• Off Topic

  • Why tf does Proton Mail need Google Play Services to show notifications?

Hey friends, hope you're doing well.

I suppose this isn't strictly-speaking a GrapheneOS question, but it relates to how I'm setting up my phone. (Very happy with the OS so far)

When I installed and set up the Proton Mail app, it said it'd need Google Play services to send push notifications.

The whole reason I'm using Proton Mail (and, in part, GrapheneOS) is to get away from Google, so that's unacceptable. I also don't understand why Google Services would ever be necessary for something as simple as push notifications.

Does anyone know a way around this? Tysm!

    whew-zee also don't understand why Google Services would ever be necessary for something as simple as push notifications.

    very common in android apps, unfortunately. The whole deal with "push" notifications is that the server should "push" a message to the client instead of having the client periodically poll the server. There are two main ways that this is implemented:

    1. Each app always runs in the background and maintains a connection to the server, allowing the server to send new data whenever. For example, Signal does this when google play services are not installed. This may reduce battery life and generally use more resources since every app doing this runs in the background all the time.

    2. Much more common is using Google's Firebase Cloud Messaging (FCM). With this, the server sends messages over Firebase and client apps interact with Google Play Services so that the messages get delivered to the app. This way, most apps do not need to constantly run in the background and instead get waken up whenever Google Play Services has a message for them. Google Play Services will maintain a connection to Firebase servers to allow receiving messages.

    Unified Push is an attempt of doing something like number 2 but without locking into google stuff.

    whew-zee Does anyone know a way around this?

    I have a crazy idea, but I've never tried it. Proton Mail has an option of sending a notification email to another email address whenever you receive an email. I assume it won't send full email contents but rather just limited metadata (PGP-encrypted emails still expose the subject, sender, and recipients anyway), so it shouldn't leak much. Then, if you can find a client that supports notifications for this email, then you can just check protonmail whenever you receive an email there. Most clients that don't use google play services would rely on polling or background connections though. For proper push notificaitons, it would be great to have an email accessible with JMAP and a setup using unified push + JMAP Push to deliver notifications. Supposedly, ltt.rs added push support recently, so it should work? But then there's this issue so idk.

          Does graphene have a plan of providing an alternative to Google for push messages? Because I sadly need to use Google for push notifications and it really bothers me.

          I only have two apps that have trackers that have network enabled, Google Play for notifications and WhatsApp. Sadly I need to use WhatsApp all the time, but I really wish I could remove Google Play.

            whew-zee When I installed and set up the Proton Mail app, it said it'd need Google Play services to send push notifications.

            The whole reason I'm using Proton Mail (and, in part, GrapheneOS) is to get away from Google, so that's unacceptable. I also don't understand why Google Services would ever be necessary for something as simple as push notifications.

            Fundamentally this is up to the app author, since it's their servers that are sending the notifications to their app. So this would need to be taken up with Proton.

            whew-zee I also don't understand why Google Services would ever be necessary for something as simple as push notifications.

            As delitako writes, basically, push notifications are not simple if the speed of the notifications matters and the battery life of the client device also matters.

                  RRZishe Does graphene have a plan of providing an alternative to Google for push messages?

                  As delitako writes, UnifiedPush (or another contender) could be coded into apps by the authors of the apps. But it is not possible for the GrapheneOS developers to break into Proton's servers to make Proton's servers send notifications via something other than Google's FCM servers.

                  The situation is less than ideal, but it's outside of the scope of the GrapheneOS team.

                        de0u Ya, I definitely don't want the graphene team trying to hack into Proton for two reasons. 1. The graphene team is super smart and I have my emails in proton 2. It would really suck if the graphene team ended up in jail... Lol 🤣🤣🤣

                        But in all seriousness I wish there was some kind of app that would pretend to be Google and tell Proton and other apps "hey, I'm your guy for push notifications! And BTW, send them to this link (i.e. push.grapheneos.org) and not to Google.com".

                        I don't know if that even makes sense... But that's kinda what I'm thinking...

                          whew-zee given Proton's update track record we can't really expect a fix for this anytime soon. This was the exact reason I keep using Tuta instead for mails, they have their notification service figured out...

                          If you really need Protonmail to send notifications on GOS, maybe a workaround is to use different profiles. I've posted more details here where the same question was discussed.

                            They answered on Reddit that they have it in their plan.

                            They are using UserVoice to gather feedback. The idea was already suggested a long time ago.
                            The more noise we make about it, the more it should be taken as a priority.

                            5 days later

                            I've migrated to Tutanota just for this reason. I donno if they ever will implement this. I have this suspicion because they don't even have issue tracker on github, as well as an f-droid publish. You have to literally install it from play store, or their website, or from izzyondroid repo.

