alt Hacker NewsSo Signal is sending the notifications through Apple's ecosystem somehow, presumably to save battery life by not having a persistent connection to Signal's servers? That's what I think happens on Android, too. When I had Lineage years ago, I had a persistent connection to Signal as the notifications didn't come through Google. Unfortunately there was a persistent notification for the persistent connection with no way to remove it.
After these news Signal should ask the users ASAP and on new installs something like:
> Do you want the notifications to pass through Apple (no privacy, better battery) or through Signal itself (better privacy, but less battery life due to the persistent connection to Signal's servers.
It should be as part of the setup wizard, not inside the settings.
Correct me if I've misunderstood something.
Replies
There is no other way to send push notifications on iOS, you have to use APNS. When the app is active you can switch to your own local socket connection, but as soon as it goes into the background those connections are lost. Pushes can also start the app in the background if it hasn't been used in a while and has been evicted by the OS.
You can send push notifications with your own encryption on top, which I believe Signal does, so Apple can't see it on the APNS side, but your local extension to decrypt the content is still subject to the user's settings, and part of the notification history if you put message content in the notification.
In my recollection, which may be imperfect:
1. On android if Google Play isn't available (or you install the no Google apk version) it'll use a websocket for notifications. Apple doesn't allow a persistent connection except through their own notification framework.
2. In either case Signal doesn't send message contents through the notification framework (not even encrypted). Once Signal receives a notification the app wakes up and reaches out to the signal service directly for actual encrypted message.
3. Regardless when signal shows the contents of your message in the notification menu of your device your device keeps a record on your device of that message content.
The FBI here didn't get anything from apple, once they had the apple device unlocked they looked at the notification database on the device to get the message contents. This isn't really any different from the fact that if the FBI has your unlocked phone they can read your signal messages. The notable bit is that the notification database retains messages even after the app is deleted.