Comment by zer0x4d

If the notifications were to be truly E2EE, it would have to work something like this:

1. Generate a local key pair per app (never uploaded to Apple). 2. Each app can request their public key from iOS (or provided with (void) application:(UIApplication )application didRegisterForRemoteNotificationsWithDeviceToken:(NSData )deviceToken andPublickKey: (NSData *)publicKey;). 3. App uploads token + public key to their own server. 4. Server encrypts notification payload with the public key before sending to APNS. 5. Apple forwards encrypted payload to device. 6. Device uses the bundle name to look up the local private key and uses it to decrypt the payload.