Comment by acdha
2 years ago
Others have mentioned the timing attacks but also payloads are not encrypted unless the app developers remember to build that. This linked essay discusses both threats:
https://blog.davidlibeau.fr/push-notifications-are-a-privacy...
Thank you I was wondering about that. A couple of days ago I heard somebody mention that push notifications go through the backend and that it was a huge privacy issue, and I just couldn't believe that messaging apps that are "encrypted" would go through all that work just to then send the unencrypted message to Google's servers