Update keychain access groups

2025-08-08 08:31:13 +00:00 · 2019-04-04 20:42:49 +04:00 · 2019-04-04 20:42:49 +04:00 · 440383e24f
commit 440383e24f
parent 499bc0b018
17 changed files with 196 additions and 95 deletions
--- a/NotificationContent/NotificationViewController.swift
+++ b/NotificationContent/NotificationViewController.swift
@ -67,7 +67,8 @@ class NotificationViewController: UIViewController, UNNotificationContentExtensi
        let apiId: Int32 = BuildConfig.shared().apiId
        let languagesCategory = "ios"
        
-        let appGroupName = "group.\(appBundleIdentifier[..<lastDotRange.lowerBound])"
+        let baseAppBundleId = String(appBundleIdentifier[..<lastDotRange.lowerBound])
+        let appGroupName = "group.\(baseAppBundleId)"
        let maybeAppGroupUrl = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupName)
        
        guard let appGroupUrl = maybeAppGroupUrl else {
@ -117,7 +118,7 @@ class NotificationViewController: UIViewController, UNNotificationContentExtensi
            
            let appVersion = (Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String) ?? "unknown"
            
-            let deviceSpecificEncryptionParameters = BuildConfig.deviceSpecificEncryptionParameters(rootPath)
+            let deviceSpecificEncryptionParameters = BuildConfig.deviceSpecificEncryptionParameters(rootPath, baseAppBundleId: baseAppBundleId)
            let encryptionParameters = ValueBoxEncryptionParameters(key: ValueBoxEncryptionParameters.Key(data: deviceSpecificEncryptionParameters.key)!, salt: ValueBoxEncryptionParameters.Salt(data: deviceSpecificEncryptionParameters.salt)!)
            
            sharedAccountContext = SharedAccountContext(mainWindow: nil, basePath: rootPath, encryptionParameters: encryptionParameters, accountManager: accountManager, applicationBindings: applicationBindings, initialPresentationDataAndSettings: initialPresentationDataAndSettings!, networkArguments: NetworkInitializationArguments(apiId: apiId, languagesCategory: languagesCategory, appVersion: appVersion, voipMaxLayer: 0, appData: BuildConfig.shared().bundleData), rootPath: rootPath, legacyBasePath: nil, legacyCache: nil, apsNotificationToken: .never(), voipNotificationToken: .never(), setNotificationCall: { _ in }, navigateToChat: { _, _, _ in })
--- a/Share/Share-AppStore.entitlements
+++ b/Share/Share-AppStore.entitlements
@ -6,5 +6,9 @@
 	<array>
 		<string>group.org.telegram.TelegramHD</string>
 	</array>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)org.telegram.TelegramHD</string>
+	</array>
 </dict>
 </plist>
--- a/Share/Share-AppStoreLLC.entitlements
+++ b/Share/Share-AppStoreLLC.entitlements
@ -6,5 +6,9 @@
 	<array>
 		<string>group.ph.telegra.Telegraph</string>
 	</array>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)ph.telegra.Telegraph</string>
+	</array>
 </dict>
 </plist>
--- a/Share/Share-HockeyApp.entitlements
+++ b/Share/Share-HockeyApp.entitlements
@ -6,5 +6,9 @@
 	<array>
 		<string>group.org.telegram.Telegram-iOS</string>
 	</array>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)org.telegram.Telegram-iOS</string>
+	</array>
 </dict>
 </plist>
--- a/Share/ShareRootController.swift
+++ b/Share/ShareRootController.swift
@ -107,7 +107,8 @@ class ShareRootController: UIViewController {
            let apiId: Int32 = BuildConfig.shared().apiId
            let languagesCategory = "ios"
            
-            let appGroupName = "group.\(appBundleIdentifier[..<lastDotRange.lowerBound])"
+            let baseAppBundleId = String(appBundleIdentifier[..<lastDotRange.lowerBound])
+            let appGroupName = "group.\(baseAppBundleId)"
            let maybeAppGroupUrl = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupName)
            
            guard let appGroupUrl = maybeAppGroupUrl else {
@ -160,7 +161,7 @@ class ShareRootController: UIViewController {
                })
                semaphore.wait()
                
-                let deviceSpecificEncryptionParameters = BuildConfig.deviceSpecificEncryptionParameters(rootPath)
+                let deviceSpecificEncryptionParameters = BuildConfig.deviceSpecificEncryptionParameters(rootPath, baseAppBundleId: baseAppBundleId)
                let encryptionParameters = ValueBoxEncryptionParameters(key: ValueBoxEncryptionParameters.Key(data: deviceSpecificEncryptionParameters.key)!, salt: ValueBoxEncryptionParameters.Salt(data: deviceSpecificEncryptionParameters.salt)!)
                
