I remember reading an article where the government and Google were able to read notifications and record them from every android device. I wonder if Graphene might have patched this problem, and if not, do they have any plans to do so?

Thanks!

  • @MigratingtoLemmyOP
    link
    English
    19 months ago

    If I were to install MicroG in a different profile would the rest of my push notifications be compromised too?

      • @MigratingtoLemmyOP
        link
        English
        19 months ago

        Essentially, the apps which don’t use Google FCM service are not affected (from what I understand?). I assume that there isn’t a problem on the client-side and this exploit works purely because Google stores these notifications.

          • @MigratingtoLemmyOP
            link
            English
            19 months ago

            Would you happen to know what WhatsApp and Signal use? I believe FOSS apps from F-droid do not use Google’s notification service

              • @MigratingtoLemmyOP
                link
                English
                19 months ago

                Thanks, I’ll go read some more. I’m trying to move away from WhatsApp and wanted to run Signal in my main profile on Graphene. I hope I can use it without FCM there.

                • @[email protected]
                  link
                  fedilink
                  English
                  19 months ago

                  Signal does have a fallback if FCM is unavailable. It supposedly uses slightly more battery, but I can’t say I noticed it. I’ve swapped to using Molly which is a fork of Signal which implements UnifiedPush (among some other features).

        • @[email protected]
          link
          fedilink
          English
          29 months ago

          Anything using FCM will be effected. UnifiedPush which I mentioned I don’t believe has an option to encrypt notification content either. Using it you’d already at least have the option of using a provider with a better privacy policy or self hosting it.

          • @[email protected]
            link
            fedilink
            English
            2
            edit-2
            9 months ago

            I don’t believe has an option to encrypt notification content either.

            This is not an option you would actually want from any service.

            You don’t want to be giving the plain text message to anyone to encrypt. Instead the notification contents should be given to the service provider (FCM or anyone else) already encrypted and only able to be decrypted by the app.