惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Proofpoint News Feed
The Last Watchdog
The Last Watchdog
Security Latest
Security Latest
P
Privacy International News Feed
T
Threat Research - Cisco Blogs
H
Help Net Security
T
The Exploit Database - CXSecurity.com
Know Your Adversary
Know Your Adversary
博客园_首页
S
Securelist
S
Schneier on Security
G
GRAHAM CLULEY
Cisco Talos Blog
Cisco Talos Blog
V
Visual Studio Blog
博客园 - 叶小钗
C
Cybersecurity and Infrastructure Security Agency CISA
有赞技术团队
有赞技术团队
Recent Announcements
Recent Announcements
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Microsoft Azure Blog
Microsoft Azure Blog
A
About on SuperTechFans
博客园 - 三生石上(FineUI控件)
Stack Overflow Blog
Stack Overflow Blog
量子位
L
Lohrmann on Cybersecurity
Hugging Face - Blog
Hugging Face - Blog
Engineering at Meta
Engineering at Meta
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
A
Arctic Wolf
P
Privacy & Cybersecurity Law Blog
Simon Willison's Weblog
Simon Willison's Weblog
S
SegmentFault 最新的问题
The Hacker News
The Hacker News
罗磊的独立博客
博客园 - 司徒正美
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - 【当耐特】
Microsoft Security Blog
Microsoft Security Blog
K
Kaspersky official blog
人人都是产品经理
人人都是产品经理
博客园 - 聂微东
L
LINUX DO - 热门话题
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
V2EX
V
Vulnerabilities – Threatpost
AWS News Blog
AWS News Blog
小众软件
小众软件
Project Zero
Project Zero

Electronic Frontier Foundation

Onward, Friends EFFecting Change: LGBTQ+ Solidarity Against the Tide of Surveillance EFFecting Change Site Banner 6.17.26 Victory! 702 has Expired! Yes to California's Bill to Ban Surveillance Pricing ‘News’ Site Keeps Hallucinating EFF Staffers LGBT Q&A: We’re Back With Season 2! Congress Just Rushed Through a Disastrous Copyright Office Overhaul The 702 Ultimatum: Warrant Requirement or Bust Enshittification Merch That Actually Fights Enshittification 🔊 Mass Surveillance for… Loud Music? | EFFector 38.11 How and Why to Fight Back Against Social Media Bans Tell Congress: Just Say No to NO FAKES VICTORY: Meta Strips Facial Recognition Code From Smart Glasses App After Public Outcry Cheers to the Winners of EFF’s 18th Annual Cyberlaw Trivia Night! EFFecting Change: If You Own It, Why Can't You Fix It? Internet Age-Gates Are a Growing Global Threat LGBT Q&A Season 1 Recap: Staying Safer Online EFF at TechCrunch Disrupt California’s AB 412 Still Demands Developers Do The Impossible Pulte Appointment Underscores Need to Reform Section 702 Spying EFF Testifies to Congress on Protecting Americans’ Rights from Government AI Move Fast, Surveil Things EFF at DEF CON 34 We're Fighting Mass Surveillance Tech—and Winning Welcome New EFF Executive Director Nicole Ozer One Step Forward, Two Steps Back: CA's AB 1856 Exempts Open Source But Expands Age-Gating Barcelona Cybersecurity Congress Age Verification is a Privacy Nightmare More License Plate Reader Mission Creep: School Residency Verification, Background Checks, and Noise Complaints 🔒 A Win for Encrypted Messaging | EFFector 38.10 Microsoft Took a Step Toward Human Rights Accountability. Google and Amazon (and Others) Should Pay Attention! Your Privacy Shouldn't Be A Corporate Decision EFFecting Change: LGBTQ+ Solidarity Against the Tide of Surveillance We Updated Our Privacy Policy. Here's What Changed and Why. We Must Not Normalize Digital Surveillance Abuses. EFF’s New Guide Underlines Concrete Steps to Fight Back. EFF at Black Hat USA Help EFF Solve an Issue That's Bigger than Creepy Ads The Science is Not Settled: How Weak Evidence is Fueling a National Push to Ban Social Media for Youth Broken Promises: RIP Instagram’s End-to-End Encrypted DMs Victory! End-to-End Encrypted RCS Comes to Apple and Android Chats EFF Launches New Offline Campaign for Saudi Wikipedian Osama Khalid A Hackers Guide to Circumventing Internet Shutdowns Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare EFF to Fourth Circuit: Electronic Device Searches at the Border Require a Warrant EFFecting Change Site Banner 5.14.26 EFF Stands in Solidarity With RightsCon and the Global Digital Rights Community Congress Narrowed the GUARD Act, But Serious Problems Remain Free Signal Guide Milestone 1.0.0 Release of APK Downloader `apkeep` Powers Research on Android Apps 👎 California's Terrible, No Good, Very Bad Social Media Ban | EFFector 38.9 The SECURE Data Act is Not a Serious Piece of Privacy Legislation Offline: Osama Khalid EFF and 18 Organizations Urge UK Policymakers to Prioritize Addressing the Roots of Online Harm Shut Down Turnkey Totalitarianism EFF Submission to UK Consultation on Digital ID Getting Digital Fairness Right: EFF's Recommendations for the EU's Digital Fairness Act A Bridge to Somewhere: How to Link Your Mastodon, Bluesky, or Other Federated Accounts Utah’s New Law Targeting VPNs Goes Into Effect Next Week Open Records Laws Reveal ALPRs’ Sprawling Surveillance. Now States Want to Block What the Public Sees. Digital Hopes, Real Power: From Connection to Collective Action Aaron v. Bondi EFF Submission to UN Report on the Role of Media in the Context of Israel’s Policies Toward Palestinians Former EFF Activism Director's New Book, Transaction Denied, Explores What Happens When Financial Companies Act like Censors The Open Social Web Needs Section 230 to Survive The GUARD Act Isn’t Targeting Dangerous AI—It’s Blocking Everyday Internet Use Congress Must Reject New Insufficient 702 Reauthorization Bill The Internet Still Works: SmugMug Powers Online Photography Act Now to Stop California’s Paternalistic and Privacy-Destroying Social Media Ban EFF Challenges Secrecy In Eastern District of Texas Patent Case California Coastal Community Must Reject CBP's AI-Powered Surveillance Tower EFF to 9th Circuit (Again): App Stores Shouldn’t Be Liable for Processing Payments for User Content 📁 How ICE Got My Data | EFFector 38.8 EFF Sues DHS and ICE For Records on Subpoenas Seeking to Unmask Online Critics Bay Area Members' Speakeasy with WISP Copyright and DMCA Best Practices for Fediverse Operators Palantir Has a Human Rights Policy. Its ICE Work Tells a Different Story Keep Pushing: We Get 10 More Days to Reform Section 702 EFF at RightsCon Stop New York's Attack on 3D Printing Google Broke Its Promise to Me. Now ICE Has My Data. EFF Calls on Kuwait to Release Journalist Ahmed Shihab-Eldin Digital Hopes, Real Power: The Rise of Network Shutdowns EFF to State AGs: Investigate Google's Broken Promise to Users Targeted by the Government The Dangers of California’s Legislation to Censor 3D Printing The Bay Agenda: Security for Journalists EFF 🤝 HOPE: Join Us This August! Hot Off the Press: EFF's Updated Guide to Tech at the US-Mexico Border War as a Pretext: Gulf States Are Tightening the Screws on Speech—Again Speaking Freely: Dr. Jean Linis-Dinco We Need You: Our Privacy Cannot Afford a Clean Extension of Section 702 Yikes, Encryption’s Y2K Moment is Coming Years Early Comparison Shopping Is Not a (Computer) Crime EFF is Leaving X Banning New Foreign Routers Mistargets Products to Fix Real Problem Another Court Rules Copyright Can’t Stop People From Reading and Speaking the Law 👁 Selling Mass Surveillance | EFFector 38.7 Digital Hopes, Real Power: How the Arab Spring Fueled a Global Surveillance Boom Privacy Index Workshop EU Parliament Blocks Mass-Scanning of Our Chats—What's Next?
How Push Notifications Can Betray Your Privacy (and What to Do About It)
Thorin Kloso · 2026-04-17 · via Electronic Frontier Foundation

