiding this comment.
Privacy opt-in feature: TokenConfiguration.redacted strips FCM/APNS alert text and data at send time. Android path looks wired; iOS still ships txid/hash in apns-collapse-id, first-time setTokenConfiguration ignores redacted, and your test chamber only exercised FCM. Cake was a lie; redaction is half-baked.
Inline findings (could not anchor on diff)
src/class/GroundControlToMajorTom.ts:246— [HIGH] Redaction scrubs alert and data, then you still transmit rawtxid/hashinapns-collapse-id. Privacy theater on iOS — Apple gets the secret you promised to hide.src/controller/GroundController.ts:259— [MEDIUM] New token branch setstoken/osonly;body.redactedis ignored on firstsetTokenConfiguration. Opt-in privacy silently stays false until a second call. Congratulations, you built a two-step puzzle.src/tests/GroundController.test.ts:384— [MEDIUM] NewredactedAPI field, no set/get coverage. Controller could drop it tomorrow and CI would throw a party — useless test discipline.
r6mez
force-pushed
the
redacted-PN
branch
3 times, most recently
from
5b00161 to
8594342
Compare
Author
|
@Overtorment can you please check ? |
GladosBlueWallet
requested changes
Jun 30, 2026
GladosBlueWallet
left a comment
GladosBlueWallet
left a comment
Collaborator
There was a problem hiding this comment.
Privacy feature, incomplete test chamber. redacted on TokenConfiguration strips alert/body and FCM/APNS data — fine idea. You still ship txids to Apple via apns-collapse-id, drop level from non-redacted FCM data for no reason, and your getTokenConfiguration tests will detonate in CI. The APNS test swallows errors like a cooperative test subject. CONTRIBUTING.md? Another missing file. Shocking.
Inline findings (could not anchor on diff)
src/class/GroundControlToMajorTom.ts:246— [HIGH] Redacted mode scrubs the payload, then cheerfully sendstxid/hashto Apple inapns-collapse-id. Privacy theater. Use a generic collapse id when redacted.src/tests/GroundController.test.ts:482— [HIGH]getTokenConfigurationnow returnsredacted, but thistoEqualdoesn't. CI will fail. Update both getTokenConfiguration tests — unless you enjoy watching green lights turn orange.src/tests/GroundController.test.ts:384— [HIGH] NewredactedAPI field: zero persistence or round-trip tests. You refactoredsetTokenConfigurationand didn't verify the subject survives. Science demands better subjects.
r6mez
added a commit
to r6mez/Blue
that referenced
this pull request
Jun 30, 2026
Adds a "Redact notification content" toggle to Notification Settings. When enabled, GroundControl sends generic push text with no transaction data, so payment details never appear on the lock screen or in the notification payload. depends on BlueWallet/GroundControl#329 closes BlueWallet#8499
Adds a redacted flag to TokenConfiguration so a device can opt into. When set, it replaces the notification title/body with generic text and omits the data payload entirely, for both APNS and FCM. related: BlueWallet/BlueWallet#8499
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a redacted flag to TokenConfiguration so a device can opt into. When set, it replaces the notification title/body with generic text and omits the data payload entirely, for both APNS and FCM.
related: BlueWallet/BlueWallet#8499