Signal does not send any sensitive information in push notifications sent via APNs [0]. This story concerns the local OS cache of push notifications, which are triggered after E2E decryption has occurred.
Right. So I send a push notification with the "silent" flag and encrypted content; the app receives it, decrypts the text, and displays the notification locally. Google/Apple has only ciphertext in their FBI/CIA/NSA-accessible databases.
I'm confused. You mean the iOS system notification would display the decrypted message in plaintext? Or do you mean the iOS system notification would display the encrypted message (i.e. it would be unreadable)?
So in that case, the system has access to the plaintext, therefore the Alphabet boys have access to it as well. Unless, of course, you believe Apple isn't cooperating with them.
Am I missing something here? Maybe I'm missing a subtle detail.
A system like the one in "my phone's operating system". Do you assume that "Alphabet boys" have access to all parts of all Android file systems of all the phones ever produced?
I think the confusion here is that Signal does in fact encrypt the notification in transit [1]. The FBI had access to the user's unlocked iPhone and went through the notification history on the device. The issue the user faced is that even though they deleted the signal app they were unaware that iOS (and Android by default) retain a database of past notifications even after they're dismissed from the notification pane.
[1] Well actually they just send a blank notification, the signal app then reaches out to the signal server for the actual encrypted message content when it receives the empty notification.
I'm sorry but I'm having a really hard time understanding what you're saying. The first sentence I cannot understand at all. As for the second sentence, I think you might be confused about my usage of the term "Alphabet boys", which is slang for the intelligence agencies: https://youtu.be/lLf84LPzlVc?t=61 it seems like you thought I was referring to Google's parent company.
