Notifications

Ghj456

Are there any privacy concerns by enabling notifications?

matchboxbananasynergy

Hey there! If you're talking about the "Notifications" permission, then no. That should be fine. It only controls whether you see notifications for a particular app or not.

Ghj456

matchboxbananasynergy What about enhanced notifications? When enabling it in settings it says:

"Enhanced notifications can access notification content, including personal information like contact names and messages. This feature can also dismiss or respond to notifications, such asanswering phone calls, and control Do Not Disturb"

Which company collects this information and should this be turned off for privacy?

matchboxbananasynergy

Ghj456 Can you provide me with an example of an app that's requesting that so that I can take a closer look?

unwat

Ghj456

I'm not matchboxbananasynergy, but maybe I can help them out...

Short answer: it doesn't matter. Notifications are coded the same way whether enhanced notifications are enabled or not. This also means notifications are handled exactly the same way with FCM push notifications, so Google doesn't get to see anything new with enhanced notifications (if you have Google Play Services installed, of course).

The only real difference is how they're displayed or how you can interact with the notifications.

Ghj456

matchboxbananasynergy Go to settings on your GOS phone, then go to notifications and scroll all the way down. It is the last one called "enhanced notifications". Enable enhanced notifications, the message will pop up.

applesbana

unwat

Perhaps a naive question, but are the notifications encrypted (enhanced or not) to prevent google from reading them?

I think I read iOS encrypts their notifications.

unwat

applesbana

According to this, no. Notification data is stored in cleartext on FCM servers by default, but data can be encrypted with a 3rd party library.

The data field in a push notification is optional, so no big deal if things aren't encrypted if no data is added.

Signal, for example, just makes a new notification with an FCM ID, a notification type, and the notification's priority. The data field is empty for messages. When a notification comes in, the app launches in the background, pulls down new messages, then the app displays the notifications itself. All Google can see is the user received a Signal notification.

I don't know how other apps do it. I wouldn't be surprised if many apps that use push notifications store data in cleartext for their own convenience.