• gregorum
    link
    fedilink
    English
    arrow-up
    30
    ·
    edit-2
    11 months ago

    it’s up to individual app developers to encrypt the data in their push notifications. as for the data about the notifications (the metadata stored on Apple’s/Google’s servers), that could end up being potentially useless if it were just a block of timestamped and encrypted data sitting on Apple’s or Google’s servers. Presently, that data often also includes the full notification contents, unencrypted.

    But when those companies get a court order/subpoena, they have no choice but to cooperate.

    edit: for clarity

    • towerful@programming.dev
      link
      fedilink
      English
      arrow-up
      20
      ·
      11 months ago

      The metadata is actually quite important.
      Sure, chances are it’s a “pending WhatsApp message” notification, but not the actual contents of the message.
      However, with enough metadata and by surveying traffic from WhatsApp data centers, someone could see User A accessed WhatsApps service, which generated a WhatsApp notification for User B.
      That might just be a coincidence, but with enough data and time, the probability that User A is talking to User B can be increased.
      If it also shows that Users C, D and E also get notifications at the same time, it is likely that all those users are in a group chat together.
      It’s called a timing attack.
      And perhaps it isn’t enough evidence to stand up in court, it can help build the profile of the users, and guide investigations to other possible accomplices.

      • gregorum
        link
        fedilink
        English
        arrow-up
        6
        ·
        11 months ago

        I realize that sometimes metadata can be aggregated in nefarious ways. sometimes, however, it’s useless. currently, however, it contains all of the unencrypted contents of the notification itself, not just the metadata, and my point is that’s it’s better to take the step of encrypting the notifications themselves to at least protect that data.

    • Steve@communick.news
      link
      fedilink
      English
      arrow-up
      5
      ·
      11 months ago

      But why would a copy of the notification history exist outside of the phone itself? I can’t think of a reason why notifications should be collected at all.

      • Railcar8095
        link
        fedilink
        English
        arrow-up
        7
        ·
        11 months ago

        Imagine you have 20 apps that can send receive notifications from remote (messaging apps, offers, updates…). That would require each app to be active in the background and pulling updates. That’s a massive battery drain.

        Instead, the apps send the notifications to Apple/Google, and the OS checks for all of the apps. The apps don’t need to be awake (the OS could show the notification or wake the app) and there’s only one service checking for the ml notifications.

        It’s a massive oversimplifying and probably I made some mistakes, but that’s my understanding. Hopefully somebody can correct me.

        • Steve@communick.news
          link
          fedilink
          English
          arrow-up
          4
          ·
          11 months ago

          Apparently that’s how it works.

          I’d imagine a notification service on the phone that can receive or pull from all the various sources on behalf of the apps installed. That way the app servers don’t need to hand the data to Apple/Google servers. It just seems like an extra step.

          • pup_atlas@pawb.social
            link
            fedilink
            English
            arrow-up
            3
            ·
            11 months ago

            By doing it that way, you are all the sudden generating tens, if not hundreds of requests per minute to grab notifications for every platform and service, rather than just the one. With a unified approach, the phone can wake up in the background every 5 minutes and ping Google to ask for notifications. If everyone did it individually, your phone would never be able to go to sleep, and would CONSTANTLY be sending out requests to random servers. That also brings up security concerns, since you can get a vague idea of location data from a request, any app that can send notifs can soft track users. They would also open the door for one to be compromised, and send malicious info much easier than it would be to do thru Google. All around, its just a worse solution to the problem with one very small benefit.

          • Railcar8095
            link
            fedilink
            English
            arrow-up
            1
            ·
            11 months ago

            Well, the problem is that every would need to have their own server with notifications waiting to be pulled (imagine your phone goes offline) and they need to be beefy enough to answer potentially thousands of requests per second. Almost impossible for small devs.

            There’s also additional battery need, as it’s many calls and payloads, and if a server is slow it can affect all the other notifications. Plus more area of attack.

            Not impossible, but I don’t think it’s the direction things will go.

      • gregorum
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        there’s a lot of different reasons why it might exist, depending on how the app or service work. some might have no data history, some might have a lot with a long footprint. some apps/services may benefit from rethinking how their app/services handles/routes this data.

        it’s complicated.

        • Steve@communick.news
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          11 months ago

          That makes some sense for an individual app collecting its own history.

          Apple or Google collecting all notifications seems like data collection for its own sake, with no real useful purpose.

          • gregorum
            link
            fedilink
            English
            arrow-up
            2
            ·
            11 months ago

            oh, I se the misunderstanding— you’re confusing simple on-device app notifications with notifications using the Push service, which actually requires being sent through Apple’s or Google’s servers and may originate outside or your device from a service on a 3rd-party server.

            • Steve@communick.news
              link
              fedilink
              English
              arrow-up
              2
              ·
              11 months ago

              Oh! I didn’t realize they actually went through Google or Apple servers. Not sure why that’s a necessary step, but at least it explains why they would have the data at all.

              Thanks

              • gregorum
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                11 months ago

                Yeah, not all notifications originate from apps on your device. If, say, Amazon, updates, your delivery status, a push notification gets sent to your Amazon app from Amazon, then you get a notification on your device. That push notification goes through either googles servers or apples servers before it gets to you, that way, they know what device to send it to. That device ID is registered the app on your device with either Apple or Google on their servers. 

    • zeluko@kbin.social
      link
      fedilink
      arrow-up
      3
      ·
      11 months ago

      would end up being mostly useless if it were just a block of timestamped and encrypted data sitting on Apple’s or Google’s servers

      If you are only interested in the data, sure.
      But metadata is also very powerful, specially when aggregated

      • gregorum
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        11 months ago

        But metadata is also very powerful, specially when aggregated

        it can be, depending on the context and what metadata you get. it can also be useless or of very limited value, even in aggregate. it’s really a roll of the dice, depending on the case. while I agree that no data access would be preferable to a little, my point is that encrypting the notification contents (a step which app devs can and should take) provides far better protection than what the cops get now, which is all.