TLDR: signal content in Apple notification can be retrieved even after signal app deletion.
I saw from this reddit thread: Signal messages retrieved from iPhone after uninstalling app. : signal
Referencing this news article: Pretti Killing May Affect ICE Prairieland “Antifa Cell” Terrorism Trial
The mention of signal is in court documents here: March 10: Federal Trial Day 12 - Support the Prairieland Defendants
Signal chat evidence from Sharp’s device (Exhibit 158):
Messages were recovered from Sharp’s phone through Apple’s internal notification storage — Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).
That’s my biggest issue with notifications. Notifications should just notify you that something happened and you need to open the app to find out. Carrying actual data ON the notification is a no-no.
But what do I know, I’m an old developer not one of these modern vibe kiddies.
A notification doesn’t have to carry any data in its payload; Signal devs could take care of that.
Signal has supported this for many years. Users can choose full content notifications, name only, or no-content notifications.
I believe what’s in the payload is not the same as what the user chooses to see. That is, it’s sent no matter what but the user can set what’s visible on the lock screen. I could be wrong though.
That’s a separate OS setting. Signal itself has its own setting for which content is actually sent in the notification.
Why do you so confidently assert things which you do not know but merely believe without checking?
Did I not qualify it by saying I could be wrong? What is so confident about that? Jesus Christ, nobody asked you.
Honestly I have a much much much MUCH MUCH bigger issue with the fact that it is an American and Centralised service.
FBI still can’t access it though.
Is there a good decen e2e messenger not in the US? Would love an alternative.
But Apple told me in an ad that they’re better for privacy?!?
And you believed that?? Do you also believe Micro$lop when they tell you that Windows is the best OS?
here on lemmy we interpret obvious sarcasm as sincerity
I know. I usually include the tone indicator, but I forgor. Also it’s not quite sarcasm. More a rhetorical question.
Basically, they didn’t do this:
(I’m on Android, so I don’t know what the options look like in iOS, but they should be identical.)
They shouldn’t have had to do this though.
there’s a lot of things under fascism that shouldn’t be needed
Thank you internet stranger. I’m going to do this but fuck me if I can get my family to change their settings. They don’t even know they can create a poll.
Don’t ask me. I made all of you admins do I don’t have to answer questions like how do I make a poll. Click the + button. Yeah. The one on your fucking screen right now.
No grandpa. We are not trying to figure out who is trans. No popop none of are naxies (I hope)
Anyway, click the +. Right there. That is how you create a poll.
They are similarIt would be nice if Signal let you do this per conversation.
It’s sort of a victim of its own success, I use it for both things that do and don’t require opsec
I imagine that the signal devs viewed it as a similar concern as when you mistype your password the error message doesn’t give you any way to know if the password is wrong or if the account doesn’t exist.
If only some of your notifications are sanitized then those are the suspicious ones. If all of your notifications are sanitized then none of them are suspicious. Or, at least, they’re all equally suspicious, opaque, and unidentifiable.
and on some level it’s important for good opsec that things that don’t require opsec be done with good opsec
You also don’t need to do this on Android unless you are concerned about random people seeing the messages on your screen. Signal on Android does not use Google’s push notification service
as far as i know signal uses Google’s notification service and if you want it to not you need to use Molly
Signal on Android does not use Google’s push notification service
Source? I’m pretty sure it falls back to a different mechanism when it doesn’t find google services. And that is only on the version downloaded from their website.
You most certainly do. I looked in my notification history in my founding of signal messages.
Then I turned off my notification history.
It’s not about how it’s pushed. It’s how it’s displayed (and stored) on the phone.
It’s both. Governments have started subpoenaing the push notification servers for data, instead of targeting individual devices. That little pop-in that says who the message was from, and maybe a little bit of the body of the text? Yeah, the push notification server handled that, and the government has access to that server. So any notification you see on your screen, you can be pretty positive that the government has also seen.
But this is about the notification data being stored in a part of the phone that isn’t encrypted. Signal is (or at least claims to be) E2E encrypted, so it shouldn’t be possible for a warrant to get access to the messages in the app. But since the phone is storing those notifications in a separate area (which isn’t encrypted), the warrant was able to read them.
The point is that there are two different attack vectors, and you should harden your device against both.
This doesn’t make sense as the whole phone is encrypted. Do what magical unencrypted space is it stored. The push notification server yes that is an issue
if your whole phone is encrypted this likely doesn’t apply to you so long as you have a strong passpharse (6 characters or more) and a good data shredding policy (shred after 5 wrong guesses)
however, that is not most people
Source? I am not seeing anything about that. The only problem I have seen on Android is when applications use firebase for notifications, which is most play store apps to be fair, just no FDroid apps or some privacy preserving apps
Android Settings>Notifications>History. If this is on, you can clearly see past Signal notifications, including sender name and message preview (if you enabled those in Signal). I don’t know whether there is any ‘hidden’ history/cache that is stored even with notification history disabled.
I know about the setting. Why are you saying that information is sent to Google’s servers? As far as I have found, that information is only stored locally on your phone
Edit: If this is just about the fact it’s on the phone locally, of course if they have your actual phone they can see it. Signal is end to end encrypted, but it isn’t go to be encrypted on each end, otherwise you couldn’t read messages. Them getting your actual phone is very different from them intercepting the communication without you knowing
Read the original story. This whole thing is about retrieving data from the phone itself, not from Apple or Google servers.
Gotcha. I misunderstood. I didn’t think it would be just that, because of course if they have your phone they have the contents. Signal encrypts end to end, but if they have the end device of course it isn’t encrypted.
