- cross-posted to:
- pulse_of_truth@infosec.pub
- cross-posted to:
- pulse_of_truth@infosec.pub
“App developers can encrypt these messages when they’re stored (in transit they’re protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted.”
Using weak examples and how they are better served in a different way doesn’t mean much
With push data like this you can identify something like every other member of an encrypted group chat by correlating the push notification metadata
They are demanding this for a reason
That’s actually a really good point I hadn’t thought of. I still think other data would be more useful, but your example is the first one I’m hearing that maybe could have work if they had no other data to work with