This is well known in the op-sec communities. iOS and Android notifications route through their servers and can be stored indefinitely (ie especially under a court order)
You need to disable the content previews if you want to be secure. But even the notification metadata can be quite valuable to law enforcement (who is messaging you, what time of day, etc.)
Also standard requirement on govt mobile devices to disable notifications. Mattermost provides this option at the server level to block notifications entirely for ios/android devices.
You're thread-sliding, friend, and trying to diminish the major blow-up here. ALL notifications from banks, WhatsApp, Telegram you name it are stored indefinitely, and anyone with physical access to the phone and a cable can extract your entire history. This is NOT the same as them being stored at Apple or the NSA. Any shithead with a cable can do it.
I agree, especially in this context. Allows you to avoid the insecure Google push notifications and keeps the proprietary Signal client more honest to prefer a community implementation of the protocol. It also lets you lock down your on-device data with an additional encryption layer.
So we are talking about that any police with a cable can read ALL my past notifications, WhatsApp, Telegram, all banks? Like indefinitely in the past? And there is no way to flush the database? Wow thanks Apple.
14 comments
[ 6.0 ms ] story [ 34.1 ms ] threadShow previews is set to Never (Default).
Also standard requirement on govt mobile devices to disable notifications. Mattermost provides this option at the server level to block notifications entirely for ios/android devices.
Why are app notifications not part of app data that gets deleted on uninstall???