diff --git a/keyserver/src/push/rescind.js b/keyserver/src/push/rescind.js
index 786c59a9c..8860b1966 100644
--- a/keyserver/src/push/rescind.js
+++ b/keyserver/src/push/rescind.js
@@ -1,219 +1,225 @@
 // @flow
 
 import apn from '@parse/node-apn';
 import invariant from 'invariant';
 
 import { threadSubscriptions } from 'lib/types/subscription-types.js';
 import { threadPermissions } from 'lib/types/thread-permission-types.js';
 import { promiseAll } from 'lib/utils/promises.js';
 
 import { getAPNsNotificationTopic } from './providers.js';
 import { apnPush, fcmPush } from './utils.js';
 import createIDs from '../creators/id-creator.js';
 import { dbQuery, SQL } from '../database/database.js';
 import type { SQLStatementType } from '../database/types.js';
 
 async function rescindPushNotifs(
   notifCondition: SQLStatementType,
   inputCountCondition?: SQLStatementType,
 ) {
   const notificationExtractString = `$.${threadSubscriptions.home}`;
   const visPermissionExtractString = `$.${threadPermissions.VISIBLE}.value`;
   const fetchQuery = SQL`
     SELECT n.id, n.user, n.thread, n.message, n.delivery, n.collapse_key, COUNT(
   `;
   fetchQuery.append(inputCountCondition ? inputCountCondition : SQL`m.thread`);
   fetchQuery.append(SQL`
       ) AS unread_count
     FROM notifications n
     LEFT JOIN memberships m ON m.user = n.user 
       AND m.last_message > m.last_read_message 
       AND m.role > 0 
       AND JSON_EXTRACT(subscription, ${notificationExtractString})
       AND JSON_EXTRACT(permissions, ${visPermissionExtractString})
     WHERE n.rescinded = 0 AND
   `);
   fetchQuery.append(notifCondition);
   fetchQuery.append(SQL` GROUP BY n.id, m.user`);
   const [fetchResult] = await dbQuery(fetchQuery);
 
   const deliveryPromises = {};
   const notifInfo = {};
   const rescindedIDs = [];
   for (const row of fetchResult) {
     const rawDelivery = JSON.parse(row.delivery);
     const deliveries = Array.isArray(rawDelivery) ? rawDelivery : [rawDelivery];
     const id = row.id.toString();
     const threadID = row.thread.toString();
     notifInfo[id] = {
       userID: row.user.toString(),
       threadID,
       messageID: row.message.toString(),
     };
     for (const delivery of deliveries) {
       if (delivery.iosID && delivery.iosDeviceTokens) {
         // Old iOS
         const notification = prepareIOSNotification(
           delivery.iosID,
           row.unread_count,
           threadID,
         );
         const targetedNotifications = delivery.iosDeviceTokens.map(
           deviceToken => ({ deviceToken, notification }),
         );
         deliveryPromises[id] = apnPush({
           targetedNotifications,
           platformDetails: { platform: 'ios' },
         });
       } else if (delivery.androidID) {
         // Old Android
         const notification = prepareAndroidNotification(
           row.collapse_key ? row.collapse_key : id,
           row.unread_count,
           threadID,
         );
         deliveryPromises[id] = fcmPush({
-          notification,
-          deviceTokens: delivery.androidDeviceTokens,
+          targetedNotifications: delivery.androidDeviceTokens.map(
+            deviceToken => ({
+              deviceToken,
+              notification,
+            }),
+          ),
           codeVersion: null,
         });
       } else if (delivery.deviceType === 'ios') {
         // New iOS
         const { iosID, deviceTokens, codeVersion } = delivery;
         const notification = prepareIOSNotification(
           iosID,
           row.unread_count,
           threadID,
           codeVersion,
         );
         const targetedNotifications = deviceTokens.map(deviceToken => ({
           deviceToken,
           notification,
         }));
         deliveryPromises[id] = apnPush({
           targetedNotifications,
           platformDetails: { platform: 'ios', codeVersion },
         });
       } else if (delivery.deviceType === 'android') {
         // New Android
         const { deviceTokens, codeVersion } = delivery;
         const notification = prepareAndroidNotification(
           row.collapse_key ? row.collapse_key : id,
           row.unread_count,
           threadID,
         );
         deliveryPromises[id] = fcmPush({
-          notification,
-          deviceTokens,
+          targetedNotifications: deviceTokens.map(deviceToken => ({
+            deviceToken,
+            notification,
+          })),
           codeVersion,
         });
       }
     }
     rescindedIDs.push(row.id);
   }
 
   const numRescinds = Object.keys(deliveryPromises).length;
   const promises = [promiseAll(deliveryPromises)];
   if (numRescinds > 0) {
     promises.push(createIDs('notifications', numRescinds));
   }
   if (rescindedIDs.length > 0) {
     const rescindQuery = SQL`
       UPDATE notifications SET rescinded = 1 WHERE id IN (${rescindedIDs})
     `;
     promises.push(dbQuery(rescindQuery));
   }
 
   const [deliveryResults, dbIDs] = await Promise.all(promises);
   const newNotifRows = [];
   if (numRescinds > 0) {
     invariant(dbIDs, 'dbIDs should be set');
     for (const rescindedID in deliveryResults) {
       const delivery = {};
       delivery.source = 'rescind';
       delivery.rescindedID = rescindedID;
       const { errors } = deliveryResults[rescindedID];
       if (errors) {
         delivery.errors = errors;
       }
       const dbID = dbIDs.shift();
       const { userID, threadID, messageID } = notifInfo[rescindedID];
       newNotifRows.push([
         dbID,
         userID,
         threadID,
         messageID,
         null,
         JSON.stringify([delivery]),
         1,
       ]);
     }
   }
   if (newNotifRows.length > 0) {
     const insertQuery = SQL`
       INSERT INTO notifications
         (id, user, thread, message, collapse_key, delivery, rescinded)
       VALUES ${newNotifRows}
     `;
     await dbQuery(insertQuery);
   }
 }
 
 function prepareIOSNotification(
   iosID: string,
   unreadCount: number,
   threadID: string,
   codeVersion: ?number,
 ): apn.Notification {
   const notification = new apn.Notification();
   notification.topic = getAPNsNotificationTopic({
     platform: 'ios',
     codeVersion: codeVersion ?? undefined,
   });
 
   // It was agreed to temporarily make even releases staff-only. This way
   // we will be able to prevent shipping NSE functionality to public iOS
   // users until it is thoroughly tested among staff members.
   if (codeVersion && codeVersion > 198 && codeVersion % 2 === 0) {
     notification.mutableContent = true;
     notification.pushType = 'alert';
     notification.badge = unreadCount;
   } else {
     notification.priority = 5;
     notification.contentAvailable = true;
     notification.pushType = 'background';
   }
   notification.payload =
     codeVersion && codeVersion > 135
       ? {
           backgroundNotifType: 'CLEAR',
           notificationId: iosID,
           setUnreadStatus: true,
           threadID,
         }
       : {
           managedAps: {
             action: 'CLEAR',
             notificationId: iosID,
           },
         };
   return notification;
 }
 
 function prepareAndroidNotification(
   notifID: string,
   unreadCount: number,
   threadID: string,
 ): Object {
   return {
     data: {
       badge: unreadCount.toString(),
       rescind: 'true',
       rescindID: notifID,
       setUnreadStatus: 'true',
       threadID,
     },
   };
 }
 
 export { rescindPushNotifs };
diff --git a/keyserver/src/push/send.js b/keyserver/src/push/send.js
index 42fe3b7aa..e9d2e6fbb 100644
--- a/keyserver/src/push/send.js
+++ b/keyserver/src/push/send.js
@@ -1,1278 +1,1333 @@
 // @flow
 
 import apn from '@parse/node-apn';
 import type { ResponseFailure } from '@parse/node-apn';
 import invariant from 'invariant';
 import _cloneDeep from 'lodash/fp/cloneDeep.js';
 import _flow from 'lodash/fp/flow.js';
 import _mapValues from 'lodash/fp/mapValues.js';
 import _pickBy from 'lodash/fp/pickBy.js';
 import t from 'tcomb';
 import uuidv4 from 'uuid/v4.js';
 
 import { oldValidUsernameRegex } from 'lib/shared/account-utils.js';
 import { isMentioned } from 'lib/shared/mention-utils.js';
 import {
   createMessageInfo,
   sortMessageInfoList,
   shimUnsupportedRawMessageInfos,
 } from 'lib/shared/message-utils.js';
 import { messageSpecs } from 'lib/shared/messages/message-specs.js';
 import { notifTextsForMessageInfo } from 'lib/shared/notif-utils.js';
 import {
   rawThreadInfoFromServerThreadInfo,
   threadInfoFromRawThreadInfo,
 } from 'lib/shared/thread-utils.js';
 import type { Platform, PlatformDetails } from 'lib/types/device-types.js';
 import { messageTypes } from 'lib/types/message-types-enum.js';
 import {
   type RawMessageInfo,
   type MessageData,
 } from 'lib/types/message-types.js';
 import { rawMessageInfoValidator } from 'lib/types/message-types.js';
 import type {
   WebNotification,
   WNSNotification,
   ResolvedNotifTexts,
 } from 'lib/types/notif-types.js';
 import { resolvedNotifTextsValidator } from 'lib/types/notif-types.js';
 import type { ServerThreadInfo } from 'lib/types/thread-types.js';
 import { updateTypes } from 'lib/types/update-types-enum.js';
 import { promiseAll } from 'lib/utils/promises.js';
 import { tID, tPlatformDetails, tShape } from 'lib/utils/validation-utils.js';
 
-import { prepareEncryptedIOSNotifications } from './crypto.js';
+import {
+  prepareEncryptedIOSNotifications,
+  prepareEncryptedAndroidNotifications,
+} from './crypto.js';
 import { getAPNsNotificationTopic } from './providers.js';
 import { rescindPushNotifs } from './rescind.js';
-import type { TargetedAPNsNotification } from './types.js';
+import type {
+  TargetedAPNsNotification,
+  TargetedAndroidNotification,
+} from './types.js';
 import {
   apnPush,
   fcmPush,
   getUnreadCounts,
   apnMaxNotificationPayloadByteSize,
   fcmMaxNotificationPayloadByteSize,
   wnsMaxNotificationPayloadByteSize,
   webPush,
   wnsPush,
   type WebPushError,
   type WNSPushError,
 } from './utils.js';
 import createIDs from '../creators/id-creator.js';
 import { createUpdates } from '../creators/update-creator.js';
 import { dbQuery, SQL, mergeOrConditions } from '../database/database.js';
 import type { CollapsableNotifInfo } from '../fetchers/message-fetchers.js';
 import { fetchCollapsableNotifs } from '../fetchers/message-fetchers.js';
 import { fetchServerThreadInfos } from '../fetchers/thread-fetchers.js';
 import { fetchUserInfos } from '../fetchers/user-fetchers.js';
 import type { Viewer } from '../session/viewer.js';
 import { getENSNames } from '../utils/ens-cache.js';
 import { validateOutput } from '../utils/validation-utils.js';
 
 type Device = {
   +platform: Platform,
   +deviceToken: string,
   +cookieID: string,
   +codeVersion: ?number,
 };
 type NotificationTargetDevice = {
   +cookieID: string,
   +deviceToken: string,
 };
 type PushUserInfo = {
   +devices: Device[],
   // messageInfos and messageDatas have the same key
   +messageInfos: RawMessageInfo[],
   +messageDatas: MessageData[],
 };
 type Delivery = PushDelivery | { collapsedInto: string };
 type NotificationRow = {
   +dbID: string,
   +userID: string,
   +threadID?: ?string,
   +messageID?: ?string,
   +collapseKey?: ?string,
   +deliveries: Delivery[],
 };
 export type PushInfo = { [userID: string]: PushUserInfo };
 
 async function sendPushNotifs(pushInfo: PushInfo) {
   if (Object.keys(pushInfo).length === 0) {
     return;
   }
 
