d7
Dan 1y ago

Even if you’re using a private messaging app like #Signal:

- All your messages show up on your iPhone/Android in your notifications.

- All notifications are sent through Apple’s servers in the case of iPhone, and Google’s servers in the case of Android.

Does this mean Apple and/or Google can read all your messages?

#asknostr #privacy

Reply to this note

Please Login to reply.

Discussion

Avatar
Layerjack (Onion Knight) 1y ago

Yes. Change the settings or use a different client

d7
Dan 1y ago

Change what settings? Use what other client?

Avatar
Layerjack (Onion Knight) 1y ago

Notification settings. Try Molly.

d7
Dan 1y ago

Even if you turn off notifications, they are still being sent through Apple servers. Your phone simply doesn’t display them. So that doesn’t help.

What is Molly?

Avatar
Jon 1y ago

I imagine they cannot because messages are encrypted. However, they can see this traffic.

d7
Dan 1y ago

How does one know that the messages are encrypted such that Apple cannot read the messages?

Avatar
Jon 1y ago

I don't knowm. Because this is closed source only someone from inside can tell for sure and only if it's a trusted person.

Otherwise, get off Google and apple.

Grapheneos with zap.store and ntfy.sh

Avatar
Jimmy 1y ago

Signal is open source

Avatar
It's the jews. 1y ago

But Android and IOS are not. At least not the versions they give to the plebs.

Avatar
Jon 1y ago

Yeah, I meant store services are closed source.

Avatar
Jon 1y ago

You know what else I wonder, even if the code is open sourced how can we know that's the same code that is deployed? 🤔

d7
Dan 1y ago

On iOS, it appears to be possible to end-to-end encrypt notification payloads, so that they only get decrypted locally on the recipients device: https://stackoverflow.com/a/42073503

In that case, Apple would not have access to the message content contained in the notification.

However, do apps like Signal actually do this?

Avatar
Nacho Enthusiast 1y ago

Signal has the possibility to use its own notification service if Google Play Services are not recognized on install. It runs a background service that might consume more battery. In general:

Notifications can be e2e encrypted by the apps that send them - at least on Android (guess same for iOS). Proton does that.

However, there are reports of American agencies using their surveillance network to combine all notification data to create connections between them. That way they are able to tell who sends a message to whom (by matching exact timestamps) - even if content may be encrypted.

Avatar
Jimmy 1y ago

I'm not sure about Apple but on Android the only notification Signal gets is a "wake up" that tells it to go and retrieve a message from the server. There is also the ability to turn off displaying message content in the drop-down which I advise all to do.

So no, Google can't read your Signal messages.

d7
Dan 1y ago

This doesn’t seem to be true. Signal message contents show up in the notifications on Android.

Avatar
Jimmy 1y ago

Yes, but it's not received unencrypted. It's only displayed locally. In addition, that setting can be turned off from within Signal. See screenshot:

07
fivetwofour 1y ago

use #session or #simplex is way better than any other because it has a great feature like no personal identified information #pii no ids nothing.

Avatar
Santosh Subramanian 1y ago

I'm using Signal on Android, and the only notification I get is "you may have new messages" and this is by default.

d7
Dan 1y ago

Interesting…