I remember reading an article where the government and Google were able to read notifications and record them from every android device. I wonder if Graphene might have patched this problem, and if not, do they have any plans to do so?
Thanks!
The issue lies with Google’s FCM (Firebase Cloud Messaging) system, so it’s not something GrapheneOS can really fix. As far as I know FCM doesn’t offer a way to encrypt notification content. Some apps like Signal work around this by instead of sending the message content, they send a little “wake up” notification. This tells Signal on your phone to wake up and it goes and retrieves the new message.
If you don’t install Google Play Services, you won’t be impacted. But you’ll also not get notifications for most applications. There is an alternative push notification system called UnifiedPush which allows you to choose any server to handle your notifications (and even self host it). But it does require both the service and the app to support it, so it’s not very wide spread yet.
Lol, FCM sends the CONTENT of messages through Google?? Wtf why do we even have “E2EE” Whatsapp then?
I’ve never worked directly with FCM, but that’s my understanding of the issue. I don’t know about WhatsApp. But it may do the same thing as Signal where the notification is just a wake up call and then the app connects directly to the WhatsApp servers to get the actual message.
Firebase is a platform/service provided by Google, so it makes sense that the content goes thru Google’s servers.
Also, E2EE in a closed-source app like WhatsApp, run by a nefarious corporation like Meta, was always a joke concept, a marketing ploy at best. People who are truly concerned about their privacy would never touch WhatsApp.
They are encrypted in transit but not E2EE unless the developer handles that themselves.
Why do we need a server to handle notifications anyway? Why isn’t it local to the device?
It’s mostly a power efficiency thing. Before push notifications were the norm, most apps used a polling method. They had the application send a request every X seconds asking “anything new”. There wasn’t coordination between apps, so even every app checked once every 30s, it likely wouldn’t be on the same 30s. This caused the device to wake up a lot and never let it switch into low power mode.
A push notifications system like FCM or UnifiedPush means only a single application needs to run in the background. It maintains a persistent connection to the push notification service and waits for a message. When it receives one it wakes up the relevant app and passes it the details.
If I were to install MicroG in a different profile would the rest of my push notifications be compromised too?
MicroG is just an open source method to access Google’s servers. If the problem is server-side (which I think it is), then microg won’t help you here.
Essentially, the apps which don’t use Google FCM service are not affected (from what I understand?). I assume that there isn’t a problem on the client-side and this exploit works purely because Google stores these notifications.
I believe apps working without FCM should be fine, or at least require more effort for third parties like law enforcement to intercept. There’s nothing preventing the NSA from listening in on the notifications of alternatives either, of course. Ideally, all notification services have their notification encrypted end-to-end. If app developers do that, FCM should be fine.
Would you happen to know what WhatsApp and Signal use? I believe FOSS apps from F-droid do not use Google’s notification service
Both default to FCM as far as I know. WhatsApp has a fallback notification system, but I don’t think Signal does.
Edir: correction: Signal does seem to work without FCM, but if you set it up and then nuke FCM, Signal will show a near permanent notification indicating that Signal needs Google Play services because of a bug.
FOSS apps sometimes use FCM, though that should be labeled in the app details as an anti feature, I believe. It’s very hard (almost impossible) to write power efficient notifications without centralising the notification flow.
There are semi-standards, like Unified Push, that can help, and UP can even use FCM as a backend if you so wish, but I don’t think many apps use it at the moment.
Thanks, I’ll go read some more. I’m trying to move away from WhatsApp and wanted to run Signal in my main profile on Graphene. I hope I can use it without FCM there.
Anything using FCM will be effected. UnifiedPush which I mentioned I don’t believe has an option to encrypt notification content either. Using it you’d already at least have the option of using a provider with a better privacy policy or self hosting it.
I don’t believe has an option to encrypt notification content either.
This is not an option you would actually want from any service.
You don’t want to be giving the plain text message to anyone to encrypt. Instead the notification contents should be given to the service provider (FCM or anyone else) already encrypted and only able to be decrypted by the app.
Graphene can’t fix the apps you install. Their data is being intercepted outside of your phone.
Some apps will encrypt their messages, so Google and anyone listening in can’t use decode the message. Others basically send a “check for new messages” signal rather than the actual message, which then has the app reach out to the online service and fetch the message directly before displaying a notification. Either approach minimises metadata collection, so if your apps are using these methods you should be fine.
If your apps are directly sending message contents unencrypted, you’re screwed. Your only option would be to find another app or to not use Google’s messaging system, breaking notifications in many apps and adding more battery drain to the ones that so still support notifications.
Thanks, I’ll take a look
I don’t recall any article like you said; can you provide me with a link?
Also, reading notifications is only possible if the notifications are not encrypted; otherwise, it is not possible.
And this relies on the service that is sending the notification and has nothing to do with the OS you are using.
Hi,
This has nothing to do with reading notifications but getting an approximate location based on notifications.
Like I said, if the notifications are sent encrypted, there is no way to read them.
Regarding tracking locations based on push messages, the only way to avoid it is by carefully selecting which apps are allowed to send you notifications.
Again, it does not matter what operating system you are using.
Notifications using fcm are not encrypted, I can literally go into my firebase console ant see this is the case
There is nothing stopping you from encrypting the payload instead of sending plain text.
deleted by creator
??? The person I responded to literally is…
