Comm

comm code corner ep 2

one of the ways that we improve on Signal's security is that we sandbox notifs

keys for decrypting notifs on iOS have to be stored under the "After First Unlock" policy. we use separate keys for notifs, which allows us to use the more secure "When Unlocked" policy for the rest of your content

explainer here: https://x.com/matthew_d_green/status/1341751330843598851 

docs here: https://developer.apple.com/documentation/security/keychain_services/keychain_items/restricting_keychain_item_accessibility#overview

code here: https://github.com/CommE2E/comm/blob/master/native/ios/NotificationService/NotificationService.mm