Nice! But why don't you just send an empty payload and clients do processing locally? Your approach still seems to tie the receiver pubkey to the apple ID against apple servers.