The Insecurity of "Push Notifications" and What to Do About It

 By now it has been widely circulated that the US government (and their 5 Eyes friends) has been secretly snooping on phone user's messaging in the form of Push Notifications. Not only are they snooping, but they applied a legal gag order to Apple and Google to prevent them from alerting you the customer of this fact.



What's that you say? You are using an end-to-end encrypted messenger such as Signal and therefore are safe from said intrusion? Not so fast...

While there are indeed some well designed and audited secure chat apps out there, that is only part of the story. Most, if not all, messaging applications employ Push notifications as a way to let you know that someone just reached out to you, even if you didn't happen to have the corresponding application open at the moment. This is, of course, very convenient for the end user, but the problem lies in how this is facilitated on the back end. Apple and Google both employ proprietary servers that intercept a message headed your way, read the metadata (unique ID, subject, timestamp, IP addresses, first line of msg, etc...) and then forward that to your device in the form of a "Push Notification". Their reason for this scheme being that you would otherwise have to keep all your messaging applications running full time to alert you to new messages, thereby draining your battery rather quickly. That is it in a nutshell, but what can be done about this? 

First: Get a more secure phone. Meaning, something like a late model Pixel running CalyxOS or GrapheneOS, which are replacement "Android based" systems built on the de-googled AOSP / Android Open Source Project. Sorry to break it to you, but there is no meaningful way to "harden" your off-the-shelf Apple iPhone or Google Android system.

Second: Once you have your more secure phone up and running, you may want to install your favorite chat apps from the F-Droid or Aurora store apps. Here are some suggestions (non-exhaustive):

For casual, friends & family chats with some added security (but a publicly known relationship):

- Signal (FOSS or Molly version)

- Wire

- Berty

- Trifa (Tox)


For more serious secure and private chats:

- Session

- Bchat

- Briar

- Cwtch

- SimpleX


Most of the above applications will have an option in their respective settings to use an alternative type of "Push", such as websockets to avoid the Apple/Google/GCM/Firebase push servers. You can also go into the system settings of CalyxOS/GrapheneOS and disable Push notifications system wide if  desired.


I do offer phones pre-built with CalyxOS or GrapheneOS as a base and an extensive security suite on my Store page. If you are technically inclined you may opt to just "roll your own" as there are many  guides for this online.





Comments

  1. Why not just turn off notifications?

    ReplyDelete
    Replies
    1. That does not necessarily stop any given app from routing push metadata via GCM on the far end, thus causing a leak despite having notifications turned off on your handset.

      Delete

Post a Comment

Popular posts from this blog

Winter 2024 Courses (Updated FEB 29)

GroundRod Level 1 in Missouri