The case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.
Signal doesn’t send anything in the payload. They just use it to wake the phone up and then download all messages that are waiting to be delivered through the usual encrypted means. All Google knows is that something happened at that time. They don’t know anything else.
So it’ll use TLS encryption, meaning that others on your network won’t be able to snoop it, but not end-to-end encryption, so Google/Apple servers will see the plaintext of the push notification content.
This is a limitation of the specific implementation of how push notifications work. End-to-end encrypted push notifications would be technically possible but it would require Apple/Google to make it possible. Developers can’t implement it without getting you to run some services yourself, either self-hosted or a long-running background process on your phone, which would be a battery drain.
The link you shared isn’t really relevant to push notifications specifically.
The best happy medium we can get is to send empty/blank push notifications, which some apps including Signal offer as an option, but you often need to set it that way in the settings. I think Signal does that by default, but very few apps do.
I am no Android developer, but can’t the push notification payload be encrypted?
https://firebase.google.com/docs/cloud-messaging/encryption
A better question is if Signal does this already.
Signal doesn’t send anything in the payload. They just use it to wake the phone up and then download all messages that are waiting to be delivered through the usual encrypted means. All Google knows is that something happened at that time. They don’t know anything else.
No, push always leaks metadata to Google. Use molly (signal fork on fdroid) and unified push instead.
So it’ll use TLS encryption, meaning that others on your network won’t be able to snoop it, but not end-to-end encryption, so Google/Apple servers will see the plaintext of the push notification content.
This is a limitation of the specific implementation of how push notifications work. End-to-end encrypted push notifications would be technically possible but it would require Apple/Google to make it possible. Developers can’t implement it without getting you to run some services yourself, either self-hosted or a long-running background process on your phone, which would be a battery drain.
The link you shared isn’t really relevant to push notifications specifically.
The best happy medium we can get is to send empty/blank push notifications, which some apps including Signal offer as an option, but you often need to set it that way in the settings. I think Signal does that by default, but very few apps do.