Messaging push notifications are a privacy attack surface, says Durov
The comments followed recent reports that law enforcement officials retrieved deleted Signal messages through device push notification logs.
Pavel Durov, the co-founder of the Telegram messaging application, said that push notifications create a persistent, critical vulnerability to user privacy, allowing data retrieval even after messages and messaging applications that allow push notification data storage have been deleted from a device.
Durov cited a recent report, originally published by 404 Media, that the United States Federal Bureau of Investigation (FBI) was able to retrieve deleted messages from a Signal user by accessing device notification logs on an Apple iPhone. Durov said on Friday:
Cointelegraph reached out to Signal about the FBI’s data retrieval but did not receive a response by the time of publication.
The recent reports highlight how investigators and those with sufficient technical skills can circumvent end-to-end encryption and breach user privacy by accessing metadata and other information generated by applications, prompting a need for decentralized messaging applications that do not collect such data.