A phone’s push notifications can contain a significant amount of information about you, your communications, and what you do throughout the day. They’re important enough to government investigations that Apple and Google now both require a judge’s order to hand details about push notifications over to law enforcement, and even with that requirement Apple shares data on hundreds of users. More recently, we also learned from a 404 Media report that law enforcement forensic extraction tools can unearth the text from deleted notifications, including those from secure messaging tools, like Signal. The good news is that you can mitigate some of this risk. 

There are two points where notifications may betray your privacy: when they’re transmitted over cloud servers and once they land on the device. Let’s start with the cloud. It might seem like push notifications come directly from an app, but they are typically routed through either Apple or Google’s servers first (depending on if you use iOS or Android). According to a letter sent to the Department of Justice by Senator Wyden, the content of those notifications may be visible to Apple and Google, and at the very least the companies collect some metadata about what apps send a notification and when. App providers have to make the decision to hide the content from Apple and Google and implement that functionality; Signal is one app that does this. 

Then, once the notifications land on your phone, depending on your settings, the notification content may be visible on your lock screen without needing to unlock the device. This can be dangerous if you lose your device, someone steals it, or it’s confiscated by law enforcement. 

You may clear notifications after looking at them. But it turns out the content notifications get recorded in your device’s internal storage, which then makes them susceptible to recovery with certain types of forensic tools. Notification content may even persist after the app is deleted, if the OS doesn’t fully purge the app’s notification data. 

We still have a lot of unanswered questions about how the notification databases work on devices. We do not know how long notifications are stored, or whether they’re backed up to the cloud, in which case the cloud provider could get backdoor access to the content of messages if the backups are enabled and not end-to-end encrypted. This may also make backups vulnerable to law enforcement demands for data. 

Which is all to say that there are myriad ways that law enforcement can access the content or metadata of push notifications. Let’s fix that.