   const [
     unreadCounts,
     { usersToCollapsableNotifInfo, serverThreadInfos, userInfos },
     dbIDs,
   ] = await Promise.all([
     getUnreadCounts(Object.keys(pushInfo)),
     fetchInfos(pushInfo),
     createDBIDs(pushInfo),
   ]);
 
   const deliveryPromises = [];
   const notifications: Map<string, NotificationRow> = new Map();
   for (const userID in usersToCollapsableNotifInfo) {
     const threadInfos = _flow(
       _mapValues((serverThreadInfo: ServerThreadInfo) => {
         const rawThreadInfo = rawThreadInfoFromServerThreadInfo(
           serverThreadInfo,
           userID,
         );
         if (!rawThreadInfo) {
           return null;
         }
         return threadInfoFromRawThreadInfo(rawThreadInfo, userID, userInfos);
       }),
       _pickBy(threadInfo => threadInfo),
     )(serverThreadInfos);
     for (const notifInfo of usersToCollapsableNotifInfo[userID]) {
       const hydrateMessageInfo = (rawMessageInfo: RawMessageInfo) =>
         createMessageInfo(rawMessageInfo, userID, userInfos, threadInfos);
       const newMessageInfos = [];
       const newRawMessageInfos = [];
       for (const newRawMessageInfo of notifInfo.newMessageInfos) {
         const newMessageInfo = hydrateMessageInfo(newRawMessageInfo);
         if (newMessageInfo) {
           newMessageInfos.push(newMessageInfo);
           newRawMessageInfos.push(newRawMessageInfo);
         }
       }
       if (newMessageInfos.length === 0) {
         continue;
       }
       const existingMessageInfos = notifInfo.existingMessageInfos
         .map(hydrateMessageInfo)
         .filter(Boolean);
       const allMessageInfos = sortMessageInfoList([
         ...newMessageInfos,
         ...existingMessageInfos,
       ]);
       const [firstNewMessageInfo, ...remainingNewMessageInfos] =
         newMessageInfos;
       const { threadID } = firstNewMessageInfo;
 
       const threadInfo = threadInfos[threadID];
       const updateBadge = threadInfo.currentUser.subscription.home;
       const displayBanner = threadInfo.currentUser.subscription.pushNotifs;
       const username = userInfos[userID] && userInfos[userID].username;
       const userWasMentioned =
         username &&
         threadInfo.currentUser.role &&
         oldValidUsernameRegex.test(username) &&
         newMessageInfos.some(newMessageInfo => {
           const unwrappedMessageInfo =
             newMessageInfo.type === messageTypes.SIDEBAR_SOURCE
               ? newMessageInfo.sourceMessage
               : newMessageInfo;
           return (
             unwrappedMessageInfo.type === messageTypes.TEXT &&
             isMentioned(username, unwrappedMessageInfo.text)
           );
         });
       if (!updateBadge && !displayBanner && !userWasMentioned) {
         continue;
       }
       const badgeOnly = !displayBanner && !userWasMentioned;
 
       const notifTargetUserInfo = { id: userID, username };
       const notifTexts = await notifTextsForMessageInfo(
         allMessageInfos,
         threadInfo,
         notifTargetUserInfo,
         getENSNames,
       );
       if (!notifTexts) {
         continue;
       }
 
       const dbID = dbIDs.shift();
       invariant(dbID, 'should have sufficient DB IDs');
       const byPlatform = getDevicesByPlatform(pushInfo[userID].devices);
       const firstMessageID = firstNewMessageInfo.id;
       invariant(firstMessageID, 'RawMessageInfo.id should be set on server');
       const notificationInfo = {
         source: 'new_message',
         dbID,
         userID,
         threadID,
         messageID: firstMessageID,
         collapseKey: notifInfo.collapseKey,
       };
 
       const iosVersionsToTokens = byPlatform.get('ios');
       if (iosVersionsToTokens) {
         for (const [codeVersion, devices] of iosVersionsToTokens) {
           const platformDetails = { platform: 'ios', codeVersion };
           const shimmedNewRawMessageInfos = shimUnsupportedRawMessageInfos(
             newRawMessageInfos,
             platformDetails,
           );
           const deliveryPromise = (async () => {
             const targetedNotifications = await prepareAPNsNotification(
               {
                 notifTexts,
                 newRawMessageInfos: shimmedNewRawMessageInfos,
                 threadID: threadInfo.id,
                 collapseKey: notifInfo.collapseKey,
                 badgeOnly,
                 unreadCount: unreadCounts[userID],
                 platformDetails,
               },
               devices,
             );
             return await sendAPNsNotification('ios', targetedNotifications, {
               ...notificationInfo,
               codeVersion,
             });
           })();
           deliveryPromises.push(deliveryPromise);
         }
       }
       const androidVersionsToTokens = byPlatform.get('android');
       if (androidVersionsToTokens) {
         for (const [codeVersion, devices] of androidVersionsToTokens) {
           const platformDetails = { platform: 'android', codeVersion };
           const shimmedNewRawMessageInfos = shimUnsupportedRawMessageInfos(
             newRawMessageInfos,
             platformDetails,
           );
           const deliveryPromise = (async () => {
-            const notification = await prepareAndroidNotification({
-              notifTexts,
-              newRawMessageInfos: shimmedNewRawMessageInfos,
-              threadID: threadInfo.id,
-              collapseKey: notifInfo.collapseKey,
-              badgeOnly,
-              unreadCount: unreadCounts[userID],
-              platformDetails,
-              dbID,
-            });
-            const deviceTokens = devices.map(({ deviceToken }) => deviceToken);
-            return await sendAndroidNotification(notification, deviceTokens, {
+            const targetedNotifications = await prepareAndroidNotification(
+              {
+                notifTexts,
+                newRawMessageInfos: shimmedNewRawMessageInfos,
+                threadID: threadInfo.id,
+                collapseKey: notifInfo.collapseKey,
+                badgeOnly,
+                unreadCount: unreadCounts[userID],
+                platformDetails,
+                dbID,
+              },
+              devices,
+            );
+            return await sendAndroidNotification(targetedNotifications, {
               ...notificationInfo,
               codeVersion,
             });
           })();
           deliveryPromises.push(deliveryPromise);
         }
       }
       const webVersionsToTokens = byPlatform.get('web');
       if (webVersionsToTokens) {
         for (const [codeVersion, devices] of webVersionsToTokens) {
           const platformDetails = { platform: 'web', codeVersion };
           const deliveryPromise = (async () => {
             const notification = await prepareWebNotification({
               notifTexts,
               threadID: threadInfo.id,
               unreadCount: unreadCounts[userID],
               platformDetails,
             });
             const deviceTokens = devices.map(({ deviceToken }) => deviceToken);
             return await sendWebNotification(notification, deviceTokens, {
               ...notificationInfo,
               codeVersion,
             });
           })();
           deliveryPromises.push(deliveryPromise);
         }
       }
       const macosVersionsToTokens = byPlatform.get('macos');
       if (macosVersionsToTokens) {
         for (const [codeVersion, devices] of macosVersionsToTokens) {
           const platformDetails = { platform: 'macos', codeVersion };
           const shimmedNewRawMessageInfos = shimUnsupportedRawMessageInfos(
             newRawMessageInfos,
             platformDetails,
           );
           const deliveryPromise = (async () => {
             const targetedNotifications = await prepareAPNsNotification(
               {
                 notifTexts,
                 newRawMessageInfos: shimmedNewRawMessageInfos,
                 threadID: threadInfo.id,
                 collapseKey: notifInfo.collapseKey,
                 badgeOnly,
                 unreadCount: unreadCounts[userID],
                 platformDetails,
               },
               devices,
             );
             return await sendAPNsNotification('macos', targetedNotifications, {
               ...notificationInfo,
               codeVersion,
             });
           })();
           deliveryPromises.push(deliveryPromise);
         }
       }
       const windowsVersionsToTokens = byPlatform.get('windows');
       if (windowsVersionsToTokens) {
         for (const [codeVersion, devices] of windowsVersionsToTokens) {
           const platformDetails = { platform: 'windows', codeVersion };
           const deliveryPromise = (async () => {
             const notification = await prepareWNSNotification({
               notifTexts,
               threadID: threadInfo.id,
               unreadCount: unreadCounts[userID],
               platformDetails,
             });
             const deviceTokens = devices.map(({ deviceToken }) => deviceToken);
             return await sendWNSNotification(notification, deviceTokens, {
               ...notificationInfo,
               codeVersion,
             });
           })();
           deliveryPromises.push(deliveryPromise);
         }
       }
 
       for (const newMessageInfo of remainingNewMessageInfos) {
         const newDBID = dbIDs.shift();
         invariant(newDBID, 'should have sufficient DB IDs');
         const messageID = newMessageInfo.id;
         invariant(messageID, 'RawMessageInfo.id should be set on server');
         notifications.set(newDBID, {
           dbID: newDBID,
           userID,
           threadID: newMessageInfo.threadID,
           messageID,
           collapseKey: notifInfo.collapseKey,
           deliveries: [{ collapsedInto: dbID }],
         });
       }
     }
   }
 
   const cleanUpPromises = [];
   if (dbIDs.length > 0) {
     const query = SQL`DELETE FROM ids WHERE id IN (${dbIDs})`;
     cleanUpPromises.push(dbQuery(query));
   }
   const [deliveryResults] = await Promise.all([
     Promise.all(deliveryPromises),
     Promise.all(cleanUpPromises),
   ]);
 
   await saveNotifResults(deliveryResults, notifications, true);
 }
 
 async function sendRescindNotifs(rescindInfo: PushInfo) {
   if (Object.keys(rescindInfo).length === 0) {
     return;
   }
 
   const usersToCollapsableNotifInfo = await fetchCollapsableNotifs(rescindInfo);
 
   const promises = [];
   for (const userID in usersToCollapsableNotifInfo) {
     for (const notifInfo of usersToCollapsableNotifInfo[userID]) {
       for (const existingMessageInfo of notifInfo.existingMessageInfos) {
         const rescindCondition = SQL`
           n.user = ${userID} AND
           n.thread = ${existingMessageInfo.threadID} AND
           n.message = ${existingMessageInfo.id}
         `;
 
         promises.push(rescindPushNotifs(rescindCondition));
       }
     }
   }
 
   await Promise.all(promises);
 }
 
 // The results in deliveryResults will be combined with the rows
 // in rowsToSave and then written to the notifications table
 async function saveNotifResults(
   deliveryResults: $ReadOnlyArray<PushResult>,
   inputRowsToSave: Map<string, NotificationRow>,
   rescindable: boolean,
 ) {
   const rowsToSave = new Map(inputRowsToSave);
 
   const allInvalidTokens = [];
   for (const deliveryResult of deliveryResults) {
     const { info, delivery, invalidTokens } = deliveryResult;
     const { dbID, userID } = info;
     const curNotifRow = rowsToSave.get(dbID);
     if (curNotifRow) {
       curNotifRow.deliveries.push(delivery);
     } else {
       // Ternary expressions for Flow
       const threadID = info.threadID ? info.threadID : null;
       const messageID = info.messageID ? info.messageID : null;
       const collapseKey = info.collapseKey ? info.collapseKey : null;
       rowsToSave.set(dbID, {
         dbID,
         userID,
         threadID,
         messageID,
         collapseKey,
         deliveries: [delivery],
       });
     }
     if (invalidTokens) {
       allInvalidTokens.push({
         userID,
         tokens: invalidTokens,
       });
     }
   }
 
   const notificationRows = [];
   for (const notification of rowsToSave.values()) {
     notificationRows.push([
       notification.dbID,
       notification.userID,
       notification.threadID,
       notification.messageID,
       notification.collapseKey,
       JSON.stringify(notification.deliveries),
       Number(!rescindable),
     ]);
   }
 