                let sharedContext = SharedAccountContext(mainWindow: nil, basePath: rootPath, encryptionParameters: encryptionParameters, accountManager: accountManager, applicationBindings: applicationBindings, initialPresentationDataAndSettings: initialPresentationDataAndSettings!, networkArguments: NetworkInitializationArguments(apiId: apiId, languagesCategory: languagesCategory, appVersion: appVersion, voipMaxLayer: 0, appData: BuildConfig.shared().bundleData), rootPath: rootPath, legacyBasePath: nil, legacyCache: nil, apsNotificationToken: .never(), voipNotificationToken: .never(), setNotificationCall: { _ in }, navigateToChat: { _, _, _ in })
--- a/SiriIntents/IntentHandler.swift
+++ b/SiriIntents/IntentHandler.swift
@ -58,7 +58,8 @@ class IntentHandler: INExtension, INSendMessageIntentHandling, INSearchForMessag
        let apiId: Int32 = BuildConfig.shared().apiId
        let languagesCategory = "ios"
        
-        let appGroupName = "group.\(appBundleIdentifier[..<lastDotRange.lowerBound])"
+        let baseAppBundleId = String(appBundleIdentifier[..<lastDotRange.lowerBound])
+        let appGroupName = "group.\(baseAppBundleId)"
        let maybeAppGroupUrl = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupName)
        
        guard let appGroupUrl = maybeAppGroupUrl else {
@ -84,7 +85,7 @@ class IntentHandler: INExtension, INSendMessageIntentHandling, INSearchForMessag
            initializeAccountManagement()
            let accountManager = AccountManager(basePath: rootPath + "/accounts-metadata")
            
-            let deviceSpecificEncryptionParameters = BuildConfig.deviceSpecificEncryptionParameters(rootPath)
+            let deviceSpecificEncryptionParameters = BuildConfig.deviceSpecificEncryptionParameters(rootPath, baseAppBundleId: baseAppBundleId)
            let encryptionParameters = ValueBoxEncryptionParameters(key: ValueBoxEncryptionParameters.Key(data: deviceSpecificEncryptionParameters.key)!, salt: ValueBoxEncryptionParameters.Salt(data: deviceSpecificEncryptionParameters.salt)!)
            
            account = currentAccount(allocateIfNotExists: false, networkArguments: NetworkInitializationArguments(apiId: apiId, languagesCategory: languagesCategory, appVersion: appVersion, voipMaxLayer: 0, appData: BuildConfig.shared().bundleData), supplementary: true, manager: accountManager, rootPath: rootPath, auxiliaryMethods: accountAuxiliaryMethods, encryptionParameters: encryptionParameters)
--- a/Telegram-iOS.xcodeproj/project.pbxproj
+++ b/Telegram-iOS.xcodeproj/project.pbxproj
@ -2769,6 +2769,9 @@
 							com.apple.BackgroundModes = {
 								enabled = 1;
 							};
+							com.apple.Keychain = {
+								enabled = 1;
+							};
 							com.apple.Push = {
 								enabled = 1;
 							};
@ -2804,6 +2807,9 @@
 							com.apple.ApplicationGroups.iOS = {
 								enabled = 1;
 							};
+							com.apple.Keychain = {
+								enabled = 1;
+							};
 						};
 					};
 					D0B2F736204F4C9900D3BFB9 = {
--- a/Telegram-iOS/AppDelegate.swift
+++ b/Telegram-iOS/AppDelegate.swift
@ -13,6 +13,8 @@ import CloudKit

 private let handleVoipNotifications = false

+private var testIsLaunched = false
+
 private func encodeText(_ string: String, _ key: Int) -> String {
    var result = ""
    for c in string.unicodeScalars {
@ -200,6 +202,12 @@ final class SharedApplicationContext {
    }
    
    func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplicationLaunchOptionsKey: Any]? = nil) -> Bool {
+        if testIsLaunched {
+            return true
+        } else {
+            testIsLaunched = true
+        }
+        
        let statusBarHost = ApplicationStatusBarHost()
        let (window, hostView) = nativeWindowHostView()
        self.mainWindow = Window1(hostView: hostView, statusBarHost: statusBarHost)
@ -346,7 +354,8 @@ final class SharedApplicationContext {
        
        let networkArguments = NetworkInitializationArguments(apiId: apiId, languagesCategory: languagesCategory, appVersion: appVersion, voipMaxLayer: PresentationCallManager.voipMaxLayer, appData: BuildConfig.shared().bundleData)
        
-        let appGroupName = "group.\(Bundle.main.bundleIdentifier!)"
+        let baseAppBundleId = Bundle.main.bundleIdentifier!
+        let appGroupName = "group.\(baseAppBundleId)"
        let maybeAppGroupUrl = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupName)
        
        guard let appGroupUrl = maybeAppGroupUrl else {
@ -372,7 +381,7 @@ final class SharedApplicationContext {
        let rootPath = rootPathForBasePath(appGroupUrl.path)
        performAppGroupUpgrades(appGroupPath: appGroupUrl.path, rootPath: rootPath)
        
-        let deviceSpecificEncryptionParameters = BuildConfig.deviceSpecificEncryptionParameters(rootPath)
+        let deviceSpecificEncryptionParameters = BuildConfig.deviceSpecificEncryptionParameters(rootPath, baseAppBundleId: baseAppBundleId)
        let encryptionParameters = ValueBoxEncryptionParameters(key: ValueBoxEncryptionParameters.Key(data: deviceSpecificEncryptionParameters.key)!, salt: ValueBoxEncryptionParameters.Salt(data: deviceSpecificEncryptionParameters.salt)!)
        
