This is well known in the op-sec communities. iOS and Android notifications route through their servers and can be stored indefinitely (ie especially under a court order)
You need to disable the content previews if you want to be secure. But even the notification metadata can be quite valuable to law enforcement (who is messaging you, what time of day, etc.)
Also standard requirement on govt mobile devices to disable notifications. Mattermost provides this option at the server level to block notifications entirely for ios/android devices.
Ironically, I've got most notifications disabled because I simply find them annoying. I think SMS, phone calls and my CGM are the only things that cause my phone to regularly make noise.
possibly. the problem, though, is that 85% of signal's users would A. hate it and B. not know how to shut it off (even if you told them). that's part of the problem with trying to deliver security to the masses (and similar to the backup problem that they used to have).
fwiw, as far as I can remember, the signal foundation's position has always been "once someone has physical access to your device, all bets are off."
The article doesn't actually give a coherent answer on why.
People would generally claim "lazyness", as that is the Apple way. Why fix code when you can just sell new phones?
The actual answer is plausible deniability. Closed source software often leaks metadata in hard to discover ways so governments can deprive citizens of their rights under the law, and then claim "whoops, we didn't clean up correctly, our bad!".
Apple, like every other major tech company, goes along with it when nudged in the right direction.
This is well known in the op-sec communities. iOS and Android notifications route through their servers and can be stored indefinitely (ie especially under a court order) You need to disable the content previews if you want to be secure. But even the notification metadata can be quite valuable to law enforcement (who is messaging you, what time of day, etc.)
Also standard requirement on govt mobile devices to disable notifications. Mattermost provides this option at the server level to block notifications entirely for ios/android devices.
Ironically, I've got most notifications disabled because I simply find them annoying. I think SMS, phone calls and my CGM are the only things that cause my phone to regularly make noise.
I think that https://molly.im/ is better than Signal Android.
> Signal had been removed, but incoming notifications were preserved in internal memory
Why are app notifications not part of app data that gets deleted on uninstall???
Notifications is a different app?
https://archive.ph/bSQhD
Sounds like Apple needs to start flushing that database regularly, at least by option. Perhaps as part of Lockdown Mode?
Perhaps Signal should force the notification settings to "don't show the content" when disappearing messages are enabled in a particular chat?
possibly. the problem, though, is that 85% of signal's users would A. hate it and B. not know how to shut it off (even if you told them). that's part of the problem with trying to deliver security to the masses (and similar to the backup problem that they used to have).
fwiw, as far as I can remember, the signal foundation's position has always been "once someone has physical access to your device, all bets are off."
Can someone explain why notification databases are stored for a long period of time? The article is behind a paywall.
The article doesn't actually give a coherent answer on why.
People would generally claim "lazyness", as that is the Apple way. Why fix code when you can just sell new phones?
The actual answer is plausible deniability. Closed source software often leaks metadata in hard to discover ways so governments can deprive citizens of their rights under the law, and then claim "whoops, we didn't clean up correctly, our bad!".
Apple, like every other major tech company, goes along with it when nudged in the right direction.