This is the notification layer, but the same structural problem exists one level deeper: the OS vendor is the custodian of the user's entire digital identity, not just message contents, but context, behavioral history, and application relationships. The notification routing is a symptom. The custody assumption underneath it is the root.

As long as your identity lives inside a vendor-controlled OS, encryption at the app layer is a patch on a structural problem