        TempBox.initializeShared(basePath: rootPath, processType: "app", launchSpecificId: arc4random64())
--- a/Telegram-iOS/BuildConfig.h
+++ b/Telegram-iOS/BuildConfig.h
@ -20,6 +20,6 @@
@property (nonatomic, readonly) int64_t appStoreId;
@property (nonatomic, strong, readonly) NSString * _Nonnull appSpecificUrlScheme;

-+ (DeviceSpecificEncryptionParameters * _Nonnull)deviceSpecificEncryptionParameters:(NSString * _Nonnull)rootPath;
+ (DeviceSpecificEncryptionParameters * _Nonnull)deviceSpecificEncryptionParameters:(NSString * _Nonnull)rootPath baseAppBundleId:(NSString * _Nonnull)baseAppBundleId;

@end
--- a/Telegram-iOS/BuildConfig.m
+++ b/Telegram-iOS/BuildConfig.m
@ -451,13 +451,43 @@ static MTPKCS * _Nullable checkSignature(const char *filename) {
    return @(APP_SPECIFIC_URL_SCHEME);
 }

-+ (LocalPrivateKey * _Nullable)getLocalPrivateKey {
+ (NSString * _Nullable)bundleSeedId {
+    NSDictionary *query = [NSDictionary dictionaryWithObjectsAndKeys:
+       (__bridge NSString *)kSecClassGenericPassword, (__bridge NSString *)kSecClass,
+       @"bundleSeedID", kSecAttrAccount,
+       @"", kSecAttrService,
+       (id)kCFBooleanTrue, kSecReturnAttributes,
+    nil];
+    CFDictionaryRef result = nil;
+    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
+    if (status == errSecItemNotFound) {
+        status = SecItemAdd((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
+    }
+    if (status != errSecSuccess) {
+        return nil;
+    }
+    NSString *accessGroup = [(__bridge NSDictionary *)result objectForKey:(__bridge NSString *)kSecAttrAccessGroup];
+    NSArray *components = [accessGroup componentsSeparatedByString:@"."];
+    NSString *bundleSeedID = [[components objectEnumerator] nextObject];
+    CFRelease(result);
+    return bundleSeedID;
+}
+
+ (LocalPrivateKey * _Nullable)getLocalPrivateKey:(NSString * _Nonnull)baseAppBundleId {
+    NSString *bundleSeedId = [self bundleSeedId];
+    if (bundleSeedId == nil) {
+        return nil;
+    }
+    
+    NSString *accessGroup = [bundleSeedId stringByAppendingFormat:@".%@", baseAppBundleId];
+    
    NSData *applicationTag = [@"telegramLocalKey" dataUsingEncoding:NSUTF8StringEncoding];
    
    NSDictionary *query = @{
        (id)kSecClass: (id)kSecClassKey,
        (id)kSecAttrApplicationTag: applicationTag,
        (id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom,
+        (id)kSecAttrAccessGroup: (id)accessGroup,
        (id)kSecReturnRef: @YES,
    };
    SecKeyRef privateKey = NULL;
@ -486,8 +516,36 @@ static MTPKCS * _Nullable checkSignature(const char *filename) {
    return result;
 }

-+ (LocalPrivateKey * _Nullable)addLocalPrivateKey {
+ (bool)removeLocalPrivateKey:(NSString * _Nonnull)baseAppBundleId {
+    NSString *bundleSeedId = [self bundleSeedId];
+    if (bundleSeedId == nil) {
+        return nil;
+    }
+    
    NSData *applicationTag = [@"telegramLocalKey" dataUsingEncoding:NSUTF8StringEncoding];
+    NSString *accessGroup = [bundleSeedId stringByAppendingFormat:@".%@", baseAppBundleId];
+    
+    NSDictionary *query = @{
+        (id)kSecClass: (id)kSecClassKey,
+        (id)kSecAttrApplicationTag: applicationTag,
+        (id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom,
+        (id)kSecAttrAccessGroup: (id)accessGroup
+    };
+    OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query);
+    if (status != errSecSuccess) {
+        return false;
+    }
+    return true;
+}
+
+ (LocalPrivateKey * _Nullable)addLocalPrivateKey:(NSString * _Nonnull)baseAppBundleId {
+    NSString *bundleSeedId = [self bundleSeedId];
+    if (bundleSeedId == nil) {
+        return nil;
+    }
+    
+    NSData *applicationTag = [@"telegramLocalKey" dataUsingEncoding:NSUTF8StringEncoding];
+    NSString *accessGroup = [bundleSeedId stringByAppendingFormat:@".%@", baseAppBundleId];
    
    SecAccessControlRef access = SecAccessControlCreateWithFlags(kCFAllocatorDefault, kSecAttrAccessibleAlwaysThisDeviceOnly, kSecAccessControlPrivateKeyUsage, NULL);
    NSDictionary *attributes = @{
@ -498,6 +556,7 @@ static MTPKCS * _Nullable checkSignature(const char *filename) {
            (id)kSecAttrIsPermanent: @YES,
            (id)kSecAttrApplicationTag: applicationTag,
            (id)kSecAttrAccessControl: (__bridge id)access,
+            (id)kSecAttrAccessGroup: (id)accessGroup,
        },
    };
    
