• f4f4f4f4f4f4f4f4@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    10
    ·
    edit-2
    9 months ago

    With Signal’s default settings, Google reads your Signal messages when they come in through push notifications.

    Correct me if I’m wrong.

    Edit: For those in doubt, last year, I started seeing content-aware auto-reply options in my Signal message notifications; that is not a function of Signal, but a function of Google’s Android. One could escape it by using a de-Googled Android like Lineage or Graphene, or by hiding the message content (which is not the Signal default) and would surely hurt Signal’s adoption, when you have to unlock the app to read each message.

    https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/

    • nsfw936421@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      12
      ·
      9 months ago

      You are wrong ;-) The push stuff is just used to signal the receiver that there is a new message. No meaningful data is sent that way. Not even an encrypted message.

      • f4f4f4f4f4f4f4f4@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        At some point, Android is reading the message to generate the quick replies that were showing in the notification. They’re content-aware and this is not a function of Signal; if someone sent me a question, there were “yes” and “no” quick replies. If someone sent that they were going to be late, there were quick replies like “That’s OK”, etc.

      • essteeyou@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        3
        ·
        edit-2
        9 months ago

        Call me paranoid, but Google owns Android. They can easily read the content of a notification as it’s displayed. They even have a Notification History app where you can see all applications from all apps.

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          9 months ago

          You’re missing the point, there’s no message content sent in the notification, there’s nothing to read.

          • essteeyou@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 months ago

            I’m not talking about the FCM message, I’m talking about Android running on your phone, where the message content is displayed to you.

    • voxel@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      9 months ago

      that’s not how push works. usually, google would only know you received a notification, but not it’s contents. that “dummy” notification wakes the app up, which decrypts and shows the real notification.
      content aware stuff runs entirely locally on your phone, so no data is sent to google (unless you have telemetry enabled, in which case the reply or action you used will be sent to google together with the next telemetry data upload)

      yes, some apps actually push the content directly through the push system, but that’s not how this is handled in most apps that handle private data in notifications.