search

element-hq / element-android

A Matrix collaboration client for Android.
https://element.io/
GNU Affero General Public License v3.0
3.39k stars 732 forks source link

Hide message content from notifications #572

Open qazip opened 5 years ago

qazip commented 5 years ago

For E2EE, I was under the impression that the encryption is useless if the message content is shown in the notification. This is currently the case, and there doesn't seem to be a way change this in the app, is there?

If there isn't, shouldn't there be a note stating that riotX is currently insecure for E2EE chats when notifications are activated?

BillCarsonFr commented 5 years ago

Not sure what's exactly your concern (push privacy, eye dropper, android system), but this is what I can say:

The message content you see on the notification has been decrypted locally on your device. No content has transited to a third party (push provider), the server himself is not able to read the message as it's encrypted E2E, riotX just received a push saying that a new message is available, then RiotX opens a connection with the homeserver to get the encrytped content and decode it. So if your concern with security is that, it's not the case. (notice that currently riotx is configured to not even send message content from unencrypted room through FCM, only an eventId)

Other than that there are settings on your phone where you can decide to hide notifications content for eyedroppers when the phone is locked (there is also an option to hide 'sensitive content' when the device is locked, this should apply for encrypted messages)

Finally If your concern is on the system notification panel leaking information, I don't have info on that and would be happy if you have some info to share. -> Maybe in this case you would like a option in the settings to never show decrypted content in the notification pannel?

jadedarko commented 4 years ago

It would be good to be able to hide the sender and content from the notification.

Google Assistant's smart reply suggestions demonstrates that they absolutely read notification content.

immanuelfodor commented 4 years ago

As to my understanding, the smart replies are on-device decisions, like open link in browser, etc. I don't use GAssistant and even my notifications have such options.

charJe commented 3 years ago

Even if not for security reasons, I would really like this feature. It helps me not ignore messages.

progserega commented 2 years ago

One more reason for this feature: I use smart Watch and it app on smartphone want read all notification. In secret room we can send passwords and any other critical information. All this can be sended to cloud of smart watch developer. On smartwatch will be nice see only some non personal information. Options in element for example: Encrypted rooms:

  1. Show full text in notification
  2. Show only room name and count not readed messages from them
  3. Do not show room name - show only "count not readed encrypted messages"

Non encrypted rooms:

  1. Show full text in notification
  2. Show only room name and count not readed messages from them
  3. Do not show room name - show only "count not readed messages" (encrypted and not)

In most cases only text of messages from encrypted rooms will be hided in notification. Hide text in open rooms have not security reasons in most cases.

mapled commented 2 years ago

Would like to see this feature as well. On iOS it is possible. image