Sen. Ron Wyden (D-OR) has written a public letter asking the Dept. of Justice to permit Google and Apple to inform their customers and the public about requests for push notifications, a technology used by smartphones to "push" notifications to phones in order to save battery power.
Push notifications work at the operating system level. To receive notifications through most apps on modern Apple and Android devices applications submit notifications through a Push Notification Service (Apple) or Firebase Cloud Messaging (Android) which then send the notification to the users phone. This information is transmitted and stored often in the plain exposing both the metadata (time, date, application) along with the data of the message and handling instructions. While options exist to encrypt the data inside the notification, it is something developers must enable on their part making it difficult to determine which apps are truly secure.
Unfortunately, for those needing a secure solution there is none aside from either disabling push notifications entirely which removes your ability to receive notifications entirely now that both major mobile operating systems require notifications go through their servers. Android has been deprecating support for normal notifications within apps beginning with versions P and now with Q are basically missing. For those running privacy conscious apps or open source applications on our phones the last couple years have been a noticeable downgrade when it comes to support making these apps less attractive. There is no doubt that this is being done to intentionally kill the free software environment by incorporating things which should be local system tasks into the cloud which doubles as an opportunity to allow business and government into our data.
If you are looking for a privacy-focused option, ironically your best bet is a Google Pixel phone loaded with the GrapheneOS ROM. This is the solution I use and they also provide a seperate Play Store implementation, which while it does open you back up to Google, is a bit better at keeping your data safe as you work on fully migrating away from Google services which is my ultimate goal. Other notable options include:
While I do not recommend the Pinephone Pro I did include it for folks here looking for a secure device. It is a phone that is designed from the ground up to use free and open source software and instead of running Android, it can run a short list of ARM-based Linux distros.
Sources:
Ron Wyden's open letter: https://www.wyden.senate.gov/imo/media/ ... letter.pdf
Mac Rumors: https://www.macrumors.com/2023/12/06/ap ... fications/