Technology@lemmy.worldbyfrocalannifo@fedia.io
11 days

Signal messages retrieved from iOS notification, as seen in Prairieland federal trial

TLDR: signal content in Apple notification can be retrieved even after signal app deletion.

I saw from this reddit thread: Signal messages retrieved from iPhone after uninstalling app. : signal

Referencing this news article: Pretti Killing May Affect ICE Prairieland “Antifa Cell” Terrorism Trial

The mention of signal is in court documents here: March 10: Federal Trial Day 12 - Support the Prairieland Defendants

Signal chat evidence from Sharp’s device (Exhibit 158):
Messages were recovered from Sharp’s phone through Apple’s internal notification storage — Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).

83
    • earthworm@sh.itjust.worksEnglish
      11 days

      Basically, they didn’t do this:

      (I’m on Android, so I don’t know what the options look like in iOS, but they should be identical.)

      • Rioting Pacifist@lemmy.worldEnglish
        11 days

        It would be nice if Signal let you do this per conversation.

        It’s sort of a victim of its own success, I use it for both things that do and don’t require opsec

        • The D Quuuuuill@slrpnk.netEnglish
          10 days

          and on some level it’s important for good opsec that things that don’t require opsec be done with good opsec

          • Rioting Pacifist@lemmy.worldEnglish
            10 days

            That doesn’t work in reality, as evidenced here, it’s far more likely people compromise their security for convenience than the other way around.

            Also sometimes opsec requires in get messages from certain chats quickly. Knowing where ICE are in a timely manner is important.

        • rezifon@lemmy.worldEnglish
          10 days

          I imagine that the signal devs viewed it as a similar concern as when you mistype your password the error message doesn’t give you any way to know if the password is wrong or if the account doesn’t exist.

          If only some of your notifications are sanitized then those are the suspicious ones. If all of your notifications are sanitized then none of them are suspicious. Or, at least, they’re all equally suspicious, opaque, and unidentifiable.

      • Bazoogle@lemmy.worldEnglish
        11 days

        You also don’t need to do this on Android unless you are concerned about random people seeing the messages on your screen. Signal on Android does not use Google’s push notification service

        • ɔiƚoxɘup@infosec.pubEnglish
          10 days

          You most certainly do. I looked in my notification history in my founding of signal messages.

          Then I turned off my notification history.

        • electric_nan@lemmy.mlEnglish
          11 days

          It’s not about how it’s pushed. It’s how it’s displayed (and stored) on the phone.

          • mic_check_one_two@lemmy.dbzer0.comEnglish
            10 days

            It’s both. Governments have started subpoenaing the push notification servers for data, instead of targeting individual devices. That little pop-in that says who the message was from, and maybe a little bit of the body of the text? Yeah, the push notification server handled that, and the government has access to that server. So any notification you see on your screen, you can be pretty positive that the government has also seen.

            But this is about the notification data being stored in a part of the phone that isn’t encrypted. Signal is (or at least claims to be) E2E encrypted, so it shouldn’t be possible for a warrant to get access to the messages in the app. But since the phone is storing those notifications in a separate area (which isn’t encrypted), the warrant was able to read them.

            The point is that there are two different attack vectors, and you should harden your device against both.

            • Auli@lemmy.caEnglish
              10 days

              This doesn’t make sense as the whole phone is encrypted. Do what magical unencrypted space is it stored. The push notification server yes that is an issue

              • The D Quuuuuill@slrpnk.netEnglish
                10 days

                if your whole phone is encrypted this likely doesn’t apply to you so long as you have a strong passpharse (6 characters or more) and a good data shredding policy (shred after 5 wrong guesses)

                however, that is not most people

          • Bazoogle@lemmy.worldEnglish
            11 days

            Source? I am not seeing anything about that. The only problem I have seen on Android is when applications use firebase for notifications, which is most play store apps to be fair, just no FDroid apps or some privacy preserving apps

            • electric_nan@lemmy.mlEnglish
              11 days

              Android Settings>Notifications>History. If this is on, you can clearly see past Signal notifications, including sender name and message preview (if you enabled those in Signal). I don’t know whether there is any ‘hidden’ history/cache that is stored even with notification history disabled.

              • Bazoogle@lemmy.worldEnglish
                10 days

                I know about the setting. Why are you saying that information is sent to Google’s servers? As far as I have found, that information is only stored locally on your phone

                Edit: If this is just about the fact it’s on the phone locally, of course if they have your actual phone they can see it. Signal is end to end encrypted, but it isn’t go to be encrypted on each end, otherwise you couldn’t read messages. Them getting your actual phone is very different from them intercepting the communication without you knowing

                • electric_nan@lemmy.mlEnglish
                  10 days

                  Read the original story. This whole thing is about retrieving data from the phone itself, not from Apple or Google servers.

                  • Bazoogle@lemmy.worldEnglish
                    10 days

                    Gotcha. I misunderstood. I didn’t think it would be just that, because of course if they have your phone they have the contents. Signal encrypts end to end, but if they have the end device of course it isn’t encrypted.

