EFF: Push notifications can betray your privacy (and what to do about it)

Original post (source): Electronic Frontier Foundation (EFF) - “How Push Notifications Can Betray Your Privacy (and What to Do About It)” (April 16, 2026)

• https://www.eff.org/deeplinks/2026/04/how-push-notifications-can-betray-your-privacy-and-what-do-about-it

The headline

Push notifications are not just “messages”. They are a privacy artifact that can:

• transit platform servers (with metadata, and sometimes content), and
• linger on device longer than users expect.

The useful bits (for app teams, not just users)

EFF frames two risk points:

1. In the cloud: push is routed through Apple or Google infrastructure. At minimum, there is metadata (which app, when). Depending on implementation, content could be exposed.
2. On the device: lock-screen previews, notification history, and local storage can retain content (and may be recoverable with forensic tools).

They also point out a practical mitigation that matters for product and CRM teams: many secure messaging apps offer granular “show content / show name / show nothing” options.

Why this matters for retention and lifecycle

A lot of lifecycle practice has drifted toward “put the message in the push preview”. The EFF framing pushes you back toward a safer pattern:

• push as a ping,
• content as an in-app experience.

That tends to improve both:

• privacy posture, and
• conversion clarity (you can control the proof moment on the landing screen).

Tiny win

Take your no.1 push template and rewrite it to:

• remove sensitive nouns (names, amounts, exact locations),
• keep only the intent (“You have an update”),
• and move the specifics behind a deep link.

Then, set your OS-level preview setting to “When unlocked” on a test device and see if your flows still feel good.

Read the original: https://www.eff.org/deeplinks/2026/04/how-push-notifications-can-betray-your-privacy-and-what-do-about-it