Does Google store the contents of notifications?

Does anyone know if Google or Apple record and store the contents of notifications given to people? I feel this could be a potential area that exposes private info such as when a transaction is received as it states the amount of crypto received or sent.

5 Likes

That is a good question! Would love to see if anyone knows.

I did see a post about adding the app to some sort of non-tracked version of the play store, but i honestly would know (i dont even use a phone myself only
vms)

6 Likes

But I don’t think Google does all this because Google never interferes in any personal matter.

4 Likes

This a good question. What I know is when you use a degoogled phone without google services, push notifications are not working for services and messenger. Many people use Micro G as a workaround. So there is definitively a communication with the Google / Apple servers in the background.

6 Likes

Your right about that Sato.
We should avoid any use or connection with google and also apple! The sooner we have a desktop version the better! I am running the app on Bliss,(a version of open android)
We are supposed to be Incognito! Aren’t we?

2 Likes

Exactly. I also use a de-googled phone: LineageOS.

3 Likes

Great choice :+1:

1 Like

But speaking of which, this forum has google-analytics trackers :\ which of course if block.

2 Likes

I also block it. For a privacy project we use a lot of trackers and other google services. Hope this will be fixed as well on the long run.

2 Likes

I’m also using a de-googled phone. It would be nice to get notifications so I don’t have to keep checking the app when I’m anxiously awaiting a trade.

1 Like

Does anyone here know how to use Micro G? I pulled up the app on my phone and it has options like “connect to a google account” I don’t think I want to do that. Does micro G work without connecting to google?

Interesting. Another thing I was wondering about lately is Google authenticate. And a fact that a lot dexes and privacy oriented sites use it. Usually when you link your code with an account, it labels it with name of website it belongs to together with an email you used to open the account. So I presume that Google now can link it to your phone number. But I don’t know…

1 Like

FCM (firebase cloud messaging aka. google push notifications) is not e2e encrypted, but can be. I quickly browsed https://github.com/incognitochain/incognito-wallet and it looks like the app doesn’t decrypt push messages, so google might have access to the content (I might be wrong though).

However, FCM device tokens are generated on-demand, per device and anonymised, so google doesn’t know who the messages are going to, but also not impossible to track.

@duc it might be a good idea to start generating encryption keys in addition to the FCM device tokens when the app first registers with the backend, that way the push content can be e2e encrypted per user. I would be happy to help with the implementation, however I’m not sure if the backend code is open source.

1 Like

Hey @adrian and others,

This is a reasonable concern as tracking personal user info is against the project intention we’re building here and it’s an interesting problem to discuss and solve. I just added this to our backlog and revisit it soon. We made a few mistakes in the past with using GA for user analytics, enabling google captcha, etc so will try to avoid this sort of privacy violation as much as possible.

By the way, I personally encounter a problem with WalletConnect’s bridge server unreliability while working on the decentralized eth/erc20 shielding process. If you guys have any experience with it, I would be really appreciated your help.