• Off Topic

  • Can I control which apps have access to FCM push notification?

With a standard single-user (Owner) setup with sandboxed Play Services installed, can I control which apps actually can register for FCM push notifications? Or is the only way to run them with a separate user without Play Services installed?

There is a "Notifications" permission, but I wasn't sure if disabling that means push messages will still be sent to my phone from Google and simply ignored by the app.

My use case is I want Signal to use its fallback websocket notifications rather than leak the timestamp of all incoming messages to Google via FCM. And I'd prefer not have to switch between Android users.

    aw22 Please see this discussion with similar questions in the comments along with answers here:
    https://discuss.grapheneos.org/d/9407-governments-obtaining-push-notification-metadata-from-applegoogle/6
    https://discuss.grapheneos.org/d/9407-governments-obtaining-push-notification-metadata-from-applegoogle/11

    My use case is I want Signal to use its fallback websocket notifications

    You can always download the self-updating apk directly from https://signal.org/android/apk/
    Set a battery optimization exception for the app before initial launch.
    SettingsAppsSignalBatteryUnrestricted
    At first launch it will check if Google Play services are installed and fallback to WebSocket for push.

    You may be interested in the hardened fork of Signal that lots of community members prefer called Molly. The FOSS version of molly.im use WebSockets exclusively.

      Thanks, that discussion does touch on some of the FCM issues.
      But a more simple question that I still have: is there an easy way to prevent an app from accessing installed (sandboxed) Google Play Services without having to run the app with a different user?