| |
| ▲ | gruez 7 hours ago | parent | next [-] | | >it's even worse than that. What's additionally happening is they're still 'syncing' back to Apple servers via APNS (and to Alphabet servers via Firebase on Android)—even with notifications completely disabled, that's correct. Source? I don't think either OS implements notification syncing between devices, it's only one way, and as others have mentioned, the actually push notification doesn't contain any message content, only an instruction for signal to fetch and decrypt the message. | | |
| ▲ | pxeboot 4 hours ago | parent | next [-] | | > I don't think either OS implements notification syncing between devices iOS does. This is how you can receive Signal notifications on your Apple Watch and other Apple devices that don’t have the app installed. | |
| ▲ | dataflow 6 hours ago | parent | prev | next [-] | | > I don't think either OS implements notification syncing between devices Can't speak for iOS and no idea if this relates to the above functionality, but Pixel lets you deduplicate notifications across Pixel devices. | |
| ▲ | schrodinger 7 hours ago | parent | prev | next [-] | | This sounds correct. When I implemented push notifications for an iPhone application, I remainder needing to obtain a store a separate token for each device a user has, and subscribing to a feed of revoked delivery tokens. Seemed like an interesting design intended to facilitate E2E encryption for push notifications. | |
| ▲ | jerlam 5 hours ago | parent | prev [-] | | I do wonder how notifications that are synced/mirrored to the Apple Watch and newer versions of Mac are handled. |
| |
| ▲ | aftbit 7 hours ago | parent | prev | next [-] | | Wait... why does Signal need to send notification content to Firebase to trigger a push notification on device? I would instead expect that Signal would send a push to my Android saying nothing more than "wake up, you've got a message in convo XYZ", then the app would take over and handle the rest of it locally. I also didn't realize that Android stores message history even after I've replied or swiped them away. That's nuts - why!? | | |
| ▲ | llacane 6 hours ago | parent | next [-] | | Signal does NOT send notification content througth APN/Firebase, their push notification is literaly a ping as you expected. Source: https://mastodon.world@Mer__edith/111563866152334347
(Meredith Whittaker is the current CEO of Signal) I can't link you rigth now to the actual code on their repo but it is verifiable. | | |
| ▲ | baby 6 hours ago | parent [-] | | Btw I clicked your mastodon link and it didnt work | | |
| |
| ▲ | satvikpendem 7 hours ago | parent | prev | next [-] | | If your app needs to send a notification while it's not currently a running process, it must go through Firebase on Google's side and APNS on Apple's side. There is no way for a non running app to send a notification entirely locally, this is by design of both companies. | | |
| ▲ | greysonp 6 hours ago | parent | next [-] | | Signal developer here. Not entirely sure what you're saying. I'm only an Android guy, but FCM messages are certainly one trigger that can allow an app process to run, but it's not the only trigger. You can schedule system alarms, jobs, etc. And the notification does not need to be provided by the FCM message. In our case, the server just sends empty FCM messages to wake up the app, we fetch the messages ourselves from the server, decrypt them, and build the notification ourselves. No data, encrypted or otherwise, is ever put into the FCM payloads. | | |
| ▲ | satvikpendem 5 hours ago | parent [-] | | Sure but it needs to go through Firebase regardless of the content of the notification message, I do not believe there is a way to use a third party notification service which does not depend on Firebase. | | |
| ▲ | Zak 2 hours ago | parent | next [-] | | It doesn't. The API for displaying a notification is purely local. Receiving a ping from Firebase Cloud Messaging triggers the app to whatever it does in order to display its notification. In the case of Signal, that probably means something like fetching the user's latest messages from the server, then deciding what to show in the notification based on the user's settings, metadata, and message content. Here's example code for using FCM to show a notification. In this case, the notification content also passes through FCM, but Signal does not do that. https://www.geeksforgeeks.org/android/how-to-push-notificati... | | |
| ▲ | satvikpendem an hour ago | parent [-] | | Sorry I should clarify, by "it" I meant any sort of ping must go through Firebase Cloud Messaging, not that the message content itself goes through Firebase. Looks like there is a way to bypass Firebase by using something like UnifiedPush which runs a perpetual background process that acts similar to Google Play Services to pick up notifications from the server and calls the local notification API. | | |