                            They're relying on Play Store revenue heavily btw. As long as they stick to it, they won't drop GSF requirement.

                              • [deleted]

                              • Post #11

                              foxjaw The only problem with Tuta is that it doesn't autostart after reboot, which to me happened every morning if I set autoreboot to 4 hours and every time I had to manually kick start it, then it worked okay. Now I just use their webapp.

                              Proton mail doesn't have eta on their own push implementation, doubt it will ever have, they've been saying for years they work on it.

                                  Sounds like Mailbox.org with encrypted mailbox + K9-Mail + OpenKeychain is the best option then for zero knowledge email hosters.

                                  [deleted] I believe any app shouldn't start on it's own by default. That would clog up the memory. They have to be designed that way & the problem is specific to you. I believe you're restarting your device on the task basis. Do the same with Tuta too. Make it open on restart with something like tasker & you're good to go.

                                  @DeletedUser28 Mailbox.org is not available in all countries across the globe.

                                    @akc3n Tuta was way ahead in this department. Proton is already susceptible to Apple/Google Push notification theft, since they also reveal the mail titles as well as the sender mail, which is very insecure tbh. Tuta solves this through SSE, by hiding it & only revealing that a new message(s) has/have been arrived (with message count), so that even if the notification got stolen, no one would know who sent with what mail title.

                                    Also, check this customer support backlash since 2020, it's hilarious.
                                    https://protonmail.uservoice.com/forums/284483-proton-mail/suggestions/40261009-indenpendent-push-notification-gsf-independet

                                      RRZishe Does graphene have a plan of providing an alternative to Google for push messages? Because I sadly need to use Google for push notifications and it really bothers me.

                                      As previously mentioned, there are a few alternatives already available. You have the unified push which was already mentioned, as well as conversations/jabber & NTFY

                                        I sent couple of emails to Proton developers requesting to implement web socket for the apk available on their website but they don't even bother. So, I switched to Tutanota.

                                        whew-zee

                                        My workaround until Proton implements its alternative push notification framework:

                                        Profile 1: Owner Profile, Sandboxed Google Play installed
                                        Profile 2: daily driver, degoogled

                                        So that I am notified of incoming emails in Profile 2 (pull instead of push strategy is unfortunately not an option for professional reasons), I have also installed the Protonmail app in Profile 1.

                                        Via "sent notifications to current user" I am immediately informed in Profile 2 about the receipt of an email and can then open Protonmail in the de-googled profile and read / reply to the email without switching profiles.

                                        Not a very sexy workaround, but it works for me (especially because the owner profile is always active anyway).

                                            • [deleted]

                                            • Post #20

                                            Murcielago with this approach you are just hiding from the fact that you use Firebase for notifications albeit in an indirect way (by thinking that two different users can not be linked by other personally identifiable activity, network connection or tracking and fingerprinting).

                                                [deleted]

                                                Good point, thanks for clarifying. I didn't mean to say that activities of two user profiles cannot be linked by other measures - I am aware of that problem.

                                                That's why it's just a suggestion of a workaround that might offer the original questioner an idea until Proton implements alternative push notification, if he

                                                • is dependent on push notifications
                                                • can't/won't change his email provider
                                                • N1b likes this.

                                                  foxjaw Proton is already susceptible to Apple/Google Push notification theft, since they also reveal the mail titles as well as the sender mail, which is very insecure tbh.

                                                  This is incorrect. Please double check your statements before posting.

                                                  For Apple users, on each login, the app generates an asymmetric keypair, saves the private key on Keychain, and sends the public key to Proton’s push notification server accompanied by the user’s session ID. This server encrypts every push notification with the public key, and the application extension decrypts it using the private key from Keychain, ensuring that Apple (or an intelligence agency sitting on Apple’s servers) does not have access to the contents of push notifications. Raw push notifications are not persisted on the device for long and are not included in backup. The private key is removed from Keychain on logout, and the public key is not reused across sessions.​

                                                  https://proton.me/blog/ios-security-model

                                                  For Android users, Proton Mail’s push notification servers always encrypt the notifications they send, and the Proton Mail client decrypts these notifications locally. These notifications are never stored on the device.

                                                  https://proton.me/blog/android-client-security-model

                                                  If need be, an individual could always simply turn off their device's notifications on the lock screen to be more private. That way, someone who picks up their phone won’t be able to see the individual's contacts, message previews, reminders and alerts.

                                                    @ErnestThornhill It's not about encryption. It's about readability. ProtonMail still relies on Google Services Framework to deliver push notifications. Whether encrypted or not doesn't matter, as long as the underlying service controlled by Google themselves.
                                                    Whatever you see in the notification, Google sees that too.