The issue is that even if a message is deleted, message content can be retrieved through notification history.
So you are telling me an app is encrypting the shit out of every message so it can secretly delivered to another person. An then the persons phone decrypts the message and broadcasts it to an apple server, so it can get send back and make the phone go ‘ding’?
Shouldnt the notification be handled inside signal somehow, so this is the only app with the decrypted message?
What is next, everything from my ram needs to go through google servers to be transmitted to my display?
The Signal server would send a backend notification to the client app via the Apple Push Notification Service. The app is then able to wake up, at which point it fetches new messages (securely) from the Signal servers. The app then generates a local notification with a preview of the received message. iOS is then logging those messages.
I learned about this a couple of months ago and I’ve since disabled previews in notifications. It’s unfortunately the nature of how notifications are delivered to you. You should be fine by disabling message previews in your notification settings.
Yup,
https://www.privacyguides.org/articles/2022/07/07/signal-configuration-and-hardening/
Among other things
I think on android, signal do not use Google’s push notification. They simple send a dummy push, and the signal app wakes up to retrive the latest message directly from signal server.
So Google never have your notification content. I am not sure if they do the same on iOS.
That being said if your attack model includes people reading your notification lock screen, then you should disable showing signal notification.
I think on android, signal do not use Google’s push notification.
Source?
The message preview notification is handled similarly in IOS and Android. The issue isn’t people seeing the notification, it’s that the content of the message being passed to the phone’s launcher. Which is unencrypted.
Does that actually prevent the app from sending the content through Apple’s servers or does it just prevent iOS from showing it in the notification area?
The only way apple is seeing it is when the notification is displayed. It only sees the contents of the notification itself. So it would still see who sent you a message, but it wouldn’t say what it was
It’s worth noting apps can avoid this on Android: https://tuta.com/blog/google-push-alternative#alternatives-to-google-push
Any FDroid app cannot use Firebase for push notifications since it’s proprietary: https://forum.f-droid.org/t/firebase-allowed-in-fdroid-apps/7540
It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.
It’s because the system saves the notifications apps posted to the notification menu.
but yes. don’t use firebase push notifications if you can avoid it. use a unifiedpush based system. base signal app does not support it, only molly. there are some difficulties though with that that are unique to signal.
This has been done before and is already pretty well known.
When I saw it hit the news before, it was because they were reading notifications off Google servers, which contained at least part of the message. Not because they were reading the device’s notification history.
That’s true. Technically it’s different. The end result is kind of the same though.
This is not always the same on Android. Any app from FDroid will not use Google’s push notification service because it is proprietary, meaning it violates the rules for FDroid. Signal does not use Google’s notification service
Signal is not on the official f-droid repo. Signal devs are very much against it.
https://forum.f-droid.org/t/signal-on-f-droid/13742/39
Signal does not use Google’s notification service
This keeps being repeated in this thread unprompted and without source, are you guys trying something?
I’m pretty sure Signal has two builds: one with Google service and one without.
It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.
It’s because the system saves the notifications apps posted to the notification menu.
It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.
Is is 100% because of firebase. Here is an example payload from firebases official document:
{ "message":{ "token":"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P1...", "notification":{ "title":"Portugal vs. Denmark", "body":"great match!" } } }https://firebase.google.com/docs/cloud-messaging/customize-messages/set-message-type
Notification history is purely local to the device. It is not sent to any servers.
that is the documentation of firebase, not signal. firebase just shows a common example there that is easy to implement for beginners and lazy devs. but developers can send whatever they want through firebase. I wouldn’t be surprised if that’s what facebook messenger is doing, but if a developer cares about their users privacy, they can just send a simple message through firebase, and make the app so that when receiving that, it checks for new messages by itself.
this is what the molly fork does with unifiedpush. the UP server, commonly ntfy.sh, only sees that the mollysocket server sent this to your molly client:
{"urgent": true}Notification history is purely local to the device. It is not sent to any servers.
I did not claim so. but when your phone is confiscated, it’s possible to read that out
Why are you using an example molly client using unified push on a post about Signal?
Signal isn’t molly and cannot unified push at all.
Can you point to signal source code with this implementation?
Notification history is purely local to the device. It is not sent to any servers.
Yes the notifications were retrieved from the phones local storage. Firebase was not involved in anyway.
Well, of course. All notification contents go through Apple’s servers (or Google’s in case of Android).
Not all, no. There are alternatives on Android:
The good news is that alternative methods for push notifications are available, namely SSE (Server Sent Events) and WebSockets.
Additionally, a new open source project, UnifiedPush is becoming increasingly popular. UnifiedPush is an open source, private alternative to Google for notifications.
https://tuta.com/blog/google-push-alternative#alternatives-to-google-push
Signal for android uses web sockets for notifications
Signal for android uses web sockets for notifications
Only in absense of google play services.
Source: https://github.com/signalapp/Signal-Android/issues/13290#issuecomment-1848588865
Why would a notification need to leave my device at all?
Because it’s FAANG
A lot of notifications originate off your device.
It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.
It’s because the system saves the notifications apps posted to the notification menu.
As I already replied om one of your other comments:
It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.
Is is 100% because of firebase. Here is an example payload from firebases official document:
{ "message":{ "token":"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P1...", "notification":{ "title":"Portugal vs. Denmark", "body":"great match!" } } }https://firebase.google.com/docs/cloud-messaging/customize-messages/set-message-type
Notification history is purely local to the device. It is not sent to any servers.
my reply on another thread: https://sh.itjust.works/comment/24730726
Added the full content of the original post to the body of this thread.