@ -540,7 +599,7 @@ static MTPKCS * _Nullable checkSignature(const char *filename) {
    return result;
 }

-+ (DeviceSpecificEncryptionParameters * _Nonnull)deviceSpecificEncryptionParameters:(NSString * _Nonnull)rootPath {
+ (DeviceSpecificEncryptionParameters * _Nonnull)deviceSpecificEncryptionParameters:(NSString * _Nonnull)rootPath baseAppBundleId:(NSString * _Nonnull)baseAppBundleId {
    CFAbsoluteTime startTime = CFAbsoluteTimeGetCurrent();
    
    NSString *filePath = [rootPath stringByAppendingPathComponent:@".tempkey"];
@ -562,10 +621,10 @@ static MTPKCS * _Nullable checkSignature(const char *filename) {
        [resultData writeToFile:filePath atomically:false];
    }
    
-    LocalPrivateKey *localPrivateKey = [self getLocalPrivateKey];
+    LocalPrivateKey *localPrivateKey = [self getLocalPrivateKey:baseAppBundleId];
    
    if (localPrivateKey == nil) {
-        localPrivateKey = [self addLocalPrivateKey];
+        localPrivateKey = [self addLocalPrivateKey:baseAppBundleId];
    }
    
    NSData *currentEncryptedData = [NSData dataWithContentsOfFile:encryptedPath];
@ -573,7 +632,12 @@ static MTPKCS * _Nullable checkSignature(const char *filename) {
    if (localPrivateKey != nil) {
        if (currentEncryptedData != nil) {
            NSData *decryptedData = [localPrivateKey decrypt:currentEncryptedData];
-            assert([resultData isEqualToData:decryptedData]);
+            
+            if (![resultData isEqualToData:decryptedData]) {
+                NSData *encryptedData = [localPrivateKey encrypt:resultData];
+                [encryptedData writeToFile:encryptedPath atomically:false];
+                assert(false);
+            }
        } else {
            NSData *encryptedData = [localPrivateKey encrypt:resultData];
            [encryptedData writeToFile:encryptedPath atomically:false];
--- a/Telegram-iOS/Telegram-iOS-Hockeyapp.entitlements
+++ b/Telegram-iOS/Telegram-iOS-Hockeyapp.entitlements
@ -28,5 +28,9 @@
 	<array>
 		<string>group.org.telegram.Telegram-iOS</string>
 	</array>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)org.telegram.Telegram-iOS</string>
+	</array>
 </dict>
 </plist>
--- a/Telegram-iOS/en.lproj/Localizable.strings
+++ b/Telegram-iOS/en.lproj/Localizable.strings
@ -1,69 +1,65 @@
 // Notifications
-"PUSH_MESSAGE_TEXT" = "%1$@: %2$@";
-"PUSH_MESSAGE_NOTEXT" = "%1$@ sent you a message";
-"PUSH_MESSAGE_PHOTO" = "%1$@ sent you a photo";
-"PUSH_MESSAGE_PHOTO_SECRET" = "%1$@ sent you a self-destructing photo";
-"PUSH_MESSAGE_VIDEO" = "%1$@ sent you a video";
-"PUSH_MESSAGE_VIDEO_SECRET" = "%1$@ sent you a self-destructing video";
-"PUSH_MESSAGE_ROUND" = "%1$@ sent you a video message";
-"PUSH_MESSAGE_CONTACT" = "%1$@ shared a contact with you";
-"PUSH_MESSAGE_GEO" = "%1$@ sent you a map";
-"PUSH_MESSAGE_GEOLIVE" = "%1$@ started sharing their live location";
-"PUSH_MESSAGE_DOC" = "%1$@ sent you a file";
-"PUSH_MESSAGE_AUDIO" = "%1$@ sent you a voice message";
-"PUSH_MESSAGE_GIF" = "%1$@ sent you a GIF";
+"PUSH_MESSAGE_TEXT" = "%1$@|%2$@";
+"PUSH_MESSAGE_NOTEXT" = "%1$@|sent you a message";
+"PUSH_MESSAGE_PHOTO" = "%1$@|sent you a photo";
+"PUSH_MESSAGE_PHOTO_SECRET" = "%1$@|sent you a self-destructing photo";
+"PUSH_MESSAGE_VIDEO" = "%1$@|sent you a video";
+"PUSH_MESSAGE_VIDEO_SECRET" = "%1$@|sent you a self-destructing video";
+"PUSH_MESSAGE_ROUND" = "%1$@|sent you a video message";
+"PUSH_MESSAGE_CONTACT" = "%1$@|shared a contact %2$@ with you";
+"PUSH_MESSAGE_GEO" = "%1$@|sent you a map";
+"PUSH_MESSAGE_GEOLIVE" = "%1$@|started sharing their live location";
+"PUSH_MESSAGE_DOC" = "%1$@|sent you a file";
+"PUSH_MESSAGE_AUDIO" = "%1$@|sent you a voice message";
+"PUSH_MESSAGE_GIF" = "%1$@|sent you a GIF";
 "PUSH_ENCRYPTED_MESSAGE" = "You have a new message%1$@";
 "PUSH_LOCKED_MESSAGE" = "You have a new message%1$@";
-"PUSH_MESSAGE_SCREENSHOT" = "%1$@ took a screenshot!";
+"PUSH_MESSAGE_SCREENSHOT" = "%1$@|took a screenshot!";
 "PUSH_ENCRYPTION_REQUEST" = "New encryption request%1$@";
 "PUSH_ENCRYPTION_ACCEPT" = "Your encryption request was accepted%1$@";

