Push Notifications

Push Notifications are primarily seen as a marketing or advertising tool.   Another popular use is within chat applications; ensuring that subscribers keep up with current conversations.

They can be set to run from a website with deployment options including products that will integrate with WordPress or Shopify.  Another route is through mobile applications.  Push notifications are innately supported for developers within Android and Xcode for IOS.  As with website based notifications various bodies offer services and plug-ins that allegedly take out much of the programming work.  Web push notifications should require the browser to be open (malware might overcome that barrier) although not the specific website that serves the notification.  Mobile based notifications do not require the linked App to be open although clicking on them will probably access the App; which might continue to run in the background without the user’s knowledge.

The benefit to a business of notifications over marketing emails is that the end user is not required to provide a valid email so might be more likely to sign up. It also avoids harvesting email data that is of limited value such as junk or throwaway email addresses. There will also be feedback on any interaction with notifications including the conversion rate to sales or clicks and the geolocation of users. A user does need to accept push notifications from a source although the authors will be doing their utmost to ensure that their service is accepted through promotions or enticements.  Push notifications can be disabled by browsers, IOS and Android but only on a site by site basis.

Naturally there will always be someone trying to work the system for other means than promoting a legal service. Through clever social engineering or exploiting stolen personal data a scammer will encourage users to allow their notifications.  In February 2024 MalwareTips reported a push notification host website that led to users receiving a large volume of unsolicited content even if the original browser had been closed.  A simple means of monetising such content is through links with the original advertisers.  The scammer receiving a small payment for each advert displayed.  With compromised users and multiple advertisers these fees soon add up.  A more worrying use case is to display links to other compromised or malware infected websites; either controlled by the scammer or providing them with a referral fee.

There are also privacy and data loss issues with the information gathered by these notifications.  Developers can encrypt the stored data harvested but the associated metadata is not encrypted.  This would include the name of the App receiving a notification, the timestamp and network details and the receiver’s location.  Within mobile communications the data will also pass through the Apple Push Notification Service or Firebase Cloud Messaging (Android).  This information could be transferred on to government agencies through requests that are legal within their jurisdiction and could be used for surveillance of individuals.

Although the risks from push notifications might be seen as limited so are their benefits.  Kindus have described the issue of web browser privacy.  This includes the option for incognito browsing which blocks browser notifications.  It is still good practice to regularly check browsers and mobile devices for any notifications that have somehow been allowed even if all notifications have apparently been blocked.

More from Privacy

18/11/2024

Data Privacy in Job Recruitment

The online job-market business model involves building up a bank of CVs and matching those with possible job vacancies.  Unlike an old school recruitment …

Read post

21/10/2024

Smart TVs – Getting Smarter At Watching You

Kindus has described how connected devices harvest personal data and how that can be misused or breached either by the hosting  body or others …

Read post

30/09/2024

The SPAM Bomb

The symptoms of a SPAM, email or subscription bomb attack are almost impossible to miss.  The victim will suddenly receive a very large volume …

Read post

16/09/2024

NHS Federated Data Platform Progress

Those with long memories will recall the time and money spent by the UK NHS in the early years of this century to build …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories