Hello!
I’m an iPhone user, and one of my main privacy concerns is the way push notifications work.
All notifications are sent through centralized Apple servers. This is understandable, as leaving this task to each app would be potentially less secure and inefficient (each app gets to know your IP address without opening it, and you have to connect to multiple servers wasting a lot of bandwidth and battery).
The centralized notifications server, however, is a privacy point of failure: a single request from law enforcement to Apple is sufficient to gather all your messages, often with contents included, even from E2E encrypted apps like WhatsApp, or apps that would be less friendly to such requests (Telegram).
Yes, this has already been exploited by law enforcement in the US, and I predict it’ll become way more normal.
So my question is: how do privacy-friendly OSs handle push notifications from apps? Are they sent from a centralized server (like with Apple and Google)? If yes, who even is paying for it, considering the OS is free? Or are the push notifications just sent directly by the apps, without passing from your servers?
I’m asking specifically for Volla phones, Ubuntu OS or even Graphene OS. This is not a “gotcha” question: I legitimately don’t know which choice was adopted by the developers of these solutions and would love to know if they managed to solve this problem.
I didn’t find an answer on their websites, and ChatGPT says it works via peer-to-peer.
Thanks!