Comment by hammock
17 hours ago
Wait so if I do iOS setting notifications > never show previews it’s still caching them in the background? Unencrypted?
17 hours ago
Wait so if I do iOS setting notifications > never show previews it’s still caching them in the background? Unencrypted?
Yes. And technically, from a privacy perspective, it's even worse than that. What's additionally happening is they're still 'syncing' back to Apple servers via APNS (and to Alphabet servers via Firebase on Android)—even with notifications completely disabled, that's correct.
If the app generates them, the OS receives them. That's why the Signal app offers this setting.
>it's even worse than that. What's additionally happening is they're still 'syncing' back to Apple servers via APNS (and to Alphabet servers via Firebase on Android)—even with notifications completely disabled, that's correct.
Source? I don't think either OS implements notification syncing between devices, it's only one way, and as others have mentioned, the actually push notification doesn't contain any message content, only an instruction for signal to fetch and decrypt the message.
> I don't think either OS implements notification syncing between devices
iOS does. This is how you can receive Signal notifications on your Apple Watch and other Apple devices that don’t have the app installed.
> I don't think either OS implements notification syncing between devices
Can't speak for iOS and no idea if this relates to the above functionality, but Pixel lets you deduplicate notifications across Pixel devices.
This sounds correct. When I implemented push notifications for an iPhone application, I remainder needing to obtain a store a separate token for each device a user has, and subscribing to a feed of revoked delivery tokens. Seemed like an interesting design intended to facilitate E2E encryption for push notifications.
I do wonder how notifications that are synced/mirrored to the Apple Watch and newer versions of Mac are handled.
Wait... why does Signal need to send notification content to Firebase to trigger a push notification on device? I would instead expect that Signal would send a push to my Android saying nothing more than "wake up, you've got a message in convo XYZ", then the app would take over and handle the rest of it locally.
I also didn't realize that Android stores message history even after I've replied or swiped them away. That's nuts - why!?
Signal does NOT send notification content througth APN/Firebase, their push notification is literaly a ping as you expected.
Source: https://mastodon.world@Mer__edith/111563866152334347 (Meredith Whittaker is the current CEO of Signal)
I can't link you rigth now to the actual code on their repo but it is verifiable.
2 replies →
If your app needs to send a notification while it's not currently a running process, it must go through Firebase on Google's side and APNS on Apple's side. There is no way for a non running app to send a notification entirely locally, this is by design of both companies.
18 replies →
Android doesn't store message history unless you explicitly enable that feature and neither does Signal send message content to Firebase.
You're angry about a huge amount of outright misinformation here.
Any idea if this works the same or differently for Hidden apps specifically?
Normally no notifications are shown for hidden apps, and even if you unhide the apps, prior notifications which were sent do not reappear IIRC. I'm curious if notifications like that are still hitting the phone into the notifications database, or get silently dropped, or something else.
With notifications disabled APNS push notifications fail for the sending app backend. The device id is rendered invalid if push notifications are disabled at any point. Backends are supposed to handle this and quit sending messages.
Signal has this setting to tell the backend how much information to put into the push message. It can tell the backend to send a simple notification saying “new message” and not send information through APNS or enable it.
I am willing to bet Signal has a notification extension to handle edge cases where there is lag in settings to scrub the message metadata before it dings a screen alert.
Sad to think there is a PostIt note somewhere in Virginia and written on it is a box labelled Signal, with an arrow pointing to a box labelled Apple servers, followed by a smirking smiley face pointing between the boxes with the message “encryption added and removed here”
yes, since apple doesn't control the content of the pushes it is sent by application backends. that can only be controlled within each app