   const dbPromises = [];
   if (allInvalidTokens.length > 0) {
     dbPromises.push(removeInvalidTokens(allInvalidTokens));
   }
   if (notificationRows.length > 0) {
     const query = SQL`
       INSERT INTO notifications
         (id, user, thread, message, collapse_key, delivery, rescinded)
       VALUES ${notificationRows}
     `;
     dbPromises.push(dbQuery(query));
   }
   if (dbPromises.length > 0) {
     await Promise.all(dbPromises);
   }
 }
 
 async function fetchInfos(pushInfo: PushInfo) {
   const usersToCollapsableNotifInfo = await fetchCollapsableNotifs(pushInfo);
 
   const threadIDs = new Set();
   const threadWithChangedNamesToMessages = new Map();
   const addThreadIDsFromMessageInfos = (rawMessageInfo: RawMessageInfo) => {
     const threadID = rawMessageInfo.threadID;
     threadIDs.add(threadID);
     const messageSpec = messageSpecs[rawMessageInfo.type];
     if (messageSpec.threadIDs) {
       for (const id of messageSpec.threadIDs(rawMessageInfo)) {
         threadIDs.add(id);
       }
     }
     if (
       rawMessageInfo.type === messageTypes.CHANGE_SETTINGS &&
       rawMessageInfo.field === 'name'
     ) {
       const messages = threadWithChangedNamesToMessages.get(threadID);
       if (messages) {
         messages.push(rawMessageInfo.id);
       } else {
         threadWithChangedNamesToMessages.set(threadID, [rawMessageInfo.id]);
       }
     }
   };
   for (const userID in usersToCollapsableNotifInfo) {
     for (const notifInfo of usersToCollapsableNotifInfo[userID]) {
       for (const rawMessageInfo of notifInfo.existingMessageInfos) {
         addThreadIDsFromMessageInfos(rawMessageInfo);
       }
       for (const rawMessageInfo of notifInfo.newMessageInfos) {
         addThreadIDsFromMessageInfos(rawMessageInfo);
       }
     }
   }
 
   const promises = {};
   // These threadInfos won't have currentUser set
   promises.threadResult = fetchServerThreadInfos(
     SQL`t.id IN (${[...threadIDs]})`,
   );
   if (threadWithChangedNamesToMessages.size > 0) {
     const typesThatAffectName = [
       messageTypes.CHANGE_SETTINGS,
       messageTypes.CREATE_THREAD,
     ];
     const oldNameQuery = SQL`
       SELECT IF(
         JSON_TYPE(JSON_EXTRACT(m.content, "$.name")) = 'NULL',
         "",
         JSON_UNQUOTE(JSON_EXTRACT(m.content, "$.name"))
       ) AS name, m.thread
       FROM (
         SELECT MAX(id) AS id
         FROM messages
         WHERE type IN (${typesThatAffectName})
           AND JSON_EXTRACT(content, "$.name") IS NOT NULL
           AND`;
     const threadClauses = [];
     for (const [threadID, messages] of threadWithChangedNamesToMessages) {
       threadClauses.push(
         SQL`(thread = ${threadID} AND id NOT IN (${messages}))`,
       );
     }
     oldNameQuery.append(mergeOrConditions(threadClauses));
     oldNameQuery.append(SQL`
         GROUP BY thread
       ) x
       LEFT JOIN messages m ON m.id = x.id
     `);
     promises.oldNames = dbQuery(oldNameQuery);
   }
 
   const { threadResult, oldNames } = await promiseAll(promises);
   const serverThreadInfos = threadResult.threadInfos;
   if (oldNames) {
     const [result] = oldNames;
     for (const row of result) {
       const threadID = row.thread.toString();
       serverThreadInfos[threadID].name = row.name;
     }
   }
 
   const userInfos = await fetchNotifUserInfos(
     serverThreadInfos,
     usersToCollapsableNotifInfo,
   );
 
   return { usersToCollapsableNotifInfo, serverThreadInfos, userInfos };
 }
 
 async function fetchNotifUserInfos(
   serverThreadInfos: { +[threadID: string]: ServerThreadInfo },
   usersToCollapsableNotifInfo: { +[userID: string]: CollapsableNotifInfo[] },
 ) {
   const missingUserIDs = new Set();
 
   for (const threadID in serverThreadInfos) {
     const serverThreadInfo = serverThreadInfos[threadID];
     for (const member of serverThreadInfo.members) {
       missingUserIDs.add(member.id);
     }
   }
 
   const addUserIDsFromMessageInfos = (rawMessageInfo: RawMessageInfo) => {
     missingUserIDs.add(rawMessageInfo.creatorID);
     const userIDs =
       messageSpecs[rawMessageInfo.type].userIDs?.(rawMessageInfo) ?? [];
     for (const userID of userIDs) {
       missingUserIDs.add(userID);
     }
   };
 
   for (const userID in usersToCollapsableNotifInfo) {
     missingUserIDs.add(userID);
     for (const notifInfo of usersToCollapsableNotifInfo[userID]) {
       for (const rawMessageInfo of notifInfo.existingMessageInfos) {
         addUserIDsFromMessageInfos(rawMessageInfo);
       }
       for (const rawMessageInfo of notifInfo.newMessageInfos) {
         addUserIDsFromMessageInfos(rawMessageInfo);
       }
     }
   }
 
   return await fetchUserInfos([...missingUserIDs]);
 }
 
 async function createDBIDs(pushInfo: PushInfo): Promise<string[]> {
   let numIDsNeeded = 0;
   for (const userID in pushInfo) {
     numIDsNeeded += pushInfo[userID].messageInfos.length;
   }
   return await createIDs('notifications', numIDsNeeded);
 }
 
 function getDevicesByPlatform(
   devices: $ReadOnlyArray<Device>,
 ): Map<Platform, Map<number, Array<NotificationTargetDevice>>> {
   const byPlatform = new Map();
   for (const device of devices) {
     let innerMap = byPlatform.get(device.platform);
     if (!innerMap) {
       innerMap = new Map();
       byPlatform.set(device.platform, innerMap);
     }
     const codeVersion: number =
       device.codeVersion !== null &&
       device.codeVersion !== undefined &&
       device.platform !== 'windows' &&
       device.platform !== 'macos'
         ? device.codeVersion
         : -1;
     let innerMostArray = innerMap.get(codeVersion);
     if (!innerMostArray) {
       innerMostArray = [];
       innerMap.set(codeVersion, innerMostArray);
     }
 
     innerMostArray.push({
       cookieID: device.cookieID,
       deviceToken: device.deviceToken,
     });
   }
   return byPlatform;
 }
 
 type APNsNotifInputData = {
   +notifTexts: ResolvedNotifTexts,
   +newRawMessageInfos: RawMessageInfo[],
   +threadID: string,
   +collapseKey: ?string,
   +badgeOnly: boolean,
   +unreadCount: number,
   +platformDetails: PlatformDetails,
 };
 const apnsNotifInputDataValidator = tShape<APNsNotifInputData>({
   notifTexts: resolvedNotifTextsValidator,
   newRawMessageInfos: t.list(rawMessageInfoValidator),
   threadID: tID,
   collapseKey: t.maybe(t.String),
   badgeOnly: t.Boolean,
   unreadCount: t.Number,
   platformDetails: tPlatformDetails,
 });
 async function prepareAPNsNotification(
   inputData: APNsNotifInputData,
   devices: $ReadOnlyArray<NotificationTargetDevice>,
 ): Promise<$ReadOnlyArray<TargetedAPNsNotification>> {
   const convertedData = validateOutput(
     inputData.platformDetails,
     apnsNotifInputDataValidator,
     inputData,
   );
   const {
     notifTexts,
     newRawMessageInfos,
     threadID,
     collapseKey,
     badgeOnly,
     unreadCount,
     platformDetails,
   } = convertedData;
 
   const isTextNotification = newRawMessageInfos.every(
     newRawMessageInfo => newRawMessageInfo.type === messageTypes.TEXT,
   );
   const shouldBeEncrypted =
     platformDetails.platform === 'ios' && !collapseKey && isTextNotification;
 
   const uniqueID = uuidv4();
   const notification = new apn.Notification();
   notification.topic = getAPNsNotificationTopic(platformDetails);
 
   const { merged, ...rest } = notifTexts;
   // We don't include alert's body on macos because we
   // handle displaying the notification ourselves and
   // we don't want macOS to display it automatically.
   if (!badgeOnly && platformDetails.platform !== 'macos') {
     notification.body = merged;
     notification.sound = 'default';
   }
   notification.payload = {
     ...notification.payload,
     ...rest,
   };
 
   notification.badge = unreadCount;
   notification.threadId = threadID;
   notification.id = uniqueID;
   notification.pushType = 'alert';
   notification.payload.id = uniqueID;
   notification.payload.threadID = threadID;
 
   if (platformDetails.codeVersion && platformDetails.codeVersion > 198) {
     notification.mutableContent = true;
   }
   if (collapseKey) {
     notification.collapseId = collapseKey;
   }
   const messageInfos = JSON.stringify(newRawMessageInfos);
   // We make a copy before checking notification's length, because calling
   // length compiles the notification and makes it immutable. Further
   // changes to its properties won't be reflected in the final plaintext
   // data that is sent.
   const copyWithMessageInfos = _cloneDeep(notification);
   copyWithMessageInfos.payload = {
     ...copyWithMessageInfos.payload,
     messageInfos,
   };
 
   const evaluateAndSelectNotifPayload = (notif, notifWithMessageInfos) => {
     const notifWithMessageInfosCopy = _cloneDeep(notifWithMessageInfos);
     if (
       notifWithMessageInfosCopy.length() <= apnMaxNotificationPayloadByteSize
     ) {
       return notifWithMessageInfos;
     }
     const notifCopy = _cloneDeep(notif);
     if (notifCopy.length() > apnMaxNotificationPayloadByteSize) {
       console.warn(
         `${platformDetails.platform} notification ${uniqueID} ` +
           `exceeds size limit, even with messageInfos omitted`,
       );
     }
     return notif;
   };
 
   const deviceTokens = devices.map(({ deviceToken }) => deviceToken);
   if (
     shouldBeEncrypted &&
     platformDetails.codeVersion &&
     platformDetails.codeVersion > 222
   ) {
     const cookieIDs = devices.map(({ cookieID }) => cookieID);
     const [notifications, notificationsWithMessageInfos] = await Promise.all([
       prepareEncryptedIOSNotifications(cookieIDs, notification),
       prepareEncryptedIOSNotifications(cookieIDs, copyWithMessageInfos),
     ]);
     return notificationsWithMessageInfos.map((notif, idx) => ({
       notification: evaluateAndSelectNotifPayload(notifications[idx], notif),
       deviceToken: deviceTokens[idx],
     }));
   }
   const notificationToSend = evaluateAndSelectNotifPayload(
     notification,
     copyWithMessageInfos,
   );
   return deviceTokens.map(deviceToken => ({
     notification: notificationToSend,
     deviceToken,
   }));
 }
 
 type AndroidNotifInputData = {
   ...APNsNotifInputData,
   +dbID: string,
 };
 const androidNotifInputDataValidator = tShape<AndroidNotifInputData>({
   ...apnsNotifInputDataValidator.meta.props,
   dbID: t.String,
 });
 async function prepareAndroidNotification(
   inputData: AndroidNotifInputData,
-): Promise<Object> {
+  devices: $ReadOnlyArray<NotificationTargetDevice>,
+): Promise<$ReadOnlyArray<TargetedAndroidNotification>> {
   const convertedData = validateOutput(
     inputData.platformDetails,
     androidNotifInputDataValidator,
     inputData,
   );
   const {
     notifTexts,
     newRawMessageInfos,
     threadID,
     collapseKey,
     badgeOnly,
     unreadCount,
     platformDetails: { codeVersion },
     dbID,
   } = convertedData;
 
+  const isTextNotification = newRawMessageInfos.every(
+    newRawMessageInfo => newRawMessageInfo.type === messageTypes.TEXT,
+  );
+
+  const shouldBeEncrypted =
+    isTextNotification && !collapseKey && codeVersion && codeVersion > 222;
+
   const notifID = collapseKey ? collapseKey : dbID;
   const { merged, ...rest } = notifTexts;
   const notification = {
     data: {
       badge: unreadCount.toString(),
       ...rest,
       threadID,
     },
   };
 
