Networking and Encryption
- Networking throughout the app uses HTTPS encrypted communication
- Keys can be revoked for each unique user/device combination and are never kept in permanent storage
- TLS 1.2+ is enforced by the app at the device Operating System level
- OS-level encryption and sandboxing protects stored data
- Databases are encrypted with SQLCipher
- Everbridge servers are registered using DNS CAA records to prevent man-in-the-middle attacks
End points:
- member.everbridge.net (Note: This is not a complete URL and will not work as is. The full URL depends on your site settings.)
- https://mobilemember.everbridge.net/
- https://geolocation.everbridge.net/locations/batch (Note: This is not a complete URL and will not work as is. The full URL depends on your site settings.)
URL access:
- member.everbridge.net (Note: This is not a complete URL and will not work as is. The full URL depends on your site settings.)
- https://mobilemember.everbridge.net/
- https://geolocation.everbridge.net/locations/batch (Note: This is not a complete URL and will not work as is. The full URL depends on your site settings.)
- *.pubnub.com (for incident chat)
Apple push notifications:
- https://support.apple.com/en-us/HT203609
- TCP port 5223 (used by devices to communicate to the APNs servers)
- TCP port 2195 (used to send notifications to the APNs)
- TCP port 2196 (used by the APNs feedback service)
- TCP Port 443 (used as a fallback on Wi-fi only, when devices are unable to communicate to APNs on port 5223)
- The entire 17.0.0.0/8 address block is assigned to Apple, so it’s best to allow this range in your firewall settings
Android push notifications:
- https://firebase.google.com/docs/cloud-messaging/concept-options#messaging_ports_and_your_firewall
- Port 5228
- Port 5229
- Port 5230
- If you’re using Network Address Translation (NAT) or Stateful Packet Inspection (SPI), implement a 30 minute or larger timeout for connections over ports 5228-5230. This enables us to provide reliable connectivity while reducing the battery consumption of your users’ mobile devices.
- FCM IPs change frequently so for outbound google connections: No IP restrictions OR all IP in IPv4 & IPv6 blocks listed in Google’s ASN of 15169
Article Feedback
While we can’t respond to you directly, we’d love to know how we can improve the article.
Please sign in to leave a comment.