                                                    And beware that proton can write anything in their blog. As long as they don't back it up, we're never sure. Their backend is closed source.

                                                      foxjaw And beware that proton can write anything in their blog. As long as they don't back it up, we're never sure. Their backend is closed source.

                                                      That doesn't really mean anything. The same could be said about any website.

                                                      What's your source for your last sentence?

                                                        foxjaw Whether encrypted or not doesn't matter, as long as the underlying service controlled by Google themselves.
                                                        Whatever you see in the notification, Google sees that too.

                                                        Can you provide a source supporting this claim? Is the assertion that Google somehow can break all encryption?

                                                            foxjaw

                                                            Whether encrypted or not doesn't matter, as long as the underlying service controlled by Google themselves.
                                                            Whatever you see in the notification, Google sees that too.

                                                            Is that the case? Proton says that their "notification servers always encrypt the notifications they send, and the Proton Mail client decrypts these notifications locally."

                                                            Would be interesting to know what exactly Google sees of this...

                                                                Notification theft by google & apple might be claims. But not just this, there are a lot more reasons we're trying to move away from them. The whole concept of "We provide privacy with atmost care" is not to be believed, the only reason being they're not FOSS. Notifications are never encrypted on both Android & Google. On top of that utilizing GSF for push notifications is another red flag. I can't give any more reasons than these.

                                                                  foxjaw A personal opinion is as reliable of a source as Wikipedia. There's a reason why Wikipedia is not an approved source for information when writing a paper for school...

                                                                    whew-zee Your concerns, along with the post from akc3n have convinced me to ditch the proton mail app and use Vanadium to access my proton and other mail accounts. So far so good - I realize that I do not get mail urgent enough to require notifications from the mail servers.

                                                                    Somewhere on this P7P there should be a list of accounts which are known to Firebase Cloud Messaging (FCM which I think is the evil mentioned in

                                                                    https://arstechnica.com/tech-policy/2023/12/apple-admits-to-secretly-giving-governments-push-notification-data/ )

                                                                    Can anyone point me to where I can delete any FCM linkage to PMail and others? Possibly I need to deactivate it in google services in the main account!?

                                                                        foxjaw Whatever you see in the notification, Google sees that too.

                                                                        foxjaw Notifications are never encrypted on both Android & Google.

                                                                        Both of these statements are not really true.

                                                                        (Just a note, I don't know about Apple's APN, so I won't comment on that)

                                                                        FCM is a push messaging service, not a push notification service. When a message / "notification" comes in, the app is woken up and can process the notification and display something. Many apps/services send messages with empty data fields, like Signal. Apps/services can also elect to encrypt data in the data field. It all depends on their implementation.

                                                                        Given that, an FCM message without extra personal data included will only allow Google to see very basic info, like time and which service is sending the message and to who.

                                                                        But of course there's the flip side to this. Lazy app developers can just shove a bunch of plain text data into notification messages.

                                                                        As for whether the apps/services in question really send personal info via plaintext in FCM messages, I really don't know, but I seriously doubt it. I'd suggest you read through the code in their apps that process notifications to know for sure.

                                                                        I suggest you read through this page: https://firebase.google.com/docs/cloud-messaging/concept-options

                                                                            You can reason these other aspects like security, encryption, etc all you want, except not answering the main question itself ? Did you guys even read the thread title ?

                                                                              foxjaw besides the fact email is inherently insecure and unless you're emailing another person ALSO with encrypted email using an encrypted email services is a giant waste of time and nothing more than security theatre, why use them at all if you don't even trust them in the smallest sense? Go use tuta.io if you want cessation from GFM

                                                                                foxjaw we have, you just didn't like the answer and are now trolling demanding a better answer

                                                                                  foxjaw

                                                                                  Read through the first 5-10 posts carefully. The answer to the title is "because". What kind of answer would you prefer or expect from the GrapheneOS community? Unless someone has classified intel from the proton dev team and is willing to share it, we all have to rely on publicly available information which is "because they decided to do so".

                                                                                  Apparently you're well aware of the pros and cons of the current implementation and decided to stay away from it. Good on you! But I doubt the truth will reveal itself by repeating the same paragraphs over and over again in this discussion. In fact, you could reach out to Proton and ask then right away - and let us know their answer.

                                                                                    @N3rdTek I'm already on tuta as my primary mail & I have no issues with push notifications (also have protonmail), despite not having any google services (not even microg).

                                                                                    @Phead I apologise for repeating myself. I did read this thread thoroughly. I hope proton implements their own unified push service. As one of their dev replied on reddit that they're working on it.