Comment by Zak
2 years ago
It's a huge problem for both privacy and the open source ecosystem that Apple and Google mandate use of their own notification system for apps to be included in their stores.
2 years ago
It's a huge problem for both privacy and the open source ecosystem that Apple and Google mandate use of their own notification system for apps to be included in their stores.
UnifiedPush[0] seems like a great project in this area, and I wish it was implemented in more apps.
[0] https://unifiedpush.org/
I use Telegram FOSS. They refuse to use firebase for notifications, so I forever have a message in my drawer that leads to this link:
https://github.com/Telegram-FOSS-Team/Telegram-FOSS/blob/mas...
I doubt it solves much but I like to think of it as a little poke in the eye.
There were huge downsides for battery life before, and privacy is somewhat orthogonal since you’d be at risk from more companies and they’d all be subject to the same legal demands, so I think the answer has to be regulatory. In the EU, that seems possible but I’m not sure the U.S. government is currently functional enough to do anything about this.
Allowing third-party notification systems (such as UnifiedPush) would have practically no negative effect on battery life
Not to mention that people might prefer to use some more battery in exchange for more privacy
It certainly had an impact when Apple and Google shipped platform notifications because each of those systems kept the radio active.
It’s possible that a better interface could be developed but it wouldn’t help privacy unless the implementers were in different legal jurisdictions: the same government which can subpoena or NSL Apple or Google could’ve asked e.g. Urban Airship for the same details. There’s also a challenge in that each implementation is a chance to make mistakes or fail to deliver promised privacy protections, and someone in a country which isn’t the United States might have stronger privacy laws but is also a legitimate NSA target. This kind of problem just doesn’t have simple solutions.
2 replies →
And now we understand why they do that.
It is driven entirely by battery life. Android used to allow 3rd party apps to receive push notifications, and it caused battery life to be terrible compared to Apple. Forcing a single path was done for that reason.
Btw, here's the telegram team complaining about the change: https://github.com/Telegram-FOSS-Team/Telegram-FOSS/blob/mas...
Facebook abused this a bunch. https://www.theguardian.com/technology/2016/feb/01/uninstall...
Allowing other notification systems would hardly have an impact (especially when someone could replace GCM entirely with them)
And you can simply offer more battery controls, rather than general not overridable rules
This complain is nonsense. Android _still_ allows background applications, the only limitation they added in that release is that such background applications have to show a notification that they are running (actually a feature if you ask me). You are still allowed to listen on a gazillion sockets perfectly fine.
It's more problematic that some Android "skins" tend to kill background applications at random https://dontkillmyapp.com/, but at least, one cannot squarely blame Google for that one...
The "battery life" argument that that they constantly use is also a very poor excuse. Even when Conversations (the Jabber client) didn't use push notifications at all and would just listen on noisy XMPP sockets, it still had about the lowesst power consumption of all Android messaging programs, lower than Google's own push notifications client app (play services).
Certainly I might imagine that if all 1,000 adware apps your average Android user installs all needed to be wired and listening to a socket in order to receive the latest offers (all in the legitimate interest of the user, of course) you might literally run out of memory. But even then there are many solutions (such as inetd like services) that do not require centralizing everything into Google.
2 replies →
I suspect it wasn't initially designed to help enable government surveillance, but that data must have a significant dollar value to those companies.