[messaging] encryption of Signal notification messages

Tony Arcieri bascule at gmail.com
Mon Feb 22 14:44:32 PST 2016

On Mon, Feb 22, 2016 at 2:38 PM, Nick Badger <nbadger1 at gmail.com> wrote:

> Can anyone confirm that this is, in fact, the app's behavior, and that
> it's not using the push server to call a local display or something? I'm
> not hugely familiar with mobile deployment, and I've never used the push
> servers. I know you could register a service on the phone, but I don't know
> if the notification could tie into it. Regardless, it strikes me as odd
> that a team as capable as Open Whisper would put such a large
> not-end-to-end hole in an app whose explicit purpose (for many) is
> end-to-end security.

I'm like 99% sure this is the case (as an early Signal user)

When I first started using Signal, the push notifications always said "New

The messages are sent encrypted over push notifications.

Repeat: (since I already posted this message and apparently people ignored
me the first time) The messages are sent encrypted over push notifications.

As far as I know, if the local user of the phone has their settings
configured to do so, the encrypted push notifications are decrypted
*locally* on the phone *before* display.

Also in general as best as I have followed Signal development, the
developers (primarily Frederic Jacobs) are extremely aware of these issues
and doing a better job addressing them than any other iOS app available

Also Signal is open source, so if you're really curious, read the source
code yourself:


Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160222/c603aa70/attachment.html>

More information about the Messaging mailing list