Google aussi.
Sans surprise. Ce qui m'a le plus interrogé, c'est les réactions ici ou là.
D'un côté, ça dit que Signal utilise des notifs sans contenu, sans citer de source. De l'autre, j'ai récemment utilisé Signal sur un système Lineage dépourvu des outils Google et ça fonctionnait. Sur le twitter de la présidente de la fondation Signal, on lit :
PSA: We've received questions about push notifications. First: push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls–not to Apple, not to Google, not to anyone but you & the people you're talking to.
In Signal, push notifications simply act as a ping that tells the app to wake up. They don't reveal who sent the message or who is calling (not to Apple, Google, or anyone). Notifications are processed entirely on your device. This is different from many other apps.
What's the background here? Currently, in order to enable push notifications on the dominant mobile operating systems (iOS and Android) those building and maintaining apps like Signal need to use services offered by Apple and Google.
Apple simply doesn’t let you do it another way. And Google, well you could (and we've tried), but the cost to battery life is devastating for performance, rendering this a false option if you want to build a usable, practical, dependable app for people all over the world.*
So, while we do not love Big Tech choke points and the control that a handful of companies wield over the tech ecosystem, we do everything we can to ensure that in spite of this dynamic, if you use Signal your privacy is preserved.
*(Note, if you are among the small number of people that run alt Android-based operating systems that don't include Google libraries, we implement the battery-destroying push option, and hope you have ways to navigate.)
Perso, je n'ai pas constaté que ça bouffe la batterie, mais mon cas d'usage était atypique (mon smartphone était quasi tout le temps branché au secteur).
Sur le fait qu'il n'y a pas d'alternative simple et efficace, une confirmation ici :
On the user side, you could tell your smartphone to provide an alternative push notification server to the app. But it is very difficult to do. Some prototypes have been developed like the openpush one for instance.
The user can also completely deactivate push notifications or use MicroG on Android opensource alternative OS (like Lineage or /e/OS) in order to mitigate privacy risks. MicroG provides a prompt when an app try to subscribe to push notifications and do not use an unique ID for your smartphone but a different ID for each app so Google may not be able to trace which apps you are using. With MicroG, you also do not need a Google account for receiving push notifications!
J'ai aussi lu que Android tue les applis en arrière-plan. Ça dépend du système et/ou de la surcouche constructeur, semble-t-il, voire même du logiciel. Je pense aux softphones IP (logiciel de téléphonie sur IP) qui ne peuvent pas se laisser tuer car le protocole utilisé, SIP, ne prévoit pas de notification au sens où il s'entend ici alors qu'il prévoit de nombreux minuteurs avant lesquels le softphone doit répondre au serveur.
Reste à savoir la proportion d'applis qui envoient des données persos et en clair dans les notifs. Goutte d'eau ou vrai sujet ?