alt Hacker NewsBoth Apple and Google offer the ability for your app to intercept and modify messages before being displayed. Use that to send encrypted messages and decrypt them there, using your own code on the user’s device.
Replies
ls612 • yesterday at 9:45 PM
In fact this is what both iMessage and Signal (and maybe Whatsapp too but I can’t tell from a quick google) do.
That framing Makes it sound like the app developer has to do something active to keep message cleartext out of notifications. That's not how it is on Android.
A Firebase Cloud Messaging push notification contains what the app developer's server puts in it. That could include the message body or it could just be an instruction to the app to poll the server for new messages. It has nothing to do with the notification that's displayd on an Android device. Those are entirely local.
An app that cares about privacy wouldn't send anything more than a poll instruction over FCM.