[messaging] encryption of Signal notification messages
bascule at gmail.com
Mon Feb 22 14:44:32 PST 2016
On Mon, Feb 22, 2016 at 2:38 PM, Nick Badger <nbadger1 at gmail.com> wrote:
> Can anyone confirm that this is, in fact, the app's behavior, and that
> it's not using the push server to call a local display or something? I'm
> not hugely familiar with mobile deployment, and I've never used the push
> servers. I know you could register a service on the phone, but I don't know
> if the notification could tie into it. Regardless, it strikes me as odd
> that a team as capable as Open Whisper would put such a large
> not-end-to-end hole in an app whose explicit purpose (for many) is
> end-to-end security.
I'm like 99% sure this is the case (as an early Signal user)
When I first started using Signal, the push notifications always said "New
The messages are sent encrypted over push notifications.
Repeat: (since I already posted this message and apparently people ignored
me the first time) The messages are sent encrypted over push notifications.
As far as I know, if the local user of the phone has their settings
configured to do so, the encrypted push notifications are decrypted
*locally* on the phone *before* display.
Also in general as best as I have followed Signal development, the
developers (primarily Frederic Jacobs) are extremely aware of these issues
and doing a better job addressing them than any other iOS app available
Also Signal is open source, so if you're really curious, read the source
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging