• RaoulDook@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Thanks for bringing that info here. I was already using Signal but I was concerned about their approach to notification security when I read this news this week.

    Here’s some info I found on the reddit Signal sub, not verified but just comments:

    *All that goes through the Google or Apple push notification systems is “you’ve got a push notification.”

    It’s up to your Signal app to then wake up, contact Signal’s servers, and see what the notification was. Message content and sender identity never pass through Google/Apple push infrastructure.

    *Signal does not use google notification system is my understanding.

    For apps that do, google only gets metadata, that is not content of the message.

    2nd comment is not quite right, it does use the google notification system if you install it from the Play store. You can avoid that by installing the APK downloaded from the Signal site.

    Metadata that is unencrypted could include things that identify who the message is to or from, and the timestamps of the messages. Seems like we can only be sure the content of messages is secure, but not the metadata. >