TLDR: signal content in Apple notification can be retrieved even after signal app deletion.
I saw from this reddit thread: Signal messages retrieved from iPhone after uninstalling app. : signal
Referencing this news article: Pretti Killing May Affect ICE Prairieland “Antifa Cell” Terrorism Trial
The mention of signal is in court documents here: March 10: Federal Trial Day 12 - Support the Prairieland Defendants
Signal chat evidence from Sharp’s device (Exhibit 158):
Messages were recovered from Sharp’s phone through Apple’s internal notification storage — Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).
But Apple told me in an ad that they’re better for privacy?!?
Basically, they didn’t do this:
(I’m on Android, so I don’t know what the options look like in iOS, but they should be identical.)
You also don’t need to do this on Android unless you are concerned about random people seeing the messages on your screen. Signal on Android does not use Google’s push notification service
It’s not about how it’s pushed. It’s how it’s displayed (and stored) on the phone.
Source? I am not seeing anything about that. The only problem I have seen on Android is when applications use firebase for notifications, which is most play store apps to be fair, just no FDroid apps or some privacy preserving apps
Android Settings>Notifications>History. If this is on, you can clearly see past Signal notifications, including sender name and message preview (if you enabled those in Signal). I don’t know whether there is any ‘hidden’ history/cache that is stored even with notification history disabled.
I know about the setting. Why are you saying that information is sent to Google’s servers? As far as I have found, that information is only stored locally on your phone
Edit: If this is just about the fact it’s on the phone locally, of course if they have your actual phone they can see it. Signal is end to end encrypted, but it isn’t go to be encrypted on each end, otherwise you couldn’t read messages. Them getting your actual phone is very different from them intercepting the communication without you knowing
Read the original story. This whole thing is about retrieving data from the phone itself, not from Apple or Google servers.
The issue is that even if a message is deleted, message content can be retrieved through notification history.
It would be nice if Signal let you do this per conversation.
It’s sort of a victim of its own success, I use it for both things that do and don’t require opsec
This has been done before and is already pretty well known.
When I saw it hit the news before, it was because they were reading notifications off Google servers, which contained at least part of the message. Not because they were reading the device’s notification history.
So you are telling me an app is encrypting the shit out of every message so it can secretly delivered to another person. An then the persons phone decrypts the message an broadcasts it to an apple server, so it can get send back and make the phone go ‘ding’?
Shouldnt the notification be handled inside signal somehow, so this is the only app with the decrypted message?
What is next, everything from my ram needs to go through google servers to be transmitted to my display?
The Signal server would send a backend notification to the client app via the Apple Push Notification Service. The app is then able to wake up, at which point it fetches new messages (securely) from the Signal servers. The app then generates a local notification with a preview of the received message. iOS is then logging those messages.
I learned about this a couple of months ago and I’ve since disabled previews in notifications. It’s unfortunately the nature of how notifications are delivered to you. You should be fine by disabling message previews in your notification settings.
Yup,
https://www.privacyguides.org/articles/2022/07/07/signal-configuration-and-hardening/
Among other things
I think on android, signal do not use Google’s push notification. They simple send a dummy push, and the signal app wakes up to retrive the latest message directly from signal server.
So Google never have your notification content. I am not sure if they do the same on iOS.
That being said if your attack model includes people reading your notification lock screen, then you should disable showing signal notification.
The message preview notification is handled similarly in IOS and Android. The issue isn’t people seeing the notification, it’s that the content of the message being passed to the phone’s launcher. Which is unencrypted.
Does that actually prevent the app from sending the content through Apple’s servers or does it just prevent iOS from showing it in the notification area?
The only way apple is seeing it is when the notification is displayed. It only sees the contents of the notification itself. So it would still see who sent you a message, but it wouldn’t say what it was
It’s worth noting apps can avoid this on Android: https://tuta.com/blog/google-push-alternative#alternatives-to-google-push
Any FDroid app cannot use Firebase for push notifications since it’s proprietary: https://forum.f-droid.org/t/firebase-allowed-in-fdroid-apps/7540
It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.
It’s because the system saves the notifications apps posted to the notification menu.
but yes. don’t use firebase push notifications if you can avoid it. use a unifiedpush based system. base signal app does not support it, only molly. there are some difficulties though with that that are unique to signal.
This is not always the same on Android. Any app from FDroid will not use Google’s push notification service because it is proprietary, meaning it violates the rules for FDroid. Signal does not use Google’s notification service
It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.
It’s because the system saves the notifications apps posted to the notification menu.
It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.
Is is 100% because of firebase. Here is an example payload from firebases official document:
{ "message":{ "token":"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P1...", "notification":{ "title":"Portugal vs. Denmark", "body":"great match!" } } }https://firebase.google.com/docs/cloud-messaging/customize-messages/set-message-type
Notification history is purely local to the device. It is not sent to any servers.
Well, of course. All notification contents go through Apple’s servers (or Google’s in case of Android).
Not all, no. There are alternatives on Android:
The good news is that alternative methods for push notifications are available, namely SSE (Server Sent Events) and WebSockets.
Additionally, a new open source project, UnifiedPush is becoming increasingly popular. UnifiedPush is an open source, private alternative to Google for notifications.
https://tuta.com/blog/google-push-alternative#alternatives-to-google-push
Signal for android uses web sockets for notifications
It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.
It’s because the system saves the notifications apps posted to the notification menu.
As I already replied om one of your other comments:
It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.
Is is 100% because of firebase. Here is an example payload from firebases official document:
{ "message":{ "token":"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P1...", "notification":{ "title":"Portugal vs. Denmark", "body":"great match!" } } }https://firebase.google.com/docs/cloud-messaging/customize-messages/set-message-type
Notification history is purely local to the device. It is not sent to any servers.
Why would a notification need to leave my device at all?
A lot of notifications originate off your device.
Because it’s FAANG
Added the full content of the original post to the body of this thread.