   // The reason we only include `badgeOnly` for newer clients is because older
   // clients don't know how to parse it. The reason we only include `id` for
   // newer clients is that if the older clients see that field, they assume
   // the notif has a full payload, and then crash when trying to parse it.
   // By skipping `id` we allow old clients to still handle in-app notifs and
   // badge updating.
   if (!badgeOnly || (codeVersion && codeVersion >= 69)) {
     notification.data = {
       ...notification.data,
       id: notifID,
       badgeOnly: badgeOnly ? '1' : '0',
     };
   }
 
   const messageInfos = JSON.stringify(newRawMessageInfos);
   const copyWithMessageInfos = {
     ...notification,
     data: { ...notification.data, messageInfos },
   };
 
-  if (
-    Buffer.byteLength(JSON.stringify(copyWithMessageInfos)) <=
-    fcmMaxNotificationPayloadByteSize
-  ) {
-    return copyWithMessageInfos;
-  }
+  const evaluateAndSelectNotification = (notif, notifWithMessageInfos) => {
+    if (
+      Buffer.byteLength(JSON.stringify(notifWithMessageInfos)) <=
+      fcmMaxNotificationPayloadByteSize
+    ) {
+      return notifWithMessageInfos;
+    }
+    if (
+      Buffer.byteLength(JSON.stringify(notif)) >
+      fcmMaxNotificationPayloadByteSize
+    ) {
+      console.warn(
+        `Android notification ${notifID} exceeds size limit, even with messageInfos omitted`,
+      );
+    }
+    return notif;
+  };
 
-  if (
-    Buffer.byteLength(JSON.stringify(notification)) >
-    fcmMaxNotificationPayloadByteSize
-  ) {
-    console.warn(
-      `Android notification ${notifID} exceeds size limit, even with messageInfos omitted`,
-    );
+  const deviceTokens = devices.map(({ deviceToken }) => deviceToken);
+  if (shouldBeEncrypted) {
+    const cookieIDs = devices.map(({ cookieID }) => cookieID);
+    const [notifications, notificationsWithMessageInfos] = await Promise.all([
+      prepareEncryptedAndroidNotifications(cookieIDs, notification),
+      prepareEncryptedAndroidNotifications(cookieIDs, copyWithMessageInfos),
+    ]);
+    return notificationsWithMessageInfos.map((notif, idx) => ({
+      notification: evaluateAndSelectNotification(notifications[idx], notif),
+      deviceToken: deviceTokens[idx],
+    }));
   }
-  return notification;
+  const notificationToSend = evaluateAndSelectNotification(
+    notification,
+    copyWithMessageInfos,
+  );
+  return deviceTokens.map(deviceToken => ({
+    notification: notificationToSend,
+    deviceToken,
+  }));
 }
 
 type WebNotifInputData = {
   +notifTexts: ResolvedNotifTexts,
   +threadID: string,
   +unreadCount: number,
   +platformDetails: PlatformDetails,
 };
 const webNotifInputDataValidator = tShape<WebNotifInputData>({
   notifTexts: resolvedNotifTextsValidator,
   threadID: tID,
   unreadCount: t.Number,
   platformDetails: tPlatformDetails,
 });
 async function prepareWebNotification(
   inputData: WebNotifInputData,
 ): Promise<WebNotification> {
   const convertedData = validateOutput(
     inputData.platformDetails,
     webNotifInputDataValidator,
     inputData,
   );
   const { notifTexts, threadID, unreadCount } = convertedData;
   const id = uuidv4();
   const { merged, ...rest } = notifTexts;
   const notification = {
     ...rest,
     unreadCount,
     id,
     threadID,
   };
   return notification;
 }
 
 type WNSNotifInputData = {
   +notifTexts: ResolvedNotifTexts,
   +threadID: string,
   +unreadCount: number,
   +platformDetails: PlatformDetails,
 };
 const wnsNotifInputDataValidator = tShape<WNSNotifInputData>({
   notifTexts: resolvedNotifTextsValidator,
   threadID: tID,
   unreadCount: t.Number,
   platformDetails: tPlatformDetails,
 });
 async function prepareWNSNotification(
   inputData: WNSNotifInputData,
 ): Promise<WNSNotification> {
   const convertedData = validateOutput(
     inputData.platformDetails,
     wnsNotifInputDataValidator,
     inputData,
   );
   const { notifTexts, threadID, unreadCount } = convertedData;
   const { merged, ...rest } = notifTexts;
   const notification = {
     ...rest,
     unreadCount,
     threadID,
   };
 
   if (
     Buffer.byteLength(JSON.stringify(notification)) >
     wnsMaxNotificationPayloadByteSize
   ) {
     console.warn('WNS notification exceeds size limit');
   }
   return notification;
 }
 
 type NotificationInfo =
   | {
       +source: 'new_message',
       +dbID: string,
       +userID: string,
       +threadID: string,
       +messageID: string,
       +collapseKey: ?string,
       +codeVersion: number,
     }
   | {
       +source: 'mark_as_unread' | 'mark_as_read' | 'activity_update',
       +dbID: string,
       +userID: string,
       +codeVersion: number,
     };
 
 type APNsDelivery = {
   source: $PropertyType<NotificationInfo, 'source'>,
   deviceType: 'ios' | 'macos',
   iosID: string,
   deviceTokens: $ReadOnlyArray<string>,
   codeVersion: number,
   errors?: $ReadOnlyArray<ResponseFailure>,
 };
 type APNsResult = {
   info: NotificationInfo,
   delivery: APNsDelivery,
   invalidTokens?: $ReadOnlyArray<string>,
 };
 async function sendAPNsNotification(
   platform: 'ios' | 'macos',
   targetedNotifications: $ReadOnlyArray<TargetedAPNsNotification>,
   notificationInfo: NotificationInfo,
 ): Promise<APNsResult> {
   const { source, codeVersion } = notificationInfo;
 
   const response = await apnPush({
     targetedNotifications,
     platformDetails: { platform, codeVersion },
   });
   invariant(
     new Set(targetedNotifications.map(({ notification }) => notification.id))
       .size === 1,
     'Encrypted versions of the same notification must share id value',
   );
   const iosID = targetedNotifications[0].notification.id;
   const deviceTokens = targetedNotifications.map(
     ({ deviceToken }) => deviceToken,
   );
   const delivery: APNsDelivery = {
     source,
     deviceType: platform,
     iosID,
     deviceTokens,
     codeVersion,
   };
   if (response.errors) {
     delivery.errors = response.errors;
   }
   const result: APNsResult = {
     info: notificationInfo,
     delivery,
   };
   if (response.invalidTokens) {
     result.invalidTokens = response.invalidTokens;
   }
   return result;
 }
 
 type PushResult = AndroidResult | APNsResult | WebResult | WNSResult;
 type PushDelivery = AndroidDelivery | APNsDelivery | WebDelivery | WNSDelivery;
 type AndroidDelivery = {
   source: $PropertyType<NotificationInfo, 'source'>,
   deviceType: 'android',
   androidIDs: $ReadOnlyArray<string>,
   deviceTokens: $ReadOnlyArray<string>,
   codeVersion: number,
   errors?: $ReadOnlyArray<Object>,
 };
 type AndroidResult = {
   info: NotificationInfo,
   delivery: AndroidDelivery,
   invalidTokens?: $ReadOnlyArray<string>,
 };
 async function sendAndroidNotification(
-  notification: Object,
-  deviceTokens: $ReadOnlyArray<string>,
+  targetedNotifications: $ReadOnlyArray<TargetedAndroidNotification>,
   notificationInfo: NotificationInfo,
 ): Promise<AndroidResult> {
   const collapseKey = notificationInfo.collapseKey
     ? notificationInfo.collapseKey
     : null; // for Flow...
   const { source, codeVersion } = notificationInfo;
   const response = await fcmPush({
-    notification,
-    deviceTokens,
+    targetedNotifications,
     collapseKey,
     codeVersion,
   });
+  const deviceTokens = targetedNotifications.map(
+    ({ deviceToken }) => deviceToken,
+  );
   const androidIDs = response.fcmIDs ? response.fcmIDs : [];
   const delivery: AndroidDelivery = {
     source,
     deviceType: 'android',
     androidIDs,
     deviceTokens,
     codeVersion,
   };
   if (response.errors) {
     delivery.errors = response.errors;
   }
   const result: AndroidResult = {
     info: notificationInfo,
     delivery,
   };
   if (response.invalidTokens) {
     result.invalidTokens = response.invalidTokens;
   }
   return result;
 }
 
 type WebDelivery = {
   +source: $PropertyType<NotificationInfo, 'source'>,
   +deviceType: 'web',
   +deviceTokens: $ReadOnlyArray<string>,
   +codeVersion?: number,
   +errors?: $ReadOnlyArray<WebPushError>,
 };
 type WebResult = {
   +info: NotificationInfo,
   +delivery: WebDelivery,
   +invalidTokens?: $ReadOnlyArray<string>,
 };
 async function sendWebNotification(
   notification: WebNotification,
   deviceTokens: $ReadOnlyArray<string>,
   notificationInfo: NotificationInfo,
 ): Promise<WebResult> {
   const { source, codeVersion } = notificationInfo;
 
   const response = await webPush({
     notification,
     deviceTokens,
   });
 
   const delivery: WebDelivery = {
     source,
     deviceType: 'web',
     deviceTokens,
     codeVersion,
     errors: response.errors,
   };
   const result: WebResult = {
     info: notificationInfo,
     delivery,
     invalidTokens: response.invalidTokens,
   };
   return result;
 }
 
 type WNSDelivery = {
   +source: $PropertyType<NotificationInfo, 'source'>,
   +deviceType: 'windows',
   +wnsIDs: $ReadOnlyArray<string>,
   +deviceTokens: $ReadOnlyArray<string>,
   +codeVersion?: number,
   +errors?: $ReadOnlyArray<WNSPushError>,
 };
 type WNSResult = {
   +info: NotificationInfo,
   +delivery: WNSDelivery,
   +invalidTokens?: $ReadOnlyArray<string>,
 };
 async function sendWNSNotification(
   notification: WNSNotification,
   deviceTokens: $ReadOnlyArray<string>,
   notificationInfo: NotificationInfo,
 ): Promise<WNSResult> {
   const { source, codeVersion } = notificationInfo;
 
   const response = await wnsPush({
     notification,
     deviceTokens,
   });
 
   const wnsIDs = response.wnsIDs ?? [];
   const delivery: WNSDelivery = {
     source,
     deviceType: 'windows',
     wnsIDs,
     deviceTokens,
     codeVersion,
     errors: response.errors,
   };
   const result: WNSResult = {
     info: notificationInfo,
     delivery,
     invalidTokens: response.invalidTokens,
   };
   return result;
 }
 
 type InvalidToken = {
   +userID: string,
   +tokens: $ReadOnlyArray<string>,
 };
 async function removeInvalidTokens(
   invalidTokens: $ReadOnlyArray<InvalidToken>,
 ): Promise<void> {
   const sqlTuples = invalidTokens.map(
     invalidTokenUser =>
       SQL`(
       user = ${invalidTokenUser.userID} AND
       device_token IN (${invalidTokenUser.tokens})
     )`,
   );
   const sqlCondition = mergeOrConditions(sqlTuples);
 
   const selectQuery = SQL`
     SELECT id, user, device_token
     FROM cookies
     WHERE
   `;
   selectQuery.append(sqlCondition);
   const [result] = await dbQuery(selectQuery);
 
   const userCookiePairsToInvalidDeviceTokens = new Map();
   for (const row of result) {
     const userCookiePair = `${row.user}|${row.id}`;
     const existing = userCookiePairsToInvalidDeviceTokens.get(userCookiePair);
     if (existing) {
       existing.add(row.device_token);
     } else {
       userCookiePairsToInvalidDeviceTokens.set(
         userCookiePair,
         new Set([row.device_token]),
       );
     }
   }
 
