Comment by seanw265
2 years ago
I'm not so familiar with Signal, but could you explain why you would expect Signal notifications to happen out-of-band with normal push notifications?
Assuming Signal sends push notifications of some sort, as most messaging services do, that would make them vulnerable to the metadata-level attacks described in this thread.
What kind of "out-of-band" are you thinking of that would mitigate this issue?
Why: because otherwise the service, which is supposed to be private, is no longer private.
I dunno how it would work, maybe something like a third-party push? Why does everything have to be channeled through central service? A service like Signal could operate its own push channel.
Notice how SimpleX (https://simplex.chat/) has no push notifications by default because of this issue.
Apple doesn't support any third-party push platforms, and they are restricted on Android to preserve battery life.
Not using APN I assume, but then you are not allowed(or rather won't pass the review) to publish the app in the App Store.