7 points
Deleted by creator
permalink
report
reply
7 points
*

Curious about this too. From what I could find, for those it seems like the push is being used to wake up the app and tell it to connect to the server where it grabs the data and then creates the notification locally. Even if a bare minimum is used there is room for traffic analysis, and I imagine Google can easily tell the app being targeted for the push, but it shouldn’t mean the contents of the displayed notification are necessarily what was sent through the server. It’s hard to find info without digging because consumer-facing stuff just calls every notification a push notification.

The alternative is an app keeping a constant connection open to the server, which understandably mobile OSs don’t like. With push only the one service needs to keep an open connection to provide updates for all the apps.

permalink
report
parent
reply
19 points

For android, Google uses Firebase Cloud Messaging, basically a server that pings the phone when a notification for an app is available, which wakes the app up to receive the notification. There are alternatives but they need to be adopted by app devs for them to work.

For people running a degoogled android, they’ll notice most apps won’t receive any notifications until they open the apps since most apps rely on Google Play Services to receive a ping from FCM.

I don’t have any google play services so most of my apps don’t give me push notifications but I do have WhatsApp installed and that still receives notifications, they’re sometimes delayed by a few minutes which makes me think Meta have their own implementation/alternative to FCM but I’m not sure.

For Signal, their servers tell Googles FCM servers that you have notifications waiting on Signals servers and to wake up your Signal app so it can communicate with Signals servers to receive your messages.

WhatsApp and Signal claim/have end-end encryption on their messages but that shouldn’t matter when specifically looking at Googles FCM servers so, at most it would be meta data that could be obtained from the FCM servers.

https://jami.net/unifiedpush/ has a pretty basic explanation of push notifications on android and also showcases an alternative to FCM https://unifiedpush.org/ which has a nice little diagram about push notifications on android. Unfortunately, Unifiedpush is not widely adopted by many applications.

So there are ways to avoid Googles FCM servers on android using Unifiedpush or always having the application on in the background but for the most part FCM is used.

permalink
report
parent
reply
2 points
Deleted by creator
permalink
report
parent
reply
2 points

Never had issues with Element, Fair Email, Silence notifying me? I run LineageOS without Play.

permalink
report
parent
reply
5 points
Deleted by creator
permalink
report
parent
reply
1 point

I’m pretty sure Element stays active in the background, it may have asked you to turn off battery optimisation and have a silent notification always active. This decreases battery life which is why most apps don’t do this but it allows the app to constantly ping the server to check for new messages and is one way around using FCM.

Fair email uses https://en.m.wikipedia.org/wiki/IMAP_IDLE instead of FCM, I’m no expert and this is just my guess but it seems to also need the app to run in the background for this to work.

Silence is SMS and MMS only and so doesn’t use internet and so has no need for FCM or any alternative anyway

permalink
report
parent
reply
13 points

Just don’t use push, almost all of the privacy respecting apps have their own notifications

And also, there’s ntfy for some (hope to be more widespread)

permalink
report
reply
14 points
*

I guess that would explain the difficulties some apps face without push notifications and releasing APKs. These big companies want you to rely on their systems. Signal was pushing their app through play store. I don’t know if an equivalent exists, but it really needs to. We need this, combined with f-droid, so we don’t have to use spyware like the Play Store.

permalink
report
reply
6 points

Signal does in fact distribute an APK that isn’t dependant on Play Services/FCM on their website. Uses a websocket, so not the most elegant way I guess, but oh well.

It’s rather hidden, which I think is disappointing. But it exists. Updates itself, too.

permalink
report
parent
reply
5 points

Use Molly, its a hardened version of signal app without push notification. It uses locally notifications.

permalink
report
parent
reply
21 points

Use Molly

And wind up dehydrated in jail again?

permalink
report
parent
reply
1 point

What is that supposed to mean? Is it a reference to something?

permalink
report
parent
reply
1 point

Whoah, roll in grass, dude

permalink
report
parent
reply
5 points

What’s a little dehydration and imprisonment when you can have that afterglow, though

permalink
report
parent
reply
1 point

I’ll bring the blow pops, who’s got the Vicks?

permalink
report
parent
reply
2 points

You can have push notifications, right now there’s a unified push fork on the same Molly F-droid repository

permalink
report
parent
reply

Privacy Guides

!privacyguides@lemmy.one

Create post

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more…


Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don’t ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don’t repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

Community stats

  • 515

    Monthly active users

  • 629

    Posts

  • 10K

    Comments