   const time = Date.now();
   const promises = [];
   for (const entry of userCookiePairsToInvalidDeviceTokens) {
     const [userCookiePair, deviceTokens] = entry;
     const [userID, cookieID] = userCookiePair.split('|');
     const updateDatas = [...deviceTokens].map(deviceToken => ({
       type: updateTypes.BAD_DEVICE_TOKEN,
       userID,
       time,
       deviceToken,
       targetCookie: cookieID,
     }));
     promises.push(createUpdates(updateDatas));
   }
 
   const updateQuery = SQL`
     UPDATE cookies
     SET device_token = NULL
     WHERE
   `;
   updateQuery.append(sqlCondition);
   promises.push(dbQuery(updateQuery));
 
   await Promise.all(promises);
 }
 
 async function updateBadgeCount(
   viewer: Viewer,
   source: 'mark_as_unread' | 'mark_as_read' | 'activity_update',
 ) {
   const { userID } = viewer;
 
   const deviceTokenQuery = SQL`
     SELECT platform, device_token, versions, id
     FROM cookies
     WHERE user = ${userID}
       AND device_token IS NOT NULL
   `;
   if (viewer.data.cookieID) {
     deviceTokenQuery.append(SQL`AND id != ${viewer.cookieID} `);
   }
   const [unreadCounts, [deviceTokenResult], [dbID]] = await Promise.all([
     getUnreadCounts([userID]),
     dbQuery(deviceTokenQuery),
     createIDs('notifications', 1),
   ]);
   const unreadCount = unreadCounts[userID];
 
   const devices = deviceTokenResult.map(row => ({
     platform: row.platform,
     cookieID: row.id,
     deviceToken: row.device_token,
     codeVersion: JSON.parse(row.versions)?.codeVersion,
   }));
   const byPlatform = getDevicesByPlatform(devices);
 
   const deliveryPromises = [];
 
   const iosVersionsToTokens = byPlatform.get('ios');
   if (iosVersionsToTokens) {
     for (const [codeVersion, deviceInfos] of iosVersionsToTokens) {
       const notification = new apn.Notification();
       notification.topic = getAPNsNotificationTopic({
         platform: 'ios',
         codeVersion,
       });
       notification.badge = unreadCount;
       notification.pushType = 'alert';
       const deliveryPromise = (async () => {
         const cookieIDs = deviceInfos.map(({ cookieID }) => cookieID);
         let notificationsArray;
         if (codeVersion > 222) {
           notificationsArray = await prepareEncryptedIOSNotifications(
             cookieIDs,
             notification,
           );
         } else {
           notificationsArray = cookieIDs.map(() => notification);
         }
         const targetedNotifications = deviceInfos.map(
           ({ deviceToken }, idx) => ({
             deviceToken,
             notification: notificationsArray[idx],
           }),
         );
         return await sendAPNsNotification('ios', targetedNotifications, {
           source,
           dbID,
           userID,
           codeVersion,
         });
       })();
 
       deliveryPromises.push(deliveryPromise);
     }
   }
 
   const androidVersionsToTokens = byPlatform.get('android');
   if (androidVersionsToTokens) {
     for (const [codeVersion, deviceInfos] of androidVersionsToTokens) {
       const notificationData =
         codeVersion < 69
           ? { badge: unreadCount.toString() }
           : { badge: unreadCount.toString(), badgeOnly: '1' };
       const notification = { data: notificationData };
-      const deviceTokens = deviceInfos.map(({ deviceToken }) => deviceToken);
-      deliveryPromises.push(
-        sendAndroidNotification(notification, deviceTokens, {
+      const deliveryPromise = (async () => {
+        const cookieIDs = deviceInfos.map(({ cookieID }) => cookieID);
+        let notificationsArray;
+        if (codeVersion > 222) {
+          notificationsArray = await prepareEncryptedAndroidNotifications(
+            cookieIDs,
+            notification,
+          );
+        } else {
+          notificationsArray = cookieIDs.map(() => notification);
+        }
+        const targetedNotifications = deviceInfos.map(
+          ({ deviceToken }, idx) => ({
+            deviceToken,
+            notification: notificationsArray[idx],
+          }),
+        );
+        return await sendAndroidNotification(targetedNotifications, {
           source,
           dbID,
           userID,
           codeVersion,
-        }),
-      );
+        });
+      })();
+      deliveryPromises.push(deliveryPromise);
     }
   }
 
   const macosVersionsToTokens = byPlatform.get('macos');
   if (macosVersionsToTokens) {
     for (const [codeVersion, deviceInfos] of macosVersionsToTokens) {
       const notification = new apn.Notification();
       notification.topic = getAPNsNotificationTopic({
         platform: 'macos',
         codeVersion,
       });
       notification.badge = unreadCount;
       notification.pushType = 'alert';
       const targetedNotifications = deviceInfos.map(({ deviceToken }) => ({
         deviceToken,
         notification,
       }));
       deliveryPromises.push(
         sendAPNsNotification('macos', targetedNotifications, {
           source,
           dbID,
           userID,
           codeVersion,
         }),
       );
     }
   }
 
   const deliveryResults = await Promise.all(deliveryPromises);
   await saveNotifResults(deliveryResults, new Map(), false);
 }
 
 export { sendPushNotifs, sendRescindNotifs, updateBadgeCount };
diff --git a/keyserver/src/push/types.js b/keyserver/src/push/types.js
index 7f2d2c60b..ee2df4518 100644
--- a/keyserver/src/push/types.js
+++ b/keyserver/src/push/types.js
@@ -1,16 +1,21 @@
 // @flow
 
 import apn from '@parse/node-apn';
 
 export type TargetedAPNsNotification = {
   +notification: apn.Notification,
   +deviceToken: string,
 };
 
 export type AndroidNotification = {
   +data: {
     +id?: string,
     +badgeOnly?: string,
     +[string]: string,
   },
 };
+
+export type TargetedAndroidNotification = {
+  +notification: AndroidNotification,
+  +deviceToken: string,
+};
diff --git a/keyserver/src/push/utils.js b/keyserver/src/push/utils.js
index 768aa867a..ccbda8f92 100644
--- a/keyserver/src/push/utils.js
+++ b/keyserver/src/push/utils.js
@@ -1,385 +1,386 @@
 // @flow
 
 import type { ResponseFailure } from '@parse/node-apn';
 import type { FirebaseApp, FirebaseError } from 'firebase-admin';
 import invariant from 'invariant';
 import fetch from 'node-fetch';
 import type { Response } from 'node-fetch';
 import webpush from 'web-push';
 
 import type { PlatformDetails } from 'lib/types/device-types.js';
 import type {
   WebNotification,
   WNSNotification,
 } from 'lib/types/notif-types.js';
 import { threadSubscriptions } from 'lib/types/subscription-types.js';
 import { threadPermissions } from 'lib/types/thread-permission-types.js';
 
 import {
   getAPNPushProfileForCodeVersion,
   getFCMPushProfileForCodeVersion,
   getAPNProvider,
   getFCMProvider,
   ensureWebPushInitialized,
   getWNSToken,
 } from './providers.js';
-import type { TargetedAPNsNotification } from './types.js';
+import type {
+  TargetedAPNsNotification,
+  TargetedAndroidNotification,
+} from './types.js';
 import { dbQuery, SQL } from '../database/database.js';
 
 const fcmTokenInvalidationErrors = new Set([
   'messaging/registration-token-not-registered',
   'messaging/invalid-registration-token',
 ]);
 const fcmMaxNotificationPayloadByteSize = 4000;
 const apnTokenInvalidationErrorCode = 410;
 const apnBadRequestErrorCode = 400;
 const apnBadTokenErrorString = 'BadDeviceToken';
 const apnMaxNotificationPayloadByteSize = 4096;
 const webInvalidTokenErrorCodes = [404, 410];
 const wnsInvalidTokenErrorCodes = [404, 410];
 const wnsMaxNotificationPayloadByteSize = 5000;
 
 type APNPushResult =
   | { +success: true }
   | {
       +errors: $ReadOnlyArray<ResponseFailure>,
       +invalidTokens?: $ReadOnlyArray<string>,
     };
 async function apnPush({
   targetedNotifications,
   platformDetails,
 }: {
   +targetedNotifications: $ReadOnlyArray<TargetedAPNsNotification>,
   +platformDetails: PlatformDetails,
 }): Promise<APNPushResult> {
   const pushProfile = getAPNPushProfileForCodeVersion(platformDetails);
   const apnProvider = await getAPNProvider(pushProfile);
   if (!apnProvider && process.env.NODE_ENV === 'development') {
     console.log(`no keyserver/secrets/${pushProfile}.json so ignoring notifs`);
     return { success: true };
   }
   invariant(apnProvider, `keyserver/secrets/${pushProfile}.json should exist`);
 
   const results = await Promise.all(
     targetedNotifications.map(({ notification, deviceToken }) => {
       return apnProvider.send(notification, deviceToken);
     }),
   );
 
   const mergedResults = { sent: [], failed: [] };
   for (const result of results) {
     mergedResults.sent.push(...result.sent);
     mergedResults.failed.push(...result.failed);
   }
 
   const errors = [];
   const invalidTokens = [];
   for (const error of mergedResults.failed) {
     errors.push(error);
     /* eslint-disable eqeqeq */
     if (
       error.status == apnTokenInvalidationErrorCode ||
       (error.status == apnBadRequestErrorCode &&
         error.response.reason === apnBadTokenErrorString)
     ) {
       invalidTokens.push(error.device);
     }
     /* eslint-enable eqeqeq */
   }
   if (invalidTokens.length > 0) {
     return { errors, invalidTokens };
   } else if (errors.length > 0) {
     return { errors };
   } else {
     return { success: true };
   }
 }
 
 type FCMPushResult = {
   +success?: true,
   +fcmIDs?: $ReadOnlyArray<string>,
   +errors?: $ReadOnlyArray<FirebaseError>,
   +invalidTokens?: $ReadOnlyArray<string>,
 };
 async function fcmPush({
-  notification,
-  deviceTokens,
+  targetedNotifications,
   collapseKey,
   codeVersion,
 }: {
-  +notification: Object,
-  +deviceTokens: $ReadOnlyArray<string>,
+  +targetedNotifications: $ReadOnlyArray<TargetedAndroidNotification>,
   +codeVersion: ?number,
   +collapseKey?: ?string,
 }): Promise<FCMPushResult> {
   const pushProfile = getFCMPushProfileForCodeVersion(codeVersion);
   const fcmProvider = await getFCMProvider(pushProfile);
   if (!fcmProvider && process.env.NODE_ENV === 'development') {
     console.log(`no keyserver/secrets/${pushProfile}.json so ignoring notifs`);
     return { success: true };
   }
   invariant(fcmProvider, `keyserver/secrets/${pushProfile}.json should exist`);
   const options: Object = {
     priority: 'high',
   };
   if (collapseKey) {
     options.collapseKey = collapseKey;
   }
   // firebase-admin is extremely barebones and has a lot of missing or poorly
   // thought-out functionality. One of the issues is that if you send a
   // multicast messages and one of the device tokens is invalid, the resultant
   // won't explain which of the device tokens is invalid. So we're forced to
   // avoid the multicast functionality and call it once per deviceToken.
   const promises = [];
-  for (const deviceToken of deviceTokens) {
+  for (const { notification, deviceToken } of targetedNotifications) {
     promises.push(
       fcmSinglePush(fcmProvider, notification, deviceToken, options),
     );
   }
   const pushResults = await Promise.all(promises);
 
   const errors = [];
   const ids = [];
   const invalidTokens = [];
   for (let i = 0; i < pushResults.length; i++) {
     const pushResult = pushResults[i];
     for (const error of pushResult.errors) {
       errors.push(error);
       if (fcmTokenInvalidationErrors.has(error.errorInfo.code)) {
-        invalidTokens.push(deviceTokens[i]);
+        invalidTokens.push(targetedNotifications[i].deviceToken);
       }
     }
     for (const id of pushResult.fcmIDs) {
       ids.push(id);
     }
   }
 