-"PUSH_MESSAGE_POLL" = "%1$@ sent you a poll";
-"PUSH_CHANNEL_MESSAGE_POLL" = "%1$@ posted a poll";
-"PUSH_CHAT_MESSAGE_POLL" = "%1$@ sent a poll to the group %2$@";
-"PUSH_PINNED_POLL" = "%1$@ pinned a poll";
+"PUSH_MESSAGE_POLL" = "%1$@|sent you a poll %2$@";
+"PUSH_CHANNEL_MESSAGE_POLL" = "%1$@|posted a poll %2$@";
+"PUSH_PINNED_POLL" = "%1$@|pinned a poll";

-"PUSH_CHAT_MESSAGE_TEXT" = "%1$@@%2$@: %3$@";
-"PUSH_CHAT_MESSAGE_NOTEXT" = "%1$@ sent a message to the group %2$@";
-"PUSH_CHAT_MESSAGE_PHOTO" = "%1$@ sent a photo to the group %2$@";
-"PUSH_CHAT_MESSAGE_VIDEO" = "%1$@ sent a video to the group %2$@";
-"PUSH_CHAT_MESSAGE_ROUND" = "%1$@ sent a video message to the group %2$@";
-"PUSH_CHAT_MESSAGE_CONTACT" = "%1$@ shared a contact in the group %2$@";
-"PUSH_CHAT_MESSAGE_GEO" = "%1$@ sent a map to the group %2$@";
-"PUSH_CHAT_MESSAGE_GEOLIVE" = "%1$@ started sharing their live location with %2$@";
-"PUSH_CHAT_MESSAGE_DOC" = "%1$@ sent a file to the group %2$@";
-"PUSH_CHAT_MESSAGE_AUDIO" = "%1$@ sent a voice message to the group %2$@";
-"PUSH_CHAT_MESSAGE_GIF" = "%1$@ sent a GIF to the group %2$@";
-"PUSH_CHAT_CREATED" = "%1$@ invited you to the group %2$@";
-"PUSH_CHAT_TITLE_EDITED" = "%1$@ edited the group's %2$@ name";
-"PUSH_CHAT_PHOTO_EDITED" = "%1$@ edited the group's %2$@ photo";
-"PUSH_CHAT_ADD_MEMBER" = "%1$@ invited %3$@ to the group %2$@";
-"PUSH_CHAT_ADD_YOU" = "%1$@ invited you to the group %2$@";
-"PUSH_CHAT_DELETE_YOU" = "%1$@ removed you from the group %2$@";
-"PUSH_CHAT_DELETE_MEMBER" = "%1$@ removed %3$@ from the group %2$@";
-"PUSH_CHAT_LEFT" = "%1$@ left the group %2$@";
-"PUSH_CHAT_RETURNED" = "%1$@ returned to the group %2$@";
-"PUSH_CHAT_MESSAGE_PHOTOS" = "%1$@ sent %3$@ photos to the group %2$@";
-"PUSH_CHAT_MESSAGES" = "%1$@ sent %3$@ messages to the group %2$@";
+"PUSH_CHAT_MESSAGE_TEXT" = "%2$@|%1$@: %3$@";
+"PUSH_CHAT_MESSAGE_NOTEXT" = "%2$@|%1$@ sent a message";
+"PUSH_CHAT_MESSAGE_PHOTO" = "%2$@|%1$@ sent a photo";
+"PUSH_CHAT_MESSAGE_VIDEO" = "%2$@|%1$@ sent a video";
+"PUSH_CHAT_MESSAGE_ROUND" = "%2$@|%1$@ sent a video message";
+"PUSH_CHAT_MESSAGE_CONTACT" = "%2$@|%1$@ shared a contact %3$@";
+"PUSH_CHAT_MESSAGE_GEO" = "%2$@|%1$@ sent a map";
+"PUSH_CHAT_MESSAGE_GEOLIVE" = "%2$@|%1$@ started sharing their live location";
+"PUSH_CHAT_MESSAGE_DOC" = "%2$@|%1$@ sent a file";
+"PUSH_CHAT_MESSAGE_AUDIO" = "%2$@|%1$@ sent a voice message";
+"PUSH_CHAT_MESSAGE_GIF" = "%2$@|%1$@ sent a GIF";
+"PUSH_CHAT_CREATED" = "%2$@|%1$@ invited you to the group";
+"PUSH_CHAT_TITLE_EDITED" = "%2$@|%1$@ edited the group's name";
+"PUSH_CHAT_PHOTO_EDITED" = "%2$@|%1$@ edited the group's photo";
+"PUSH_CHAT_ADD_MEMBER" = "%2$@|%1$@ invited %3$@ to the group";
+"PUSH_CHAT_ADD_YOU" = "%2$@|%1$@ invited you to the group";
+"PUSH_CHAT_DELETE_YOU" = "%2$@|%1$@ removed you from the group";
+"PUSH_CHAT_DELETE_MEMBER" = "%2$@|%1$@ removed %3$@ from the group";
+"PUSH_CHAT_LEFT" = "%2$@|%1$@ left the group";
+"PUSH_CHAT_RETURNED" = "%2$@|%1$@ returned to the group";

