Combat Studies Group: The Insecurity of “Push Notifications” and What to Do About It

Original article here.

By now it has been widely circulated that the US government (and their 5 Eyes friends) has been secretly snooping on phone user’s messaging in the form of Push Notifications. Not only are they snooping, but they applied a legal gag order to Apple and Google to prevent them from alerting you the customer of this fact.

What’s that you say? You are using an end-to-end encrypted messenger such as Signal and therefore are safe from said intrusion? Not so fast…

While there are indeed some well designed and audited secure chat apps out there, that is only part of the story. Most, if not all, messaging applications employ Push notifications as a way to let you know that someone just reached out to you, even if you didn’t happen to have the corresponding application open at the moment. This is, of course, very convenient for the end user, but the problem lies in how this is facilitated on the back end. Apple and Google both employ proprietary servers that intercept a message headed your way, read the metadata (unique ID, subject, timestamp, IP addresses, first line of msg, etc…) and then forward that to your device in the form of a “Push Notification”. Their reason for this scheme being that you would otherwise have to keep all your messaging applications running full time to alert you to new messages, thereby draining your battery rather quickly. That is it in a nutshell, but what can be done about this?

First: Get a more secure phone. Meaning, something like a late model Pixel running CalyxOS or GrapheneOS, which are replacement “Android based” systems built on the de-googled AOSP / Android Open Source Project. Sorry to break it to you, but there is no meaningful way to “harden” your off-the-shelf Apple iPhone or Google Android system.

Second: Once you have your more secure phone up and running, you may want to install your favorite chat apps from the F-Droid or Aurora store apps. Here are some suggestions (non-exhaustive):

For casual, friends & family chats with some added security (but a publicly known relationship):

– Signal (FOSS or Molly version)

– Wire

– Berty

– Trifa (Tox)

For more serious secure and private chats:

– Session

– Bchat

– Briar

– Cwtch

– SimpleX

Most of the above applications will have an option in their respective settings to use an alternative type of “Push”, such as websockets to avoid the Apple/Google/GCM/Firebase push servers. You can also go into the system settings of CalyxOS/GrapheneOS and disable Push notifications system wide if  desired.

I do offer phones pre-built with CalyxOS or GrapheneOS as a base and an extensive security suite on my Store page. If you are technically inclined you may opt to just “roll your own” as there are many  guides for this online.

By Published On: December 10, 2023Categories: UncategorizedComments Off on Combat Studies Group: The Insecurity of “Push Notifications” and What to Do About It

Share This Story, Choose Your Platform!

About the Author: Patriotman

Patriotman currently ekes out a survivalist lifestyle in a suburban northeastern state as best as he can. He has varied experience in political science, public policy, biological sciences, and higher education. Proudly Catholic and an Eagle Scout, he has no military experience and thus offers a relatable perspective for the average suburban prepper who is preparing for troubled times on the horizon with less than ideal teams and in less than ideal locations. Brushbeater Store Page: http://bit.ly/BrushbeaterStore

Related Posts

Kamala Harris promoting communist principles in speech

July 26, 2024|0 Comments

CCP Bot Farms in the tank for Kamala

July 26, 2024|0 Comments

THE GUERRILLA’S GUIDE TO THE BAOFENG RADIO: #1 BESTSELLER IN COMMUNICATIONS

July 26, 2024|0 Comments

SABOTAGE IN FRANCE: MAP

July 26, 2024|0 Comments

GUNS N GEAR

Categories

Archives