I am a firm believer that there are many privacy techniques you should focus on before encrypted messaging because they will offer you much more “bang for your buck,” things like good passwords, two-factor authentication, and even encrypted email. That said, I still believe that encrypted messaging is a critical part of a well-rounded privacy and security strategy. While the vast majority of our day-to-day conversations may be benign, it can still offer a lot of insight into who we are as people – our routines, likes, and personal thoughts. This information – mundane or not – is worth protecting.
Another basic thing – If your messenger is throwing your messages in a notification; it’s being logged. Google was found to be logging almost all notification content. Make sure your message app isn’t putting the content of messages into notifications.
If the app implements their own notification system and doesn’t rely on GCM then Google isn’t able to log them as far as I know.
Sure – but how many of them actually do?
I can throw a few examples:
So, the answer is — almost every of them.
Element X (Matrix client). Basically anything that offers F-Droid or open source release will have builds without built-in notifications. Play Store/App Store builds requires using native notification systems.
You can also just use a degoogled os which won’t be logging your notification content. But in any case you shouldn’t have notifications as notifications are exclusive with at-rest encryption (or I guess you could have at-rest encryption but just have the db constantly decrypted whenever your phone is on? Seems to defeat the point then)
Which DeGoogled OS do you know of that uses their own notification backend?
https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/
You don’t need one. Just use any degoogled ROM with UnifindPush, as almost every secure messenger support it. If not, notifications can still show up via websocket.