With Signal’s default settings, Google reads your Signal messages when they come in through push notifications.
Correct me if I’m wrong.
Edit: For those in doubt, last year, I started seeing content-aware auto-reply options in my Signal message notifications; that is not a function of Signal, but a function of Google’s Android. One could escape it by using a de-Googled Android like Lineage or Graphene, or by hiding the message content (which is not the Signal default) and would surely hurt Signal’s adoption, when you have to unlock the app to read each message.
You are wrong ;-)
The push stuff is just used to signal the receiver that there is a new message. No meaningful data is sent that way. Not even an encrypted message.
Call me paranoid, but Google owns Android. They can easily read the content of a notification as it’s displayed. They even have a Notification History app where you can see all applications from all apps.
At some point, Android is reading the message to generate the quick replies that were showing in the notification. They’re content-aware and this is not a function of Signal; if someone sent me a question, there were “yes” and “no” quick replies. If someone sent that they were going to be late, there were quick replies like “That’s OK”, etc.
that’s not how push works. usually, google would only know you received a notification, but not it’s contents. that “dummy” notification wakes the app up, which decrypts and shows the real notification.
content aware stuff runs entirely locally on your phone, so no data is sent to google (unless you have telemetry enabled, in which case the reply or action you used will be sent to google together with the next telemetry data upload)
yes, some apps actually push the content directly through the push system, but that’s not how this is handled in most apps that handle private data in notifications.
With Signal’s default settings, Google reads your Signal messages when they come in through push notifications.
Correct me if I’m wrong.
Edit: For those in doubt, last year, I started seeing content-aware auto-reply options in my Signal message notifications; that is not a function of Signal, but a function of Google’s Android. One could escape it by using a de-Googled Android like Lineage or Graphene, or by hiding the message content (which is not the Signal default) and would surely hurt Signal’s adoption, when you have to unlock the app to read each message.
https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/
You are wrong ;-) The push stuff is just used to signal the receiver that there is a new message. No meaningful data is sent that way. Not even an encrypted message.
Call me paranoid, but Google owns Android. They can easily read the content of a notification as it’s displayed. They even have a Notification History app where you can see all applications from all apps.
You’re missing the point, there’s no message content sent in the notification, there’s nothing to read.
I’m not talking about the FCM message, I’m talking about Android running on your phone, where the message content is displayed to you.
At some point, Android is reading the message to generate the quick replies that were showing in the notification. They’re content-aware and this is not a function of Signal; if someone sent me a question, there were “yes” and “no” quick replies. If someone sent that they were going to be late, there were quick replies like “That’s OK”, etc.
that’s not how push works. usually, google would only know you received a notification, but not it’s contents. that “dummy” notification wakes the app up, which decrypts and shows the real notification.
content aware stuff runs entirely locally on your phone, so no data is sent to google (unless you have telemetry enabled, in which case the reply or action you used will be sent to google together with the next telemetry data upload)
yes, some apps actually push the content directly through the push system, but that’s not how this is handled in most apps that handle private data in notifications.
Or… And hear me out, Molly FOSS with Unified Push notifications. Problem solved!
I’m looking in to this, thank you!
Edit: Molly (UnifiedPush) isn’t something I can reasonably expect friends and family to set up.