Sorry, I must have misunderstood part of what you said. I thought you meant by endpoints you meant phone to phone, not phone to server, so that's my bad. It's obvious that Google knows a phone is receiving Signal notifications.
The other part of what I said, the 2nd hand claim, wasn't about networks at all. It was about what is included in the notification visible to Google. The 2nd hand claim was that nothing sensitive is included in the notification visible to Google.
Anyway, since 2nd hand claims I read on Reddit aren't that authoritative, I went through the trouble of looking through the Signal server's code and I read up a bit on FCM messaging. Their FcmSender
just takes a device id, data, notification type, and a notification priority. Elsewhere in the code, in their PushNotificationManger
, when a push notification is built for a Signal message, the data is set to null
. So, it's verified. Signal push notifications don't include any sensitive information.