Official site: https://www.iceblock.app/
The CNN article talks a bit more about privacy issues. This bit caught my eye:
It’s only available on iOS because Aaron says the app would have to collect information that could ultimately put users at risk to provide the same experience on Android.
I would like to see some details about this. Perhaps there’s a way to work around that problem, even if it meant publishing on F-Droid instead of Google Play.
The developer put up more specific details: https://www.iceblock.app/android
Thanks for the link.
So the problem is that using Android’s push notification system would require ICEBlock to store people’s device IDs, which could then be used against them.
I wonder if this could be avoided by using Web Push instead of google’s native push notification system. Or perhaps some other push notification system using rotating ephemeral IDs.
Not an expert but ephemeral IDs would not give you much.
AFIK under the hoods android notifications is just… a chat app (Ehehe classic google). So for sending a notification you need to send it to the ID of your mobile. Even if you manage to convince Android to register with an additional ephemeral ID Google would be able to map the ephemeral to the real since… well… it is running on the mobile
Note this part of what I wrote:
Google’s default one is not the only one.
…almost none of what is said about Android push notification is true. A lot of apps uses firebase, which does not require the creation of user accounts or whatever to send push notifications to a device.
Either they’re completely unfamiliar with it, or they don’t want to do it, but what they claim is dubious at best.
How can you tell firebase who to notify?
I guess you need a firebase id of sort… and firebase needs the device id… and firebase is an US Company… so it’s just an extra step but the result is the same. They have to store IDs that can link to devices
The same way with iOS. At some point, the third-party service have a way to link a push to a device. It does not mean that you can link an user to a device, or a specific request to a device. You get a unique ID for the notifications, yeah. And someone could tell that the app server have these ID. But that’s not particularly different with iOS. It not being exposed to the app dev directly does not mean that this info does not exist on the third-party server, that can still get asked about it.
Unless Apple found a way to magically send a message to a specific device, from a specific external server, without anyone, anywhere, having any idea where the notification should go. Which, fair, could be done by sending every messages to everyone after encrypting it for a specific recipient, but that would be a bit inefficient at this scale. The trace for push notifications exists, whether you’re using Apple or Google as the backend.
From what I’ve been reading on this lately (since this started) on iOS a method exists for a service to send out a list of locations, or references list that exists on device (this can work with date/time triggers as well) that would trigger a notification and the local device itself handles notification of the user so the developer has no idea who has been notified for all they know they just shouted locations out into the void and the on-device location services handles the rest.
https://developer.apple.com/documentation/usernotifications/unlocationnotificationtrigger
The gist of what they’re saying is we trust Apple, not Google. Both american companies. But on android it is possible to have real time notifications without google. I also didn’t like the wording of their page, read a lot like Apple apologia if not an utter advertisement - an iPhone XR costs only 50$! Don’t you guys have
phonesiPhones??Let’s go back for a second and think about the people who need this type of service the most, today, in the US. Are they Apple or Android users?