                • nforminvasion@lemmy.worldEnglish
                  10 days

                  The issue is that even if a message is deleted, message content can be retrieved through notification history.

        • The D Quuuuuill@slrpnk.netEnglish
          10 days

          as far as i know signal uses Google’s notification service and if you want it to not you need to use Molly

      • Crackhappy@lemmy.worldEnglish
        10 days

        Thank you internet stranger. I’m going to do this but fuck me if I can get my family to change their settings. They don’t even know they can create a poll.

        Don’t ask me. I made all of you admins do I don’t have to answer questions like how do I make a poll. Click the + button. Yeah. The one on your fucking screen right now.

        No grandpa. We are not trying to figure out who is trans. No popop none of are naxies (I hope)

        Anyway, click the +. Right there. That is how you create a poll.

      • blargh513@sh.itjust.worksEnglish
        10 days

        This is the problem, not what is shown in the per-app notifications. Don’t turn on notification history.

      • Chais@sh.itjust.worksEnglish
        10 days

        And you believed that?? Do you also believe Micro$lop when they tell you that Windows is the best OS?

          • Chais@sh.itjust.worksEnglish
            10 days

            I know. I usually include the tone indicator, but I forgor. Also it’s not quite sarcasm. More a rhetorical question.

    • scytale@piefed.zipEnglish
      11 days

      I learned about this a couple of months ago and I’ve since disabled previews in notifications. It’s unfortunately the nature of how notifications are delivered to you. You should be fine by disabling message previews in your notification settings.

    • anon_8675309@lemmy.worldEnglish
      10 days

      That’s my biggest issue with notifications. Notifications should just notify you that something happened and you need to open the app to find out. Carrying actual data ON the notification is a no-no.

      But what do I know, I’m an old developer not one of these modern vibe kiddies.

      • WolfLink@sh.itjust.worksEnglish
        10 days

        Signal already has that setting. It’s up to the user to decide their level of convenience vs security.

      • baggachipz@sh.itjust.worksEnglish
        10 days

        A notification doesn’t have to carry any data in its payload; Signal devs could take care of that.

        • rezifon@lemmy.worldEnglish
          10 days

          Signal has supported this for many years. Users can choose full content notifications, name only, or no-content notifications.

          • baggachipz@sh.itjust.worksEnglish
            10 days

            I believe what’s in the payload is not the same as what the user chooses to see. That is, it’s sent no matter what but the user can set what’s visible on the lock screen. I could be wrong though.

            • eco_game@discuss.tchncs.deEnglish
              10 days

              That’s a separate OS setting. Signal itself has its own setting for which content is actually sent in the notification.

            • rezifon@lemmy.worldEnglish
              10 days

              Why do you so confidently assert things which you do not know but merely believe without checking?

              • baggachipz@sh.itjust.worksEnglish
                10 days

                Did I not qualify it by saying I could be wrong? What is so confident about that? Jesus Christ, nobody asked you.

        • blargh513@sh.itjust.worksEnglish
          10 days

          That’s not the problem here. Showing a notification with content is not a big deal.

          In the case stated here, the big deal is that the notification HISTORY was preserved after removal of Signal. That’s because both Apple and Google do the same thing. They keep a notification history. Not on a per-app basis, ALL apps notification history is stored.

          I know that on Androids, it is turned off by default and you can turn it on, so you get the impression that Android doesn’t have this issue. I am going to guess as I do not own an apple anything that iOS has notification history turned on by default. This is the real problem. This is not anything Signal can control for unless they were to not support notifications which would render their app useless, so that’s not an option.

      • NotMyOldRedditName@lemmy.worldEnglish
        10 days

        The actual notification telling you there is a message shouldn’t contain the content if its sensitive, it should only carry an ID to said message, and im certain this is what signal does. Thats like the most utter basic thing about notifications.

        Once that notification arrives, the system decides what to show you after fetching the message from the ID in the background. You can opt to keep that private or show it.

        In this case if you opt to show it, it leaks.

      • phx@lemmy.worldEnglish
        10 days

        Yeah. It’s not just signal either that could be an issue. Sure, I want my private messages to be private, but there are financial apps, business email, and many other bits of very sensitive information that could be captured in those messages

    • HumbleExaggeration@feddit.orgEnglish
      10 days

      So you are telling me an app is encrypting the shit out of every message so it can secretly delivered to another person. An then the persons phone decrypts the message and broadcasts it to an apple server, so it can get send back and make the phone go ‘ding’?

      Shouldnt the notification be handled inside signal somehow, so this is the only app with the decrypted message?

      What is next, everything from my ram needs to go through google servers to be transmitted to my display?

      • RunningInRVA@lemmy.worldEnglish
        11 days

        The Signal server would send a backend notification to the client app via the Apple Push Notification Service. The app is then able to wake up, at which point it fetches new messages (securely) from the Signal servers. The app then generates a local notification with a preview of the received message. iOS is then logging those messages.

