It’s not about the store, it’s about the notification.
As mentioned in the Time article:
the app is not available on Android because it “requires a device ID in order to send push notifications, which requires a user account and a password.”
How do you suppose APNS knows which device to deliver the notification to?
Something that… links it to the device? Like, a unique ID that Apple can identify?
It sounds like he thinks HE has to store this information, which is simply incorrect. It will obviously be stored by Google in Firebase, and by Apple wherever that gets stored, but HE does not have to store it.
I write apps for a living. I have users subscribe and unsubscribe to channels, and at no point is there a user account with password involved in either iOS or Android. If you want the memory of which channels they have subscribed to to persist across uninstall/reinstalls or different devices, then yes, but for an app like this you don’t need to persist those settings.
At any point the government could subpoena who’s received pushes (or at least, who’s registered to) from both Google and Apple.
I’m not the developer, but I do also write app backends for a living so I know there is some nuance that you’re skipping over in your response. But if you have a way to do this completely anonymous on android I’d suggest offering help to the developer who made this.
Something that… links it to the device? Like, a unique ID that Apple can identify?
APNS tokens are linked to the app install and renew on a certain timeline. Already making them not exactly the same as a device identifier.
Apple Push Notification service (APNs) must know the address of a user’s device before it can send notifications to that device. This address takes the form of a device token unique to both the device and your app. At launch time, your app communicates with APNs and receives its device token, which you then forward to your provider server. Your server includes that token with any notifications it sends.
No, you’re right, GOOGLE will take the device identifier, but him talking about how he would need to store it, and especially for channels where he talks about user names and passwords really makes me think that he thinks he personally has to do it, with his own backend storing it. (edit: The point is, that he doesn’t HAVE to do it this way. You can, and it gives you more control, but you can let Google do it all. It’s never anonymous with anyone though.)
Apple knows which devices have the app installed. They would be able to link that back to the device if it was demanded, even if it is a bit more obscured.
i don’t think this other commenter was calling you out. i think they were just bringing up a point of discussion that’s relevant to the point you brought up
It has to do with receiving notifications from the app in a privacy-preserving way. Unless the app is running with a server connection 24/7 (RIP battery life) you need to rely on the OS to deliver notifications.
You don’t, there’s privacy respecting ways of delivering notifications in android.
Also, a 24/7 connection to a server isn’t nearly as bad as you might think.
The connection isn’t active the whole time, it only uses any significant amount of battery if there’s actually data being sent or received. You likely already have quite a few of them anyway, how do you think systems normally listen for push notifications?
Besides all that, I read in other comments that the privacy issue was the device id firebase needs. Obviously apple also needs some kind of device id, otherwise how do they know where the notifications are going?
Did some searching, yup apple also needs a unique identifier:
When it’s time to send a notification, you generate a request that contains the notification data and a unique identifier for the user’s device.
Quote from some other place people were discussing it. Unfortunately no source on it.
EDIT: https://www.iceblock.app/android
It’s 1000% possible to use android apps without involving Google in any way.
Edited for further clarification. It’s not about Google, it’s about what Android needs to receive notifications: https://www.iceblock.app/android
There are other stores besides the playstore…
It’s not about the store, it’s about the notification.
As mentioned in the Time article:
Its totally possible to send notification without having user account, see firebase.
You don’t need a user account or password to receive a push notification.
You just need to have the app installed. The app can be configured by the developer to receive push notifications.
And the developer needs a device ID for that. Which is their objection: https://www.iceblock.app/android
How do you suppose APNS knows which device to deliver the notification to?
Something that… links it to the device? Like, a unique ID that Apple can identify?
It sounds like he thinks HE has to store this information, which is simply incorrect. It will obviously be stored by Google in Firebase, and by Apple wherever that gets stored, but HE does not have to store it.
I write apps for a living. I have users subscribe and unsubscribe to channels, and at no point is there a user account with password involved in either iOS or Android. If you want the memory of which channels they have subscribed to to persist across uninstall/reinstalls or different devices, then yes, but for an app like this you don’t need to persist those settings.
At any point the government could subpoena who’s received pushes (or at least, who’s registered to) from both Google and Apple.
I’m not the developer, but I do also write app backends for a living so I know there is some nuance that you’re skipping over in your response. But if you have a way to do this completely anonymous on android I’d suggest offering help to the developer who made this.
APNS tokens are linked to the app install and renew on a certain timeline. Already making them not exactly the same as a device identifier.
Just figured I’d add Apples own documentation as well
https://developer.apple.com/documentation/usernotifications/registering-your-app-with-apns
No, you’re right, GOOGLE will take the device identifier, but him talking about how he would need to store it, and especially for channels where he talks about user names and passwords really makes me think that he thinks he personally has to do it, with his own backend storing it. (edit: The point is, that he doesn’t HAVE to do it this way. You can, and it gives you more control, but you can let Google do it all. It’s never anonymous with anyone though.)
Apple knows which devices have the app installed. They would be able to link that back to the device if it was demanded, even if it is a bit more obscured.
Ntfy.sh
There are ways around that
Good old firebase. Notifications are not entirely device local on android, or something like that.
Thanks, but I’m not the developer of the app so that’s not really relevant for me.
i don’t think this other commenter was calling you out. i think they were just bringing up a point of discussion that’s relevant to the point you brought up
fdroid?
There is side loading, they can just release it on GitHub.
That’s not how push notifications on android work.
That doesn’t have anything to do with how you install the app.
It has to do with receiving notifications from the app in a privacy-preserving way. Unless the app is running with a server connection 24/7 (RIP battery life) you need to rely on the OS to deliver notifications.
You don’t, there’s privacy respecting ways of delivering notifications in android.
Also, a 24/7 connection to a server isn’t nearly as bad as you might think.
The connection isn’t active the whole time, it only uses any significant amount of battery if there’s actually data being sent or received. You likely already have quite a few of them anyway, how do you think systems normally listen for push notifications?
Besides all that, I read in other comments that the privacy issue was the device id firebase needs. Obviously apple also needs some kind of device id, otherwise how do they know where the notifications are going?
Did some searching, yup apple also needs a unique identifier:
From https://developer.apple.com/documentation/usernotifications/setting-up-a-remote-notification-server
Apple notification identifiers are unique to an app install and regularly change though, so it’s hardly a device identifier.