How a Privacy Focused Email Service Dropped Google's Notification System
The open-source end-to-end encrypted email service Tutanota successfully dropped Google’s push notification service in an effort to increase privacy and allow Android users to go Google-free and still have access to one of the best encrypted email services available.
They announced the release in a blog post on Tutanota.com fairly recently. Although many privacy-oriented services such as Signal have also replaced Firebase Cloud Messaging (formerly GCM) with other options that allow Google-free Android ROMs to receive notifications.
Replaced FCM with SSE
We settled on the SSE (Server Sent Events) because it seemed like a simple solution. By that I mean “easy to implement, easy to debug”. Debugging these types of things can be a major headache so one should not underestimate this factor. Another argument in favour of SSE was relative power efficiency: We didn’t need upstream messages and a constant connection was not our goal.
Application Changes
To receive notifications, we leverage Android capabilities. We run a background service which keeps the connection to the server open, similar to what the FCM process does. Another difficulty was caused by the Doze mode, introduced in Android M. The Doze, which is turned on after a period of inactivity, among other things prevents background processes to access the network. As you can imagine, this prevents our app from receiving notifications.
We mitigate this problem by asking users to make an exemption from battery optimisations for our app. It worked fairly well. The similar problem, but unrelated to Doze is vendor-specific battery optimisations. In order to prolong the battery life of their devices phone manufacturers, like Xiaomi, enable strict battery optimisations by default. Luckily users can disable them, but we must communicate this better
Read more on the F-Droid blog post written by Ivan from Tutanota