653
FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database
(www.404media.co)
this post was submitted on 09 Apr 2026
653 points (99.4% liked)
Technology
83695 readers
3329 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It always bears repeating, push notifications are not private, neither for Android, GrapheneOS, nor iOS, even if you use end-to-end encryption. If you are privacy conscious, you should either use settings to hide sensitive data from push notifications or turn them off altogether.
this is not about push notifications. signal is smart enough to not send your texts to firebase
but wait a minute! I just remembered something.
isnt it that they couldn't even send you the plain text message itself through push, because only your device can decrypt it?
If you turn off notification history on Android, should be enough to avoid such "attacks". Hiding sensitive content inside notifications only hides it in the lock screen. If your OS keeps a clear log of them, it's useless.
Edit: didn't know Signal actually has settings to hide their own notifications. I was thinking about Android's "hide sensitive content" setting.
Notifications go through FireBase Cloud Messaging (FCM) on Android. They bounce off a Google server. Even from local, on-device apps.
Same with iOS.
They can read and store every one of them, and you don’t control the encryption keys.
But they only instruct Signal to wake up and download whatever is waiting. They don't contain the message contents.
Signal only sends a "new message, retrieve the rest from Signal" ping to your phone through Firebase. It doesn't contain message details, just that you have a new message.
By not having Google Play Services, isn't this prevented?
If you don't use Google Play Services, you don't get push notifications, so yes. Libre reimplementations of Google Play Services such as Gapps etc. or alternative push notification providers do not circumvent this issue, except possibly self-hosted push notification providers. This approach is really rare though and limited generally to very few apps.
I don't use Play Services and still get push notifications from Signal, so they're clearly using an alternative implementation.
You might be getting pull notifications, that's generally the workaround for push notifications being disabled - it generally increases battery usage because it forces the app to stay open in the background.
websocket based push notifications is still called push notifications in signal. this is the first time I hear the term "pull notifications", I don't think it's widely used.
Molly supports unified push
That would make sense.
This is about a history of notifications locally on the phone.
This is implemented outside of gms at least on my rom, and in the past I have also installed a separate app to do the same.
If you log your notifications ... that log can leak your notifications.
Yes, I know! Sorry for the confusion, I just wanted to take the opportunity to raise awareness about a privacy issue that lots of people aren't aware of
Is this true if you don't have Google Play Services but the person you're messaging does? Is one person cutting GPS out enough?
The message you send them would probably go through as a push notification to them, but the message they send you wouldn't.
If I turn off notifications on my end, does the other person still generate a push notification when they send me a message, even if I never receive it?
Edit: Sorry, I think I misunderstood your question. If you don't have Google Play Services enabled but your friend does and messages you, no, a push notification won't be sent, but if you message them, one will be sent to them.
I thought you were asking if you just disabled notifications on your phone if that would prevent push notifications from being sent. I'll leave my original answer in case someone else has that question.
It depends on what exactly you mean, but usually not. If you mean in your phone's notifications management settings, that does not affect the push notifications being sent to Google/Apple servers, that's just a local setting to decide how your phone handles it.
Some apps, though rarely, allow you to disable push notifications from being sent. If it exists, this is inside a settings screen in the app itself or on the app provider's website somewhere. Generally, only privacy-conscious apps provide such settings.
So how does it decide to generate a push notification or not?
To send you a push notification, an app requires a special token specific to that app and your device, kinda like an API key, which can only be generated for a device using Google Play Services. Without that token, a push notification cannot be sent. These tokens expire, so if you used Google Play Services and just turned it off, push notifications will still get sent into the ether - but never delivered - until the token expires, at which point notifications can't be sent anymore. Badly developed apps might still try to send push notifications with expired tokens, I have no idea what Google servers would do with that, but I'd guess they would just discard it immediately.
Notification logging is usually done by some other part of android as far as I know. GMS is the typical way to deliver notifications and is a far more serious privacy concern, since it also directly passes googles servers and is not encrypted. However as others mentioned, signal does not send contents there, message notifications with the message contents stay on device.
@4am @MrSoup wtf
I'm actually talking about sensitive data on Google/Apple hosted servers, as well as on the phone itself!
That depends on your definition of private.
A push notification is pretty much just a ping that wakes up the app that is supposed to show you the notification. There usually isnt much data in that ping, so the only thing the Google firebase servers (or whatever other backend solution you use) see is a timestamp and an app. If you then disable Notification historie (default is off bzw on GraphenOS) there is no other data stored anywhere.
That's metadata that every single chat service has, no matter if its E2EE or not, because that's the bare minimum they need to transmit anything at all. If that already isn't private for you then you'd have to stop using the internet or phonecalls entirely and go back to carrier pidgeons.
It depends on the app. Some apps do (or can be configured to) indeed send "empty"/blank notifications which just notify you that you've received a new message from an app, but not from whom, or what the message contains.
However most apps by default will contain more data, such as who the message is from, and some/all of the sent message body.
This is immediately disprovable by anyone who has ever implemented push notifications on Android
I am no Android developer, but can't the push notification payload be encrypted?
https://firebase.google.com/docs/cloud-messaging/encryption
A better question is if Signal does this already.
Signal doesn't send anything in the payload. They just use it to wake the phone up and then download all messages that are waiting to be delivered through the usual encrypted means. All Google knows is that something happened at that time. They don't know anything else.
No, push always leaks metadata to Google. Use molly (signal fork on fdroid) and unified push instead.
So it'll use TLS encryption, meaning that others on your network won't be able to snoop it, but not end-to-end encryption, so Google/Apple servers will see the plaintext of the push notification content.
This is a limitation of the specific implementation of how push notifications work. End-to-end encrypted push notifications would be technically possible but it would require Apple/Google to make it possible. Developers can't implement it without getting you to run some services yourself, either self-hosted or a long-running background process on your phone, which would be a battery drain.
The link you shared isn't really relevant to push notifications specifically.
The best happy medium we can get is to send empty/blank push notifications, which some apps including Signal offer as an option, but you often need to set it that way in the settings. I think Signal does that by default, but very few apps do.
Not true.
The push notification for most messengers is a ping with little to no data in it, telling the app to grab messages directly via TLS. That's how e2e works with push.
As I wrote elsewhere:
I'd disagree with "most messengers" doing that, in my experience, most don't do it by default. Signal is a pretty rare exception to do so by default.
What messenger doesn't? Signal, WhatsApp, Matrix, Snapchat, Discord, Telegram, etc. I'd say "most" is pretty accurate. No idea what Wechat does, but that's a whole different story.
Also not true. What you "see" could have been retrieved post-notification, as described in the message you responded to. What you see has nothing to do with what goes through the push service and is a full technical inacurracy.
I don't know about others, but Mattermost sends everything by default. first to mattermost's server, then from there to firebase/apple. there's a setting to not send message body, but it's not set by default
Hmm, does that mean "most" since it... matters most? Eh? Eh? Ehhhhhhh?
https://docs.mattermost.com/administration-guide/configure/push-notification-server-configuration-settings.html#id-only-push-notifications
Yea not sure why they don't do that by default since they claim they are a Slack competitor. You'd think a corporate entity would want that.
Wdym push notifications are not private on Graphene??
If you use GrapheneOS with push notifications, after enabling Google Play Services, those push notifications are relayed through Google servers. Most apps will include message sender and text in the push notification, meaning that data will pass through Google servers and they can read it.
If you are a GrapheneOS user and leave Google Play Services disabled - which they are by default - you have nothing to worry about, but notifications are generally delayed and use more battery as a downside.