I remember reading an article where the government and Google were able to read notifications and record them from every android device. I wonder if Graphene might have patched this problem, and if not, do they have any plans to do so?

Thanks!

    • MigratingtoLemmy@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2
      ·
      8 months ago

      Essentially, the apps which don’t use Google FCM service are not affected (from what I understand?). I assume that there isn’t a problem on the client-side and this exploit works purely because Google stores these notifications.

      • dracs@programming.dev
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        8 months ago

        Anything using FCM will be effected. UnifiedPush which I mentioned I don’t believe has an option to encrypt notification content either. Using it you’d already at least have the option of using a provider with a better privacy policy or self hosting it.

        • evo
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          8 months ago

          I don’t believe has an option to encrypt notification content either.

          This is not an option you would actually want from any service.

          You don’t want to be giving the plain text message to anyone to encrypt. Instead the notification contents should be given to the service provider (FCM or anyone else) already encrypted and only able to be decrypted by the app.