   const result = {};
   if (ids.length > 0) {
     result.fcmIDs = ids;
   }
   if (errors.length > 0) {
     result.errors = errors;
   } else {
     result.success = true;
   }
   if (invalidTokens.length > 0) {
     result.invalidTokens = invalidTokens;
   }
   return { ...result };
 }
 
 async function fcmSinglePush(
   provider: FirebaseApp,
   notification: Object,
   deviceToken: string,
   options: Object,
 ) {
   try {
     const deliveryResult = await provider
       .messaging()
       .sendToDevice(deviceToken, notification, options);
     const errors = [];
     const ids = [];
     for (const fcmResult of deliveryResult.results) {
       if (fcmResult.error) {
         errors.push(fcmResult.error);
       } else if (fcmResult.messageId) {
         ids.push(fcmResult.messageId);
       }
     }
     return { fcmIDs: ids, errors };
   } catch (e) {
     return { fcmIDs: [], errors: [e] };
   }
 }
 
 async function getUnreadCounts(
   userIDs: string[],
 ): Promise<{ [userID: string]: number }> {
   const visPermissionExtractString = `$.${threadPermissions.VISIBLE}.value`;
   const notificationExtractString = `$.${threadSubscriptions.home}`;
   const query = SQL`
     SELECT user, COUNT(thread) AS unread_count
     FROM memberships
     WHERE user IN (${userIDs}) AND last_message > last_read_message 
       AND role > 0
       AND JSON_EXTRACT(permissions, ${visPermissionExtractString})
       AND JSON_EXTRACT(subscription, ${notificationExtractString})
     GROUP BY user
   `;
   const [result] = await dbQuery(query);
   const usersToUnreadCounts = {};
   for (const row of result) {
     usersToUnreadCounts[row.user.toString()] = row.unread_count;
   }
   for (const userID of userIDs) {
     if (usersToUnreadCounts[userID] === undefined) {
       usersToUnreadCounts[userID] = 0;
     }
   }
   return usersToUnreadCounts;
 }
 
 export type WebPushError = {
   +statusCode: number,
   +headers: { +[string]: string },
   +body: string,
 };
 type WebPushResult = {
   +success?: true,
   +errors?: $ReadOnlyArray<WebPushError>,
   +invalidTokens?: $ReadOnlyArray<string>,
 };
 async function webPush({
   notification,
   deviceTokens,
 }: {
   +notification: WebNotification,
   +deviceTokens: $ReadOnlyArray<string>,
 }): Promise<WebPushResult> {
   await ensureWebPushInitialized();
   const notificationString = JSON.stringify(notification);
 
   const pushResults = await Promise.all(
     deviceTokens.map(async deviceTokenString => {
       const deviceToken: PushSubscriptionJSON = JSON.parse(deviceTokenString);
       try {
         await webpush.sendNotification(deviceToken, notificationString);
       } catch (error) {
         return { error };
       }
       return {};
     }),
   );
 
   const errors = [];
   const invalidTokens = [];
   for (let i = 0; i < pushResults.length; i++) {
     const pushResult = pushResults[i];
     if (pushResult.error) {
       errors.push(pushResult.error);
       if (webInvalidTokenErrorCodes.includes(pushResult.error.statusCode)) {
         invalidTokens.push(deviceTokens[i]);
       }
     }
   }
 
   const result = {};
   if (errors.length > 0) {
     result.errors = errors;
   } else {
     result.success = true;
   }
   if (invalidTokens.length > 0) {
     result.invalidTokens = invalidTokens;
   }
   return { ...result };
 }
 
 export type WNSPushError = any | string | Response;
 type WNSPushResult = {
   +success?: true,
   +wnsIDs?: $ReadOnlyArray<string>,
   +errors?: $ReadOnlyArray<WNSPushError>,
   +invalidTokens?: $ReadOnlyArray<string>,
 };
 async function wnsPush({
   notification,
   deviceTokens,
 }: {
   +notification: WNSNotification,
   +deviceTokens: $ReadOnlyArray<string>,
 }): Promise<WNSPushResult> {
   const token = await getWNSToken();
   if (!token && process.env.NODE_ENV === 'development') {
     console.log(`no keyserver/secrets/wns_config.json so ignoring notifs`);
     return { success: true };
   }
   invariant(token, `keyserver/secrets/wns_config.json should exist`);
 
   const notificationString = JSON.stringify(notification);
 
   const pushResults = deviceTokens.map(async devicePushURL => {
     try {
       return await wnsSinglePush(token, notificationString, devicePushURL);
     } catch (error) {
       return { error };
     }
   });
 
   const errors = [];
   const notifIDs = [];
   const invalidTokens = [];
   for (let i = 0; i < pushResults.length; i++) {
     const pushResult = await pushResults[i];
     if (pushResult.error) {
       errors.push(pushResult.error);
       if (
         pushResult.error === 'invalidDomain' ||
         wnsInvalidTokenErrorCodes.includes(pushResult.error?.status)
       ) {
         invalidTokens.push(deviceTokens[i]);
       }
     } else {
       notifIDs.push(pushResult.wnsID);
     }
   }
 
   const result = {};
   if (notifIDs.length > 0) {
     result.wnsIDs = notifIDs;
   }
   if (errors.length > 0) {
     result.errors = errors;
   } else {
     result.success = true;
   }
   if (invalidTokens.length > 0) {
     result.invalidTokens = invalidTokens;
   }
   return { ...result };
 }
 
 async function wnsSinglePush(token: string, notification: string, url: string) {
   const parsedURL = new URL(url);
   const domain = parsedURL.hostname.split('.').slice(-3);
   if (
     domain[0] !== 'notify' ||
     domain[1] !== 'windows' ||
     domain[2] !== 'com'
   ) {
     return { error: 'invalidDomain' };
   }
 
   try {
     const result = await fetch(url, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/octet-stream',
         'X-WNS-Type': 'wns/raw',
         'Authorization': `Bearer ${token}`,
       },
       body: notification,
     });
 
     if (!result.ok) {
       return { error: result };
     }
 
     return { wnsID: result.headers.get('X-WNS-MSG-ID') };
   } catch (err) {
     return { error: err };
   }
 }
 
 export {
   apnPush,
   fcmPush,
   webPush,
   wnsPush,
   getUnreadCounts,
   apnMaxNotificationPayloadByteSize,
   fcmMaxNotificationPayloadByteSize,
   wnsMaxNotificationPayloadByteSize,
 };
diff --git a/keyserver/src/session/cookies.js b/keyserver/src/session/cookies.js
index 2233788de..37914dc4d 100644
--- a/keyserver/src/session/cookies.js
+++ b/keyserver/src/session/cookies.js
@@ -1,898 +1,899 @@
 // @flow
 
 import crypto from 'crypto';
 import type { $Response, $Request } from 'express';
 import invariant from 'invariant';
 import bcrypt from 'twin-bcrypt';
 import url from 'url';
 
 import { hasMinCodeVersion } from 'lib/shared/version-utils.js';
 import type { Shape } from 'lib/types/core.js';
 import type { SignedIdentityKeysBlob } from 'lib/types/crypto-types.js';
 import { isWebPlatform } from 'lib/types/device-types.js';
 import type { Platform, PlatformDetails } from 'lib/types/device-types.js';
 import type { CalendarQuery } from 'lib/types/entry-types.js';
 import {
   type ServerSessionChange,
   cookieLifetime,
   cookieSources,
   type CookieSource,
   cookieTypes,
   sessionIdentifierTypes,
   type SessionIdentifierType,
 } from 'lib/types/session-types.js';
 import type { SIWESocialProof } from 'lib/types/siwe-types.js';
 import type { InitialClientSocketMessage } from 'lib/types/socket-types.js';
 import type { UserInfo } from 'lib/types/user-types.js';
 import { values } from 'lib/utils/objects.js';
 import { promiseAll } from 'lib/utils/promises.js';
 
 import { Viewer } from './viewer.js';
 import type { AnonymousViewerData, UserViewerData } from './viewer.js';
 import createIDs from '../creators/id-creator.js';
 import { createSession } from '../creators/session-creator.js';
 import { dbQuery, SQL } from '../database/database.js';
 import { deleteCookie } from '../deleters/cookie-deleters.js';
 import { handleAsyncPromise } from '../responders/handlers.js';
 import { clearDeviceToken } from '../updaters/device-token-updaters.js';
 import { updateThreadMembers } from '../updaters/thread-updaters.js';
 import { assertSecureRequest } from '../utils/security-utils.js';
 import {
   type AppURLFacts,
   getAppURLFactsFromRequestURL,
 } from '../utils/urls.js';
 
 function cookieIsExpired(lastUsed: number) {
   return lastUsed + cookieLifetime <= Date.now();
 }
 
 type SessionParameterInfo = {
   isSocket: boolean,
   sessionID: ?string,
   sessionIdentifierType: SessionIdentifierType,
   ipAddress: string,
   userAgent: ?string,
 };
 
 type FetchViewerResult =
   | { type: 'valid', viewer: Viewer }
   | InvalidFetchViewerResult;
 
 type InvalidFetchViewerResult =
   | {
       type: 'nonexistant',
       cookieName: ?string,
       cookieSource: ?CookieSource,
       sessionParameterInfo: SessionParameterInfo,
     }
   | {
       type: 'invalidated',
       cookieName: string,
       cookieID: string,
       cookieSource: CookieSource,
       sessionParameterInfo: SessionParameterInfo,
       platformDetails: ?PlatformDetails,
       deviceToken: ?string,
     };
 
 async function fetchUserViewer(
   cookie: string,
   cookieSource: CookieSource,
   sessionParameterInfo: SessionParameterInfo,
 ): Promise<FetchViewerResult> {
   const [cookieID, cookiePassword] = cookie.split(':');
   if (!cookieID || !cookiePassword) {
     return {
       type: 'nonexistant',
       cookieName: cookieTypes.USER,
       cookieSource,
       sessionParameterInfo,
     };
   }
 
   const query = SQL`
     SELECT hash, user, last_used, platform, device_token, versions
     FROM cookies
     WHERE id = ${cookieID} AND user IS NOT NULL
   `;
   const [[result], allSessionInfo] = await Promise.all([
     dbQuery(query),
     fetchSessionInfo(sessionParameterInfo, cookieID),
   ]);
   if (result.length === 0) {
     return {
       type: 'nonexistant',
       cookieName: cookieTypes.USER,
       cookieSource,
       sessionParameterInfo,
     };
   }
 
   let sessionID = null,
     sessionInfo = null;
   if (allSessionInfo) {
     ({ sessionID, ...sessionInfo } = allSessionInfo);
   }
 
   const cookieRow = result[0];
   let platformDetails = null;
   if (cookieRow.versions) {
     const versions = JSON.parse(cookieRow.versions);
     platformDetails = {
       platform: cookieRow.platform,
       codeVersion: versions.codeVersion,
       stateVersion: versions.stateVersion,
     };
   } else {
     platformDetails = { platform: cookieRow.platform };
   }
   const deviceToken = cookieRow.device_token;
 
   if (
     !bcrypt.compareSync(cookiePassword, cookieRow.hash) ||
     cookieIsExpired(cookieRow.last_used)
   ) {
     return {
       type: 'invalidated',
       cookieName: cookieTypes.USER,
       cookieID,
       cookieSource,
       sessionParameterInfo,
       platformDetails,
       deviceToken,
     };
   }
   const userID = cookieRow.user.toString();
   const viewer = new Viewer({
     isSocket: sessionParameterInfo.isSocket,
     loggedIn: true,
     id: userID,
     platformDetails,
     deviceToken,
     userID,
     cookieSource,
     cookieID,
     cookiePassword,
     sessionIdentifierType: sessionParameterInfo.sessionIdentifierType,
     sessionID,
     sessionInfo,
     isScriptViewer: false,
     ipAddress: sessionParameterInfo.ipAddress,
     userAgent: sessionParameterInfo.userAgent,
   });
   return { type: 'valid', viewer };
 }
 