Consider the Strongest Notification Protections for Your Secure Messaging Apps

Secure chat tools are designed to keep the content of the messages safe inside the app. So, for secure chat apps like WhatsApp and Signal, that means the company that makes those apps cannot see the content of your messages, and they’re only accessible on your and your recipients’ devices. Once messages land on a device, it’s still important to consider some privacy precautions, particularly with notifications. 

Signal
Signal offers three levels of information to include in notifications, all which are pretty self explanatory:

  • Name, Content, and Actions (Name and message on Android) shows the entirety of a message as well as who sent it (on iPhone you can also slide to reply, mark as read, or call back). 
  • Name only only shows the name of the sender. 
  • No Name or Content (No name or message on Android) will only show that you have a message from Signal, not who sent it or what it’s about. 

To change your settings:

  • On iPhone: Tap your profile picture, then Settings > Notifications > Show.
  • On Android: Tap your profile picture, then Notifications > Show

WhatsApp
WhatsApp only has one option for this, and it’s currently limited to iPhone, but you can at least tell the app not to include the content of a message in the notification:

  • Open WhatsApp for iPhone, tap the “You” bar, then Notifications, and disable the Show preview option.

Check your other apps to see if they offer similar settings.

Limit Your Notifications Device-Wide

Since Apple and Google manage push notifications for their respective devices, they also have some visibility into certain data. Push notification data can include certain types of metadata, like which app sent a notification and when, as well as the account ID associated with the phone. In some cases, Apple and Google may have access to unencrypted content, including the content of the text in a notification or other information from the app itself. 

For most app notifications, there’s no simple way to easily figure out what metadata might be gleaned from a notification, or if the notification is unencrypted or not. But some app developers have described details along these lines. For example, Signal president Meredith Whittaker explained on social media how the Signal app handles notifications entirely on-device. Searching online for an app name along with “notification privacy,” “notification encryption” or “notification metadata” may help answer your questions, or you may need to dig around in support forums for the app.

 push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls-not to Apple, not to Google, not to anyone but you & the people you're talking to. 1/ In Signal, push notifications simply act as a ping that tells the app to wake up. They don't reveal who sent the message or who is calling (not to Apple, Google, or anyone). Notifications are processed entirely on your device. This

It’s also good to reconsider whether any app should be sending you notifications to begin with. Aside from a potential decrease in the number of distractions you endure throughout the day, or the level of chaos on display on your lockscreen, limiting the apps that can send notifications and what content is visible in them can improve your privacy with respect to the sorts of metadata that may be gathered by the companies, as well as any content that may be viewable if someone has physically accessed your device.

To check and change your settings on iPhone

  • Open Settings > Notifications.
  • On the Show Previews option, you can choose whether to show the content of notifications on the lock screen, “Always,” which doesn’t require unlocking the device, “When Unlocked,” which does, and “Never,” which means notifications won’t have any details, just that you have a notification in an app. 
  • Alternatively, you can scroll down and change these settings per app. Just tap the app name, then the Show Previews menu, and choose how you’d like them to appear. Or, if you’ve decided you don’t want notifications from that app at all, uncheck the Allow Notifications option.

To check and change your settings on Android
The core version of Android relies on app developers to develop specific settings more than controlling them on a platform-wide level.

  • Open Settings > Notifications > App notifications to disable notifications from any app completely. Some apps may also offer internal notification options for specific types of notices, like new messages, that you can control in the app itself. Tap an app name, then tap the Addition settings in the app option to potentially customize it more.
  • You can also experiment with the sensitive content setting. This is up to the developer to set properly, but when done so, most notifications will require at least unlocking the device to see them. Open Settings > Notifications > Notifications on lock screen and disable “Show sensitive content.”

Control What Notifications AI Tools Can Access

In an attempt to make notifications easier to skim, both Android and iOS offer optional ways to get notification summaries using their AI tools that summarize the content of notifications. On an individual app level, WhatsApp offers this as well. Some of these summarization tools, like Apple’s, run on the device, while others, like WhatsApp’s, do not. This can all be a lot to keep track of, and sending data off device may create some level of risk for some messages.

Since this is a bit more complicated, we have another blog post that walks through the steps to take to protect messaging from accidentally ending up in AI tools built into Apple and Google's devices. For WhatsApp specifically, we have a blog detailing when you might want to turn on the app’s “Advanced Chat Privacy” feature, which can disable summaries for both yourself and others in the chat.

Balancing security, privacy, and usability with something like push notifications is a complicated task. At the very least, Apple and Google should better ensure that the content of these notifications isn’t transmitted over their servers in plain text. The companies need to also make sure that device operating systems don’t back up the notification database to the cloud, and when an app is deleted, that all notification data is purged.

We appreciate that apps like Signal allow you to control what’s visible with notifications on a per-app basis, and we’d like to see this level of granularity of choices in other secure messaging tools, like WhatsApp. Likewise, more apps should handle push notifications similarly to the way Signal does, where a ping is sent to wake up the app to check for messages, and the content of that message is never sent across servers.