    • Bazoogle@lemmy.worldEnglish
      11 days

      This is not always the same on Android. Any app from FDroid will not use Google’s push notification service because it is proprietary, meaning it violates the rules for FDroid. Signal does not use Google’s notification service

      • WhyJiffie@sh.itjust.worksEnglish
        11 days

        It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

        It’s because the system saves the notifications apps posted to the notification menu.

        • Bazoogle@lemmy.worldEnglish
          11 days

          It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

          Is is 100% because of firebase. Here is an example payload from firebases official document:

          {
  "message":{
    "token":"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P1...",
    "notification":{
      "title":"Portugal vs. Denmark",
      "body":"great match!"
    }
  }
}

          https://firebase.google.com/docs/cloud-messaging/customize-messages/set-message-type

          Notification history is purely local to the device. It is not sent to any servers.

          • olorin99@kbin.earth
            11 days

            Notification history is purely local to the device. It is not sent to any servers.

            Yes the notifications were retrieved from the phones local storage. Firebase was not involved in anyway.

          • WhyJiffie@sh.itjust.worksEnglish
            10 days

            that is the documentation of firebase, not signal. firebase just shows a common example there that is easy to implement for beginners and lazy devs. but developers can send whatever they want through firebase. I wouldn’t be surprised if that’s what facebook messenger is doing, but if a developer cares about their users privacy, they can just send a simple message through firebase, and make the app so that when receiving that, it checks for new messages by itself.

            this is what the molly fork does with unifiedpush. the UP server, commonly ntfy.sh, only sees that the mollysocket server sent this to your molly client:

            {"urgent": true}

            Notification history is purely local to the device. It is not sent to any servers.

            I did not claim so. but when your phone is confiscated, it’s possible to read that out

            • 0_o7@lemmy.dbzer0.comEnglish
              10 days

              Why are you using an example molly client using unified push on a post about Signal?

              Signal isn’t molly and cannot unified push at all.

              Can you point to signal source code with this implementation?

    • x00z@lemmy.worldEnglish
      11 days

      This has been done before and is already pretty well known.

      • frongt@lemmy.zipEnglish
        10 days

        When I saw it hit the news before, it was because they were reading notifications off Google servers, which contained at least part of the message. Not because they were reading the device’s notification history.

        • x00z@lemmy.worldEnglish
          10 days

          That’s true. Technically it’s different. The end result is kind of the same though.

    • woelkchen@lemmy.worldEnglish
      11 days

      Well, of course. All notification contents go through Apple’s servers (or Google’s in case of Android).

    • TheFrirish@tarte.nuage-libre.frFrançais
      10 days

      Honestly I have a much much much MUCH MUCH bigger issue with the fact that it is an American and Centralised service.

      FBI still can’t access it though.

        • forestbeasts@pawb.socialEnglish
          10 days

          There’s Matrix which is selfhostable but “good” is pushing it and the cryptography is a bit iffy (probably more incompetence than malice). Though selfhosting it means you don’t need the end to end encryption quite as much… until the court gets involved of course.

          – Frost

        • badgermurphy@lemmy.worldEnglish
          10 days

          Good? No.

          I think it is telling about Signal, though, that despite being in a privacy-unfriendly jurisdiction, federal authorities can only extract data from it when its users mess up.

          I don’t think you’ll get much better until some of these other services mature more. Some of them seem painted into a corner where improving them further seems to involve rewriting big sections of them, like Matrix, so I am less optimistic about those.

        • TheFrirish@tarte.nuage-libre.frFrançais
          10 days

          As of now the most complete alternative (albeit controversial) is the decentralised SimpleX Chat. But it’s not as easy to use as Signal.

    • ImmersiveMatthew@sh.itjust.worksEnglish
      10 days

      Just more evidence that Apple is not that concerned about privacy as this is a hole they absolutely could close.

    • frocalannifo@fedia.io
      11 days

      Added the full content of the original post to the body of this thread.

    • DarkFuture@lemmy.worldEnglish
      10 days

      Another reason not to own Apple products.

      Don’t think I’ve ever seen a company with shittier products better at tricking the gullible into buying them.

      Anything you can do on a Mac/iPhone you can do on a PC/Android for half the price. Windows is a much more compatible and intuitive OS. And so is Android.

      Source: I’ve worked in IT for over 20 years. I’ve worked with a ton of other techs. They all hated Apple. I actually just got done working on a Mac that our media department brought me because they were also tricked by advertising into thinking you need a Mac to do media stuff. It was a nightmare and my hatred for Apple has only increased.

      P.S. Please don’t bother telling me how Linux is superior to Windows. I know Lemmy likes Linux. I don’t care. It’s not as compatible as Windows and not suitable for a work environment. I have my problems with Microsoft. This comment is about hating Apple more.

      • luckyeddy@sh.itjust.worksEnglish
        10 days

        Well, I’m here to tell you that <insert operating system here> is way better to use for <insert task>