 async function fetchAnonymousViewer(
   cookie: string,
   cookieSource: CookieSource,
   sessionParameterInfo: SessionParameterInfo,
 ): Promise<FetchViewerResult> {
   const [cookieID, cookiePassword] = cookie.split(':');
   if (!cookieID || !cookiePassword) {
     return {
       type: 'nonexistant',
       cookieName: cookieTypes.ANONYMOUS,
       cookieSource,
       sessionParameterInfo,
     };
   }
 
   const query = SQL`
     SELECT last_used, hash, platform, device_token, versions
     FROM cookies
     WHERE id = ${cookieID} AND user IS NULL
   `;
   const [[result], allSessionInfo] = await Promise.all([
     dbQuery(query),
     fetchSessionInfo(sessionParameterInfo, cookieID),
   ]);
   if (result.length === 0) {
     return {
       type: 'nonexistant',
       cookieName: cookieTypes.ANONYMOUS,
       cookieSource,
       sessionParameterInfo,
     };
   }
 
   let sessionID = null,
     sessionInfo = null;
   if (allSessionInfo) {
     ({ sessionID, ...sessionInfo } = allSessionInfo);
   }
 
   const cookieRow = result[0];
   let platformDetails = null;
   if (cookieRow.platform && cookieRow.versions) {
     const versions = JSON.parse(cookieRow.versions);
     platformDetails = {
       platform: cookieRow.platform,
       codeVersion: versions.codeVersion,
       stateVersion: versions.stateVersion,
     };
   } else if (cookieRow.platform) {
     platformDetails = { platform: cookieRow.platform };
   }
   const deviceToken = cookieRow.device_token;
 
   if (
     !bcrypt.compareSync(cookiePassword, cookieRow.hash) ||
     cookieIsExpired(cookieRow.last_used)
   ) {
     return {
       type: 'invalidated',
       cookieName: cookieTypes.ANONYMOUS,
       cookieID,
       cookieSource,
       sessionParameterInfo,
       platformDetails,
       deviceToken,
     };
   }
   const viewer = new Viewer({
     isSocket: sessionParameterInfo.isSocket,
     loggedIn: false,
     id: cookieID,
     platformDetails,
     deviceToken,
     cookieSource,
     cookieID,
     cookiePassword,
     sessionIdentifierType: sessionParameterInfo.sessionIdentifierType,
     sessionID,
     sessionInfo,
     isScriptViewer: false,
     ipAddress: sessionParameterInfo.ipAddress,
     userAgent: sessionParameterInfo.userAgent,
   });
   return { type: 'valid', viewer };
 }
 
 type SessionInfo = {
   +sessionID: ?string,
   +lastValidated: number,
   +lastUpdate: number,
   +calendarQuery: CalendarQuery,
 };
 async function fetchSessionInfo(
   sessionParameterInfo: SessionParameterInfo,
   cookieID: string,
 ): Promise<?SessionInfo> {
   const { sessionID } = sessionParameterInfo;
   const session = sessionID !== undefined ? sessionID : cookieID;
   if (!session) {
     return null;
   }
   const query = SQL`
     SELECT query, last_validated, last_update
     FROM sessions
     WHERE id = ${session} AND cookie = ${cookieID}
   `;
   const [result] = await dbQuery(query);
   if (result.length === 0) {
     return null;
   }
   return {
     sessionID,
     lastValidated: result[0].last_validated,
     lastUpdate: result[0].last_update,
     calendarQuery: JSON.parse(result[0].query),
   };
 }
 
 // This function is meant to consume a cookie that has already been processed.
 // That means it doesn't have any logic to handle an invalid cookie, and it
 // doesn't update the cookie's last_used timestamp.
 async function fetchViewerFromCookieData(
   req: $Request,
   sessionParameterInfo: SessionParameterInfo,
 ): Promise<FetchViewerResult> {
   let viewerResult;
   const { user, anonymous } = req.cookies;
   if (user) {
     viewerResult = await fetchUserViewer(
       user,
       cookieSources.HEADER,
       sessionParameterInfo,
     );
   } else if (anonymous) {
     viewerResult = await fetchAnonymousViewer(
       anonymous,
       cookieSources.HEADER,
       sessionParameterInfo,
     );
   } else {
     return {
       type: 'nonexistant',
       cookieName: null,
       cookieSource: null,
       sessionParameterInfo,
     };
   }
 
   // We protect against CSRF attacks by making sure that on web,
   // non-GET requests cannot use a bare cookie for session identification
   if (viewerResult.type === 'valid') {
     const { viewer } = viewerResult;
     invariant(
       req.method === 'GET' ||
         viewer.sessionIdentifierType !== sessionIdentifierTypes.COOKIE_ID ||
         !isWebPlatform(viewer.platform),
       'non-GET request from web using sessionIdentifierTypes.COOKIE_ID',
     );
   }
 
   return viewerResult;
 }
 
 async function fetchViewerFromRequestBody(
   body: mixed,
   sessionParameterInfo: SessionParameterInfo,
 ): Promise<FetchViewerResult> {
   if (!body || typeof body !== 'object') {
     return {
       type: 'nonexistant',
       cookieName: null,
       cookieSource: null,
       sessionParameterInfo,
     };
   }
   const cookiePair = body.cookie;
   if (cookiePair === null || cookiePair === '') {
     return {
       type: 'nonexistant',
       cookieName: null,
       cookieSource: cookieSources.BODY,
       sessionParameterInfo,
     };
   }
   if (!cookiePair || typeof cookiePair !== 'string') {
     return {
       type: 'nonexistant',
       cookieName: null,
       cookieSource: null,
       sessionParameterInfo,
     };
   }
   const [type, cookie] = cookiePair.split('=');
   if (type === cookieTypes.USER && cookie) {
     return await fetchUserViewer(
       cookie,
       cookieSources.BODY,
       sessionParameterInfo,
     );
   } else if (type === cookieTypes.ANONYMOUS && cookie) {
     return await fetchAnonymousViewer(
       cookie,
       cookieSources.BODY,
       sessionParameterInfo,
     );
   }
   return {
     type: 'nonexistant',
     cookieName: null,
     cookieSource: null,
     sessionParameterInfo,
   };
 }
 
 function getRequestIPAddress(req: $Request) {
   const { proxy } = getAppURLFactsFromRequestURL(req.originalUrl);
   let ipAddress;
   if (proxy === 'none') {
     ipAddress = req.socket.remoteAddress;
   } else if (proxy === 'apache') {
     ipAddress = req.get('X-Forwarded-For');
   }
   invariant(ipAddress, 'could not determine requesting IP address');
   return ipAddress;
 }
 
 function getSessionParameterInfoFromRequestBody(
   req: $Request,
 ): SessionParameterInfo {
   const body = (req.body: any);
   let sessionID =
     body.sessionID !== undefined || req.method !== 'GET'
       ? body.sessionID
       : null;
   if (sessionID === '') {
     sessionID = null;
   }
   const sessionIdentifierType =
     req.method === 'GET' || sessionID !== undefined
       ? sessionIdentifierTypes.BODY_SESSION_ID
       : sessionIdentifierTypes.COOKIE_ID;
   return {
     isSocket: false,
     sessionID,
     sessionIdentifierType,
     ipAddress: getRequestIPAddress(req),
     userAgent: req.get('User-Agent'),
   };
 }
 
 async function fetchViewerForJSONRequest(req: $Request): Promise<Viewer> {
   assertSecureRequest(req);
   const sessionParameterInfo = getSessionParameterInfoFromRequestBody(req);
   let result = await fetchViewerFromRequestBody(req.body, sessionParameterInfo);
   if (
     result.type === 'nonexistant' &&
     (result.cookieSource === null || result.cookieSource === undefined)
   ) {
     result = await fetchViewerFromCookieData(req, sessionParameterInfo);
   }
   return await handleFetchViewerResult(result);
 }
 
 const webPlatformDetails = { platform: 'web' };
 async function fetchViewerForHomeRequest(req: $Request): Promise<Viewer> {
   assertSecureRequest(req);
   const sessionParameterInfo = getSessionParameterInfoFromRequestBody(req);
   const result = await fetchViewerFromCookieData(req, sessionParameterInfo);
   return await handleFetchViewerResult(result, webPlatformDetails);
 }
 
 async function fetchViewerForSocket(
   req: $Request,
   clientMessage: InitialClientSocketMessage,
 ): Promise<?Viewer> {
   assertSecureRequest(req);
   const { sessionIdentification } = clientMessage.payload;
   const { sessionID } = sessionIdentification;
   const sessionParameterInfo = {
     isSocket: true,
     sessionID,
     sessionIdentifierType:
       sessionID !== undefined
         ? sessionIdentifierTypes.BODY_SESSION_ID
         : sessionIdentifierTypes.COOKIE_ID,
     ipAddress: getRequestIPAddress(req),
     userAgent: req.get('User-Agent'),
   };
 
   let result = await fetchViewerFromRequestBody(
     clientMessage.payload.sessionIdentification,
     sessionParameterInfo,
   );
   if (
     result.type === 'nonexistant' &&
     (result.cookieSource === null || result.cookieSource === undefined)
   ) {
     result = await fetchViewerFromCookieData(req, sessionParameterInfo);
   }
   if (result.type === 'valid') {
     return result.viewer;
   }
 
   const promises = {};
   if (result.cookieSource === cookieSources.BODY) {
     // We initialize a socket's Viewer after the WebSocket handshake, since to
     // properly initialize the Viewer we need a bunch of data, but that data
     // can't be sent until after the handshake. Consequently, by the time we
     // know that a cookie may be invalid, we are no longer communicating via
     // HTTP, and have no way to set a new cookie for HEADER (web) clients.
     const platformDetails =
       result.type === 'invalidated' ? result.platformDetails : null;
     const deviceToken =
       result.type === 'invalidated' ? result.deviceToken : null;
     promises.anonymousViewerData = createNewAnonymousCookie({
       platformDetails,
       deviceToken,
     });
   }
   if (result.type === 'invalidated') {
     promises.deleteCookie = deleteCookie(result.cookieID);
   }
   const { anonymousViewerData } = await promiseAll(promises);
 
   if (!anonymousViewerData) {
     return null;
   }
 
   return createViewerForInvalidFetchViewerResult(result, anonymousViewerData);
 }
 
 async function handleFetchViewerResult(
   result: FetchViewerResult,
   inputPlatformDetails?: PlatformDetails,
 ) {
   if (result.type === 'valid') {
     return result.viewer;
   }
 
   let platformDetails = inputPlatformDetails;
   if (!platformDetails && result.type === 'invalidated') {
     platformDetails = result.platformDetails;
   }
   const deviceToken = result.type === 'invalidated' ? result.deviceToken : null;
 
   const [anonymousViewerData] = await Promise.all([
     createNewAnonymousCookie({ platformDetails, deviceToken }),
     result.type === 'invalidated' ? deleteCookie(result.cookieID) : null,
   ]);
 
   return createViewerForInvalidFetchViewerResult(result, anonymousViewerData);
 }
 
 function createViewerForInvalidFetchViewerResult(
   result: InvalidFetchViewerResult,
   anonymousViewerData: AnonymousViewerData,
 ): Viewer {
   // If a null cookie was specified in the request body, result.cookieSource
   // will still be BODY here. The only way it would be null or undefined here
   // is if there was no cookie specified in either the body or the header, in
   // which case we default to returning the new cookie in the response header.
   const cookieSource =
     result.cookieSource !== null && result.cookieSource !== undefined
       ? result.cookieSource
       : cookieSources.HEADER;
   const viewer = new Viewer({
     ...anonymousViewerData,
     cookieSource,
     sessionIdentifierType: result.sessionParameterInfo.sessionIdentifierType,
     isSocket: result.sessionParameterInfo.isSocket,
     ipAddress: result.sessionParameterInfo.ipAddress,
     userAgent: result.sessionParameterInfo.userAgent,
   });
   viewer.sessionChanged = true;
 
