Have worked with APNS in the past, and sending a message is not trivial.
Apple, rightly, have a couple of barriers in place, to prevent miscreants from hijacking it. Knowing the unique (to that application) ID to send a message to is one thing. And there's rate limiting on that API
This looks like some internal testing, given the Foo. If it's not, then there's been a breach.