| ▲ | Zak an hour ago | parent [-] | | It's theoretically possible to just keep an app running in the background all the time and periodically poll a server. That's unreliable though since some OEM Android builds will kill it for that even if the user disables battery optimizations. Those OEMs sort of have a point; if lots of apps did that it would drain the battery fast. | | |
| ▲ | satvikpendem an hour ago | parent [-] | | Then that's basically what I said right? That there is in practice no way to opt out of using Firebase if you want consistent notifications. |
|
|
| |
| ▲ | eptcyka 3 hours ago | parent | prev | next [-] | | When running Signal without google play services, Signal reliably received push notifications and with minimal battery drain. | |
| ▲ | gertop 3 hours ago | parent | prev [-] | | Any application can send notifications without going through a server. |
|
| |
| ▲ | vlovich123 6 hours ago | parent | prev | next [-] | | > this is by design of both companies. I’ll note that whatever other reasons it’s also the only way to make this battery efficient. Having a bunch of different TCP connections signaling events at random times is not what you want. Ideally the app also is responsible for rendering rather than having to disclose the message but that can be challenging to accomplish for all sorts of reasons). | |
| ▲ | 9dev 6 hours ago | parent | prev | next [-] | | > […] this is by design of both companies. This is more of a fundamental technical limitation of operating systems and networks; I don't think it is possible to design distributed communication between arbitrary service provider infrastructure and end-user devices without an always-online intermediary reachable from anywhere (a bouncer, in IRC terms) that accepts messages for non-present consumers. | | |
| ▲ | satvikpendem 6 hours ago | parent [-] | | Yes, however the fact that it is not customizable is what is annoying, you are forced to rely only on the OS makers' implementations, which I guess should be expected in the day and age. | | |
| ▲ | fn-mote 3 hours ago | parent [-] | | It sounds like you’re hinting at being unhappy with the lock-in forced by the ecosystem. The flip side of the coin: any possibly avenue to exfiltrate data and do (advertising) tracking by app developers will be used. The restrictions also protect my privacy. And my phone battery. | | |
| ▲ | satvikpendem 3 hours ago | parent [-] | | Clearly they don't protect your privacy as evidenced by the post we're commenting on. |
|
|
| |
| ▲ | OptionOfT 6 hours ago | parent | prev [-] | | But there is a way to do this encrypted, so that when the notification is received on your iPhone, the process itself needs to decrypt it. Except you need an entitlement for that, because it requires that your app has the ability to receive a notification without actually showing it (Apple checks this). Your app gets woken up, decrypts the message, and then shows a local notification. |
| |
| ▲ | izacus an hour ago | parent | prev [-] | | Android doesn't store message history unless you explicitly enable that feature and neither does Signal send message content to Firebase. You're angry about a huge amount of outright misinformation here. |
| |
| ▲ | alfiedotwtf 36 minutes ago | parent | prev | next [-] | | Sad to think there is a PostIt note somewhere in Virginia and written on it is a box labelled Signal, with an arrow pointing to a box labelled Apple servers, followed by a smirking smiley face pointing between the boxes with the message “encryption added and removed here” | |
| ▲ | tayk47999 6 hours ago | parent | prev | next [-] | | Any idea if this works the same or differently for Hidden apps specifically? Normally no notifications are shown for hidden apps, and even if you unhide the apps, prior notifications which were sent do not reappear IIRC. I'm curious if notifications like that are still hitting the phone into the notifications database, or get silently dropped, or something else. | |
| ▲ | kmbfjr 7 hours ago | parent | prev [-] | | With notifications disabled APNS push notifications fail for the sending app backend. The device id is rendered invalid if push notifications are disabled at any point. Backends are supposed to handle this and quit sending messages. Signal has this setting to tell the backend how much information to put into the push message. It can tell the backend to send a simple notification saying “new message” and not send information through APNS or enable it. I am willing to bet Signal has a notification extension to handle edge cases where there is lag in settings to scrub the message metadata before it dings a screen alert. |
|