   // If cookieName is falsey, that tells us that there was no cookie specified
   // in the request, which means we can't be invalidating anything.
   if (result.cookieName) {
     viewer.cookieInvalidated = true;
     viewer.initialCookieName = result.cookieName;
   }
 
   return viewer;
 }
 
 function addSessionChangeInfoToResult(
   viewer: Viewer,
   res: $Response,
   result: Object,
   appURLFacts: AppURLFacts,
 ) {
   let threadInfos = {},
     userInfos = {};
   if (result.cookieChange) {
     ({ threadInfos, userInfos } = result.cookieChange);
   }
   let sessionChange;
   if (viewer.cookieInvalidated) {
     sessionChange = ({
       cookieInvalidated: true,
       threadInfos,
       userInfos: (values(userInfos).map(a => a): UserInfo[]),
       currentUserInfo: {
         id: viewer.cookieID,
         anonymous: true,
       },
     }: ServerSessionChange);
   } else {
     sessionChange = ({
       cookieInvalidated: false,
       threadInfos,
       userInfos: (values(userInfos).map(a => a): UserInfo[]),
     }: ServerSessionChange);
   }
   if (viewer.cookieSource === cookieSources.BODY) {
     sessionChange.cookie = viewer.cookiePairString;
   } else {
     addActualHTTPCookie(viewer, res, appURLFacts);
   }
   if (viewer.sessionIdentifierType === sessionIdentifierTypes.BODY_SESSION_ID) {
     sessionChange.sessionID = viewer.sessionID ? viewer.sessionID : null;
   }
   result.cookieChange = sessionChange;
 }
 
 type AnonymousCookieCreationParams = Shape<{
   +platformDetails: ?PlatformDetails,
   +deviceToken: ?string,
 }>;
 const defaultPlatformDetails = {};
 
 // The result of this function should not be passed directly to the Viewer
 // constructor. Instead, it should be passed to viewer.setNewCookie. There are
 // several fields on AnonymousViewerData that are not set by this function:
 // sessionIdentifierType, cookieSource, ipAddress, and userAgent. These
 // parameters all depend on the initial request. If the result of this function
 // is passed to the Viewer constructor directly, the resultant Viewer object
 // will throw whenever anybody attempts to access the relevant properties.
 async function createNewAnonymousCookie(
   params: AnonymousCookieCreationParams,
 ): Promise<AnonymousViewerData> {
   const { platformDetails, deviceToken } = params;
   const { platform, ...versions } = platformDetails || defaultPlatformDetails;
   const versionsString =
     Object.keys(versions).length > 0 ? JSON.stringify(versions) : null;
 
   const time = Date.now();
   const cookiePassword = crypto.randomBytes(32).toString('hex');
   const cookieHash = bcrypt.hashSync(cookiePassword);
   const [[id]] = await Promise.all([
     createIDs('cookies', 1),
     deviceToken ? clearDeviceToken(deviceToken) : undefined,
   ]);
 
   const cookieRow = [
     id,
     cookieHash,
     null,
     platform,
     time,
     time,
     deviceToken,
     versionsString,
   ];
   const query = SQL`
     INSERT INTO cookies(id, hash, user, platform, creation_time, last_used,
       device_token, versions)
     VALUES ${[cookieRow]}
   `;
   await dbQuery(query);
   return {
     loggedIn: false,
     id,
     platformDetails,
     deviceToken,
     cookieID: id,
     cookiePassword,
     sessionID: undefined,
     sessionInfo: null,
     cookieInsertedThisRequest: true,
     isScriptViewer: false,
   };
 }
 
 type UserCookieCreationParams = {
   +platformDetails: PlatformDetails,
   +deviceToken?: ?string,
   +socialProof?: ?SIWESocialProof,
   +signedIdentityKeysBlob?: ?SignedIdentityKeysBlob,
 };
 
 // The result of this function should never be passed directly to the Viewer
 // constructor. Instead, it should be passed to viewer.setNewCookie. There are
 // several fields on UserViewerData that are not set by this function:
 // sessionID, sessionIdentifierType, cookieSource, and ipAddress. These
 // parameters all depend on the initial request. If the result of this function
 // is passed to the Viewer constructor directly, the resultant Viewer object
 // will throw whenever anybody attempts to access the relevant properties.
 async function createNewUserCookie(
   userID: string,
   params: UserCookieCreationParams,
 ): Promise<UserViewerData> {
   const { platformDetails, deviceToken, socialProof, signedIdentityKeysBlob } =
     params;
   const { platform, ...versions } = platformDetails || defaultPlatformDetails;
   const versionsString =
     Object.keys(versions).length > 0 ? JSON.stringify(versions) : null;
 
   const time = Date.now();
   const cookiePassword = crypto.randomBytes(32).toString('hex');
   const cookieHash = bcrypt.hashSync(cookiePassword);
   const [[cookieID]] = await Promise.all([
     createIDs('cookies', 1),
     deviceToken ? clearDeviceToken(deviceToken) : undefined,
   ]);
 
   const cookieRow = [
     cookieID,
     cookieHash,
     userID,
     platform,
     time,
     time,
     deviceToken,
     versionsString,
     JSON.stringify(socialProof),
     signedIdentityKeysBlob ? JSON.stringify(signedIdentityKeysBlob) : null,
   ];
   const query = SQL`
     INSERT INTO cookies(id, hash, user, platform, creation_time, last_used,
       device_token, versions, social_proof, signed_identity_keys)
     VALUES ${[cookieRow]}
   `;
   await dbQuery(query);
   return {
     loggedIn: true,
     id: userID,
     platformDetails,
     deviceToken,
     userID,
     cookieID,
     sessionID: undefined,
     sessionInfo: null,
     cookiePassword,
     cookieInsertedThisRequest: true,
     isScriptViewer: false,
   };
 }
 
 // This gets called after createNewUserCookie and from websiteResponder. If the
 // Viewer's sessionIdentifierType is COOKIE_ID then the cookieID is used as the
 // session identifier; otherwise, a new ID is created for the session.
 async function setNewSession(
   viewer: Viewer,
   calendarQuery: CalendarQuery,
   initialLastUpdate: number,
 ): Promise<void> {
   if (viewer.sessionIdentifierType !== sessionIdentifierTypes.COOKIE_ID) {
     const [sessionID] = await createIDs('sessions', 1);
     viewer.setSessionID(sessionID);
   }
   await createSession(viewer, calendarQuery, initialLastUpdate);
 }
 
 async function extendCookieLifespan(cookieID: string) {
   const time = Date.now();
   const query = SQL`
     UPDATE cookies SET last_used = ${time} WHERE id = ${cookieID}
   `;
   await dbQuery(query);
 }
 
 function addCookieToJSONResponse(
   viewer: Viewer,
   res: $Response,
   result: Object,
   expectCookieInvalidation: boolean,
   appURLFacts: AppURLFacts,
 ) {
   if (expectCookieInvalidation) {
     viewer.cookieInvalidated = false;
   }
   if (!viewer.getData().cookieInsertedThisRequest) {
     handleAsyncPromise(extendCookieLifespan(viewer.cookieID));
   }
   if (viewer.sessionChanged) {
     addSessionChangeInfoToResult(viewer, res, result, appURLFacts);
   } else if (viewer.cookieSource !== cookieSources.BODY) {
     addActualHTTPCookie(viewer, res, appURLFacts);
   }
 }
 
 function addCookieToHomeResponse(
   viewer: Viewer,
   res: $Response,
   appURLFacts: AppURLFacts,
 ) {
   if (!viewer.getData().cookieInsertedThisRequest) {
     handleAsyncPromise(extendCookieLifespan(viewer.cookieID));
   }
   addActualHTTPCookie(viewer, res, appURLFacts);
 }
 
 function getCookieOptions(appURLFacts: AppURLFacts) {
   const { baseDomain, basePath, https } = appURLFacts;
   const domainAsURL = new url.URL(baseDomain);
   return {
     domain: domainAsURL.hostname,
     path: basePath,
     httpOnly: true,
     secure: https,
     maxAge: cookieLifetime,
     sameSite: 'Strict',
   };
 }
 
 function addActualHTTPCookie(
   viewer: Viewer,
   res: $Response,
   appURLFacts: AppURLFacts,
 ) {
   res.cookie(
     viewer.cookieName,
     viewer.cookieString,
     getCookieOptions(appURLFacts),
   );
   if (viewer.cookieName !== viewer.initialCookieName) {
     res.clearCookie(viewer.initialCookieName, getCookieOptions(appURLFacts));
   }
 }
 
 async function setCookieSignedIdentityKeysBlob(
   cookieID: string,
   signedIdentityKeysBlob: SignedIdentityKeysBlob,
 ) {
   const signedIdentityKeysStr = JSON.stringify(signedIdentityKeysBlob);
   const query = SQL`
     UPDATE cookies 
     SET signed_identity_keys = ${signedIdentityKeysStr}
     WHERE id = ${cookieID}
   `;
   await dbQuery(query);
 }
 
 // Returns `true` if row with `id = cookieID` exists AND
 // `signed_identity_keys` is `NULL`. Otherwise, returns `false`.
 async function isCookieMissingSignedIdentityKeysBlob(
   cookieID: string,
 ): Promise<boolean> {
   const query = SQL`
     SELECT signed_identity_keys
     FROM cookies 
     WHERE id = ${cookieID}
   `;
   const [queryResult] = await dbQuery(query);
   return (
     queryResult.length === 1 && queryResult[0].signed_identity_keys === null
   );
 }
 
 async function isCookieMissingOlmNotificationsSession(
   viewer: Viewer,
 ): Promise<boolean> {
   if (
     !viewer.platformDetails ||
-    viewer.platformDetails.platform !== 'ios' ||
+    (viewer.platformDetails.platform !== 'ios' &&
+      viewer.platformDetails.platform !== 'android') ||
     !viewer.platformDetails.codeVersion ||
     viewer.platformDetails.codeVersion < 222
   ) {
     return false;
   }
   const query = SQL`
     SELECT COUNT(*) AS count
     FROM olm_sessions
     WHERE cookie_id = ${viewer.cookieID} AND is_content = FALSE
   `;
   const [queryResult] = await dbQuery(query);
   return queryResult[0].count === 0;
 }
 
 async function setCookiePlatform(
   viewer: Viewer,
   platform: Platform,
 ): Promise<void> {
   const newPlatformDetails = { ...viewer.platformDetails, platform };
   viewer.setPlatformDetails(newPlatformDetails);
   const query = SQL`
     UPDATE cookies
     SET platform = ${platform}
     WHERE id = ${viewer.cookieID}
   `;
   await dbQuery(query);
 }
 
 async function setCookiePlatformDetails(
   viewer: Viewer,
   platformDetails: PlatformDetails,
 ): Promise<void> {
   if (
     hasMinCodeVersion(platformDetails, { native: 70 }) &&
     !hasMinCodeVersion(viewer.platformDetails, { native: 70 })
   ) {
     await updateThreadMembers(viewer);
   }
 
   viewer.setPlatformDetails(platformDetails);
   const { platform, ...versions } = platformDetails;
   const versionsString =
     Object.keys(versions).length > 0 ? JSON.stringify(versions) : null;
   const query = SQL`
     UPDATE cookies
     SET platform = ${platform}, versions = ${versionsString}
     WHERE id = ${viewer.cookieID}
   `;
   await dbQuery(query);
 }
 
 export {
   fetchViewerForJSONRequest,
   fetchViewerForHomeRequest,
   fetchViewerForSocket,
   createNewAnonymousCookie,
   createNewUserCookie,
   setNewSession,
   extendCookieLifespan,
   addCookieToJSONResponse,
   addCookieToHomeResponse,
   setCookieSignedIdentityKeysBlob,
   isCookieMissingSignedIdentityKeysBlob,
   setCookiePlatform,
   setCookiePlatformDetails,
   isCookieMissingOlmNotificationsSession,
 };