Summary:

  • US courts have received over 130 requests from law enforcement to access push notification data from phones, reported the Washington Post.
  • This data can reveal a user’s location, device details, IP address, and more, even if they use encrypted messaging apps.
  • This raises concerns about privacy, as prosecutors and foreign governments could potentially access this data for various reasons.
  • While Apple and Google are promising more transparency regarding data requests, security experts highlight the potential for abuse by governments and marketing organizations.

Key Points:

  • Push notification metadata includes information like the app receiving the notification, timestamp, and network details.
  • This data is not encrypted and can be used to track user movements and activity.
  • Law enforcement can use this data for investigations, but it also raises concerns about potential misuse by other parties.
  • Experts recommend increased awareness about the information users share through push notifications and the potential privacy risks involved.
  • JackGreenEarth@lemm.ee
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    3
    ·
    9 months ago

    Why is this connected to the Internet? Aren’t the notifications coming directly from the app, why do they need to be connected to a server?

    • Fisch
      link
      fedilink
      English
      arrow-up
      30
      ·
      9 months ago

      If every app on your phone was constantly running and asking the server for new messages, it would drain a lot of battery. That’s why phones instead use a single app that asks a notification server if any new notifications are there. The way it works is if you e.g. get a WhatsApp message, the WhatsApp server tells the notification server that you have a new message, then when the notification app asks that server for new messages, the server will tell it that there’s a new WhatsApp notification. Then the notification app wakes up WhatsApp and tells it there’s a new notification, then WhatsApp checks for new messages and shows you the notification.

      Most apps use Apple’s system (whatever it’s called) on iOS or Google’s Firebase on Android for that. There are also apps that let you use the open standard UnifiedPush, which let’s you use any notification app or server you want.

      • michael_palmer@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        9 months ago

        I don’t have Google services and no apps with Google Firebase notifications. I don’t see any battery draining issues.

        • Miss Brainfarts@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          15
          ·
          edit-2
          9 months ago

          Depends on a lot of factors, maybe you’re regaining that battery life elsewhere. But it is fact that several apps all doing their own thing will drain more battery than if they all relied on a single service like Firebase or UnifiedPush to wake them up

          • michael_palmer@lemmy.sdf.org
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            4
            ·
            9 months ago

            I haven’t found a study that gives exact numbers. Maybe the difference in battery consumption will be 0.5%)

      • Rodeo@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        ·
        9 months ago

        How does the notification daemon in Linux work? It’s all local and has been around for ages, why can’t we do that?

        • Fisch
          link
          fedilink
          English
          arrow-up
          8
          ·
          9 months ago

          The applications just run in the background the whole time. KDE was working on implementing UnifiedPush in Plasma but I don’t know if it’s already implemented or still in the works.

    • treadful@lemmy.zip
      link
      fedilink
      English
      arrow-up
      15
      ·
      9 months ago

      Push notifications all go through Google/Apple systems. The apps backend systems sent the notifications to them, who push them to your phone.

        • marty_relaxes@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          17
          ·
          9 months ago

          Not all notifications go through FCM but all push notifications do as far as I’m aware - which is what the previous comment and the post title are talking about.

          It is, in fact, worrying for privacy implications on the one hand and a real monopolizing factor on the other since if you wish to deliver an app which needs to implement such notifications you’re using Google’s service or constantly drain the user’s battery.

          There’s UnifiedPush which tries to provide an open alternative but so far unfortunately still sees very little adoption.

          • luves2spooge@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            ·
            9 months ago

            Yeah, that’s fair. Push notifications by definition come via the internet. Push and local notifications are indistinguishable to the user

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      18
      ·
      9 months ago

      Time to put pressure on Apple to allow other push providers and Google to open push providers interface.

      Even better, to make other systems than iOS and Android being able to exist.

      • cmbabul@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        9 months ago

        At this point I’m so irritated that I’ve had it with all the big tech companies and their proprietary horse shit, break up Apple, Google, Microsoft, Meta, Amazon, ISPs, and all the ones I’m forgetting, turn the service side of them into public utilities like they should be. Fuck em

  • skymtf@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    9 months ago

    Unrelated but does android support that thing where notifications can be encrypted and decryined on device, IE getting a message from signal and having it decrypted in device so you get the actual message and not just “new message” in the notification box

    • 🦄🦄🦄@feddit.de
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 months ago

      Its not about the content of the messages, which csn indeed be encrypted but instead about the metadata of the notifications.

    • dracs@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      9 months ago

      Signal doesn’t encrypt notifications from what I understand. It uses Google/Apples notification system like everything else. But the notification only says “Hey, wake up!”. Then the Signal app goes and retrieves the message from Signal’s servers. That retrieval will be encrypted, but it’s outside the push notification system at the point.