Signal push notifications could present privacy vulnerability, says Durov

The comments followed recent reports that law enforcement officials retrieved deleted Signal messages through device push notification logs.

Pavel Durov, co-founder of the Telegram messaging application, said that push notifications create a persistent, critical vulnerability to user privacy, allowing data retrieval even after messages and messaging applications that allow push notification data storage have been deleted from a device.

Durov cited a recent report, originally published by 404 Media, that the United States Federal Bureau of Investigation (FBI) was able to retrieve deleted messages from a Signal user by accessing device notification logs on an Apple iPhone. Durov said on Friday:

Cointelegraph reached out to Signal about the FBI’s data retrieval but did not receive a response by the time of publication. 

The recent reports highlight how investigators and those with sufficient technical skills can circumvent end-to-end encryption and breach user privacy by accessing metadata and other information generated by applications, prompting a need for decentralized messaging applications that do not collect such data. 

Read more