Skip to main content

How does a push notification from, say, signal, end up transmitting data to google? Like, why would my phone tell a google server about an os task? Is this just my os spying on me, or does sending a push notification require transmitting data to a google server?

Does the GDPR provide any protections from os vendors collecting data about notifications?

in reply to Charles ☭ H

modulux
modulux

Ok, so for a push notification to be delivered more or less in real-time, the phone (or other browser device) keeps an open connection with the push service all the time. In Android's case the push service is called Firebase Cloud Messaging. Each application in a given device that want to deliver push stuff gets a token, and on the server-side (so this would be Signal) when it wants to deliver a push notification, it talks to Firebase Cloud Messaging, and sends the notification with that token. Then FCM, which has an open connection to the phone, delivers it. Or, if the phone doesn't have an open connection, the notification is queued until the next time it connects. So the push service acts as a sort of global intermediary for all push notifications.

I'm fairly sure GDPR applies inasmuch as push notifications contain PII, theoretically I think it would be possible to have a push notification without PII but I'm guessing this will be rare.

in reply to modulux

Peter Vágner
Peter Vágner
@modulux @Charles ☭ H Apps such as signal or element or others that are taking privacy seriously are not posting the content within the push notifications however some metadata revealing what app is being used + the time is enough to be usefull for these practices to work.
@Charles ☭ H @modulux
in reply to Peter Vágner

Charles ☭ H
Charles ☭ H

Ok, a pull notification is when signal periodically checks the server for new messages (and then vibrates my phone if there is one) and this is how virtually all online services worked for years.

Whereas a push notification is like when the mobile data network tells my phone there is a call or a new SMS.

This is the part that confused me because using push notifications for app data is weird and fundamentally not how I want online services to work, unless I really need a real-time connection like a phone or video call.

in reply to Charles ☭ H

Peter Vágner
Peter Vágner
@Charles ☭ H @modulux Frankly push notifications at least on #IOS and #Android are here for years. Apps such as messengers, social networking apps, traditionally banking apps, insurance companies, postal and transport services, delivery services, taxis, schools, shops and outlets, even some news apps have always used push notifications. Mobile operating systems are activelly dissalowing these apps to run on the background for extended period of time in order to prolong the device's battery life. Then the app vendors can leverage the platform's push notification systems to literally woke their apps from so called deep sleep in order to fetch the latest updates and generate a notification. And they are really doing it. It's a typical scenario. Monitoring ones push notifications state agencies can gather plenty of data about an individual such as what apps and services they are using, they daily routines, depending on the apps their social circles and similar.
#android #ios @Charles ☭ H @modulux
in reply to Charles ☭ H

Peter Vágner
Peter Vágner
@Charles ☭ H @modulux It's why new verbs such as degoogle have emerged recently. I have noticed this guy is posting blog articles on these topics if you are interested reading more. https://wrily.foad.me.uk/api/collections/julian
@Charles ☭ H @modulux