-"PUSH_MESSAGE_STICKER" = "%1$@ sent you a %2$@sticker";
-"PUSH_CHAT_MESSAGE_STICKER" = "%1$@ sent a %3$@sticker to the group %2$@";
+"PUSH_MESSAGE_STICKER" = "%1$@|sent you a %2$@sticker";
+"PUSH_CHAT_MESSAGE_STICKER" = "%2$@|%1$@ sent a %3$@sticker";

-"PUSH_CONTACT_JOINED" = "%1$@ joined Telegram!";
+"PUSH_CONTACT_JOINED" = "%1$@|joined Telegram!";

-"PUSH_CHANNEL_MESSAGE_TEXT" = "%1$@: %2$@";
-"PUSH_CHANNEL_MESSAGE_NOTEXT" = "%1$@ posted a message";
-"PUSH_CHANNEL_MESSAGE_PHOTO" = "%1$@ posted a photo";
-"PUSH_CHANNEL_MESSAGE_VIDEO" = "%1$@ posted a video";
-"PUSH_CHANNEL_MESSAGE_ROUND" = "%1$@ posted a video message";
-"PUSH_CHANNEL_MESSAGE_DOC" = "%1$@ posted a document";
-"PUSH_CHANNEL_MESSAGE_STICKER" = "%1$@ posted a %2$@sticker";
-"PUSH_CHANNEL_MESSAGE_AUDIO" = "%1$@ posted a voice message";
-"PUSH_CHANNEL_MESSAGE_CONTACT" = "%1$@ posted a contact";
-"PUSH_CHANNEL_MESSAGE_GEO" = "%1$@ posted a map";
-"PUSH_CHANNEL_MESSAGE_GEOLIVE" = "%1$@ posted a live location";
-"PUSH_CHANNEL_MESSAGE_GIF" = "%1$@ posted a GIF";
-"PUSH_CHANNEL_MESSAGES" = "%1$@ posted %2$@ messages";
+"PUSH_CHANNEL_MESSAGE_TEXT" = "%1$@|%2$@";
+"PUSH_CHANNEL_MESSAGE_NOTEXT" = "%1$@|posted a message";
+"PUSH_CHANNEL_MESSAGE_PHOTO" = "%1$@|posted a photo";
+"PUSH_CHANNEL_MESSAGE_VIDEO" = "%1$@|posted a video";
+"PUSH_CHANNEL_MESSAGE_ROUND" = "%1$@|posted a video message";
+"PUSH_CHANNEL_MESSAGE_DOC" = "%1$@|posted a document";
+"PUSH_CHANNEL_MESSAGE_STICKER" = "%1$@|posted a %2$@sticker";
+"PUSH_CHANNEL_MESSAGE_AUDIO" = "%1$@|posted a voice message";
+"PUSH_CHANNEL_MESSAGE_CONTACT" = "%1$@|posted a %2$@ contact";
+"PUSH_CHANNEL_MESSAGE_GEO" = "%1$@|posted a map";
+"PUSH_CHANNEL_MESSAGE_GEOLIVE" = "%1$@|posted a live location";
+"PUSH_CHANNEL_MESSAGE_GIF" = "%1$@|posted a GIF";

 "PUSH_PINNED_TEXT" = "%1$@ pinned \"%2$@\" ";
 "PUSH_PINNED_NOTEXT" = "%1$@ pinned a message";
@ -73,14 +69,13 @@
 "PUSH_PINNED_DOC" = "%1$@ pinned a file";
 "PUSH_PINNED_STICKER" = "%1$@ pinned a %2$@sticker";
 "PUSH_PINNED_AUDIO" = "%1$@ pinned a voice message";
-"PUSH_PINNED_CONTACT" = "%1$@ pinned a contact";
 "PUSH_PINNED_GEO" = "%1$@ pinned a map";
 "PUSH_PINNED_GEOLIVE" = "%1$@ pinned a live location";
 "PUSH_PINNED_GIF" = "%1$@ pinned a GIF";

-"PUSH_MESSAGE_GAME" = "%1$@ invited you to play %2$@";
-"PUSH_CHANNEL_MESSAGE_GAME" = "%1$@ invited you to play %2$@";
-"PUSH_CHAT_MESSAGE_GAME" = "%1$@ invited the group %2$@ to play %3$@";
+"PUSH_MESSAGE_GAME" = "%1$@|invited you to play %2$@";
+"PUSH_CHANNEL_MESSAGE_GAME" = "%1$@|invited you to play %2$@";
+"PUSH_CHAT_MESSAGE_GAME" = "%2$@|%1$@ invited the group to play %3$@";
 "PUSH_PINNED_GAME" = "%1$@ pinned a game";

