Summary:
- US courts have received over 130 requests from law enforcement to access push notification data from phones, reported the Washington Post.
- This data can reveal a user’s location, device details, IP address, and more, even if they use encrypted messaging apps.
- This raises concerns about privacy, as prosecutors and foreign governments could potentially access this data for various reasons.
- While Apple and Google are promising more transparency regarding data requests, security experts highlight the potential for abuse by governments and marketing organizations.
Key Points:
- Push notification metadata includes information like the app receiving the notification, timestamp, and network details.
- This data is not encrypted and can be used to track user movements and activity.
- Law enforcement can use this data for investigations, but it also raises concerns about potential misuse by other parties.
- Experts recommend increased awareness about the information users share through push notifications and the potential privacy risks involved.
Unrelated but does android support that thing where notifications can be encrypted and decryined on device, IE getting a message from signal and having it decrypted in device so you get the actual message and not just “new message” in the notification box
Signal doesn’t encrypt notifications from what I understand. It uses Google/Apples notification system like everything else. But the notification only says “Hey, wake up!”. Then the Signal app goes and retrieves the message from Signal’s servers. That retrieval will be encrypted, but it’s outside the push notification system at the point.