“App developers can encrypt these messages when they’re stored (in transit they’re protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted.”
“App developers can encrypt these messages when they’re stored (in transit they’re protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted.”
The fix would be very easy. Just don’t store that data. But Google and Apple obviously want that data for themselves as well, for advertising.
deleted by creator
I already explained how the whole push notification thing works in this comment. If you’re using a degoogled phone, you’ll be fine. MicroG has the option to use Firebase but you need to be logged in with a Google account, enable device registration and enable cloud messaging for it to use it. Google has the data about when you got a push notification from what app since it goes through their server and the app developer can obviously log the notification data from their app.
deleted by creator
I don’t like Google either but this design makes perfect sense. There’s a reason UnifiedPush works the same way. It sucks that you can’t choose a different server but that’s just how Google does things.
deleted by creator
If you have a better way to do this, I’d really like to hear it. Also, what additional features are you talking about?
deleted by creator
Apps running in the background was how it was done before but it drained a lot of battery, which is why it’s done this way now. Even KDE is implementing UnifiedPush. Things like the Firefox progress bar notification also don’t use this system at all.
The fix would be different - not have it go through “someone else’s computer”. Whenever “someone else’s computer” is involved, you should just assume they log everything. Even if they don’t do it and don’t want to - they can be silently made to do so.
But there’s also UnifiedPush. If apps used that, you could just selfhost that server. A lot of open source apps do use it. I, for example, have a phone with MicroG and I didn’t enable cloud messaging. I also have a Nextcloud server, where I installed the UnifiedPush provider and I use NextPush on my phone as the UnifiedPush app. Works great and that way a lot of apps I have don’t need to run in the background constantly.