 "PUSH_MESSAGE_TEXT" = "%1$@|%2$@";
@ -114,8 +109,8 @@
 "PUSH_MESSAGE_ROUNDS_1" = "%1$@|sent you a video message";
 "PUSH_MESSAGE_ROUNDS_any" = "%1$@|sent you %2$d video messages";
 "PUSH_MESSAGE" = "%1$@|sent you a message";
-"PUSH_MESSAGES_1" = "%1$@|sent you a message";
-"PUSH_MESSAGES_any" = "%1$@|sent you %2$d messages";
+"PUSH_MESSAGES_1" = "%1$@|sent you an album";
+"PUSH_MESSAGES_any" = "%1$@|sent you an album";

 "PUSH_CHANNEL_MESSAGE_TEXT" = "%1$@|%2$@";
 "PUSH_CHANNEL_MESSAGE_NOTEXT" = "%1$@|posted a message";
@ -140,16 +135,15 @@
 "PUSH_CHANNEL_MESSAGE_VIDEO" = "%1$@|posted a video";
 "PUSH_CHANNEL_MESSAGE_VIDEOS_1" = "%1$@|posted a video";
 "PUSH_CHANNEL_MESSAGE_VIDEOS_any" = "%1$@|posted %2$d videos";
-"PUSH_CHANNEL_MESSAGE_ROUND" = "%1$@|posted a round video";
-"PUSH_CHANNEL_MESSAGE_ROUNDS_1" = "%1$@|posted a round video";
-"PUSH_CHANNEL_MESSAGE_ROUNDS_any" = "%1$@|posted %2$d round videos";
+"PUSH_CHANNEL_MESSAGE_ROUND" = "%1$@|posted a video message";
+"PUSH_CHANNEL_MESSAGE_ROUNDS_1" = "%1$@|posted a video message";
+"PUSH_CHANNEL_MESSAGE_ROUNDS_any" = "%1$@|posted %2$d video messages";
 "PUSH_CHANNEL_MESSAGE" = "%1$@|posted a message";
-"PUSH_CHANNEL_MESSAGES_1" = "%1$@|posted a message";
-"PUSH_CHANNEL_MESSAGES_any" = "%1$@|posted %2$d messages";
+"PUSH_CHANNEL_MESSAGES_1" = "%1$@|posted an album";
+"PUSH_CHANNEL_MESSAGES_any" = "%1$@|posted an album";

 "PUSH_CHAT_MESSAGE_TEXT" = "%2$@|%1$@:%3$@";
 "PUSH_CHAT_MESSAGE_NOTEXT" = "%2$@|%1$@ sent a message to the group";
-"PUSH_CHAT_MESSAGE_PHOTO" = "%2$@|%1$@ sent a photo";
 "PUSH_CHAT_MESSAGE_VIDEO" = "%2$@|%1$@ sent a video ";
 "PUSH_CHAT_MESSAGE_ROUND" = "%2$@|%1$@ sent a video message";
 "PUSH_CHAT_MESSAGE_DOC" = "%2$@|%1$@ sent a file";
@ -158,7 +152,7 @@
 "PUSH_CHAT_MESSAGE_CONTACT" = "%2$@|%1$@ shared a contact";
 "PUSH_CHAT_MESSAGE_GEO" = "%2$@|%1$@ sent a map";
 "PUSH_CHAT_MESSAGE_GEOLIVE" = "%2$@|%1$@ started sharing their live location";
-"PUSH_CHAT_MESSAGE_POLL" = "%2$@|%1$@ sent a poll";
+"PUSH_CHAT_MESSAGE_POLL" = "%2$@|%1$@ sent a poll %3$@ to the group";
 "PUSH_CHAT_MESSAGE_GIF" = "%2$@|%1$@ sent a GIF";
 "PUSH_CHAT_MESSAGE_GAME" = "%2$@|%1$@ invited the group to play %3$@";
 "PUSH_CHAT_MESSAGE_INVOICE" = "%2$@|%1$@ sent an invoice for %3$@";
@ -185,8 +179,8 @@
 "PUSH_CHAT_MESSAGE_ROUNDS_1" = "%2$@|%1$@ sent a video message";
 "PUSH_CHAT_MESSAGE_ROUNDS_any" = "%2$@|%1$@ sent %3$d video messages";
 "PUSH_CHAT_MESSAGE" = "%2$@|%1$@ sent a message";
-"PUSH_CHAT_MESSAGES_1" = "%2$@|%1$@ sent a message";
-"PUSH_CHAT_MESSAGES_any" = "%2$@|%1$@ sent %3$d messages";
+"PUSH_CHAT_MESSAGES_1" = "%2$@|%1$@ sent an album";
+"PUSH_CHAT_MESSAGES_any" = "%2$@|%1$@ sent an album";

 "PUSH_PINNED_TEXT" = "%1$@|pinned \"%2$@\" ";
 "PUSH_PINNED_NOTEXT" = "%1$@|pinned a message";
@ -196,10 +190,10 @@
 "PUSH_PINNED_DOC" = "%1$@|pinned a file";
 "PUSH_PINNED_STICKER" = "%1$@|pinned a %2$@sticker";
 "PUSH_PINNED_AUDIO" = "%1$@|pinned a voice message";
-"PUSH_PINNED_CONTACT" = "%1$@|pinned a contact";
+"PUSH_PINNED_CONTACT" = "%1$@|pinned a %2$@ contact";
 "PUSH_PINNED_GEO" = "%1$@|pinned a map";
 "PUSH_PINNED_GEOLIVE" = "%1$@|pinned a live location";
-"PUSH_PINNED_POLL" = "|%1$@|pinned a poll";
+"PUSH_PINNED_POLL" = "|%1$@|pinned a poll %2$@";
 "PUSH_PINNED_GAME" = "%1$@|pinned a game";
 "PUSH_PINNED_INVOICE" = "%1$@|pinned an invoice";
 "PUSH_PINNED_GIF" = "%1$@|pinned a GIF";
@ -212,6 +206,14 @@
 "PUSH_PHONE_CALL_REQUEST" = "%1$@|is calling you!";
 "PUSH_PHONE_CALL_MISSED" = "%1$@|You missed a call";

+"PUSH_MESSAGE_GAME_SCORE" = "%1$@ scored %3$@ in game %2$@";
+"PUSH_MESSAGE_VIDEOS" = "%1$@ sent you %2$@ videos";
+"PUSH_MESSAGE_CHANNEL_MESSAGE_GAME_SCORE" = "%1$@ scored %3$@ in game %2$@";
+"PUSH_CHANNEL_MESSAGE_VIDEOS" = "%1$@ posted %2$@ videos";
+"PUSH_PINNED_GAME_SCORE" = "%1$@ pinned a game score";
+"PUSH_CHAT_MESSAGE_GAME_SCORE" = "%1$@ scored %4$@ in game %3$@ in the group %2$@";
+"PUSH_CHAT_MESSAGE_VIDEOS" = "%1$@ sent %3$@ videos to the group %2$@";
+
 "LOCAL_MESSAGE_FWDS" = "%1$@ forwarded you %2$d messages";
 "LOCAL_CHANNEL_MESSAGE_FWDS" = "%1$@ posted %2$d forwarded messages";
 "LOCAL_CHAT_MESSAGE_FWDS" = "%1$@ forwarded %2$d messages";
--- a/Widget/TodayViewController.swift
+++ b/Widget/TodayViewController.swift
@ -57,7 +57,8 @@ class TodayViewController: UIViewController, NCWidgetProviding {
        let apiId: Int32 = BuildConfig.shared().apiId
        let languagesCategory = "ios"
        
-        let appGroupName = "group.\(appBundleIdentifier[..<lastDotRange.lowerBound])"
+        let baseAppBundleId = String(appBundleIdentifier[..<lastDotRange.lowerBound])
+        let appGroupName = "group.\(baseAppBundleId)"
        let maybeAppGroupUrl = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupName)
        
        guard let appGroupUrl = maybeAppGroupUrl else {
@ -79,7 +80,7 @@ class TodayViewController: UIViewController, NCWidgetProviding {
        initializeAccountManagement()
        let accountManager = AccountManager(basePath: rootPath + "/accounts-metadata")
        
-        let deviceSpecificEncryptionParameters = BuildConfig.deviceSpecificEncryptionParameters(rootPath)
+        let deviceSpecificEncryptionParameters = BuildConfig.deviceSpecificEncryptionParameters(rootPath, baseAppBundleId: baseAppBundleId)
        let encryptionParameters = ValueBoxEncryptionParameters(key: ValueBoxEncryptionParameters.Key(data: deviceSpecificEncryptionParameters.key)!, salt: ValueBoxEncryptionParameters.Salt(data: deviceSpecificEncryptionParameters.salt)!)
        
        account = currentAccount(allocateIfNotExists: false, networkArguments: NetworkInitializationArguments(apiId: apiId, languagesCategory: languagesCategory, appVersion: appVersion, voipMaxLayer: 0, appData: BuildConfig.shared().bundleData), supplementary: true, manager: accountManager, rootPath: rootPath, auxiliaryMethods: auxiliaryMethods, encryptionParameters: encryptionParameters)
--- a/submodules/Display
+++ b/submodules/Display
@ -1 +1 @@
-Subproject commit 0d65c31ae1f3510cdeb11cd73afa7e691634c172
+Subproject commit c1b0117bf5990c15c8a9af46ecdeced84a454f57
--- a/submodules/Postbox
+++ b/submodules/Postbox
@ -1 +1 @@
-Subproject commit e022078b4644e98b1a891541d47b1c09bdc0c55d
+Subproject commit eb594e3e901bed366123daa60464fe285f97572a
--- a/submodules/TelegramCore
+++ b/submodules/TelegramCore
@ -1 +1 @@
-Subproject commit 55d4dcbd869446eba57daf3e738cb9229b40a4e9
+Subproject commit 624f916b0a990e635b8076acbf92014798c4249a
--- a/submodules/TelegramUI
+++ b/submodules/TelegramUI
@ -1 +1 @@
-Subproject commit 19431267a3baa00c722d2914a792c9062cf05421
+Subproject commit 9630e0ea8004ad448ff616e250055b7f2bd8e73a