Signal dev here. Just wanted to make it clear that the GCM/FCM we send are completely empty. It just wakes up the app so we can fetch the encrypted messages, at which point we decrypt them and show them to the user.

Thank you for clarifying. Didn't know you could do that! Then again, I haven't played around with Android developing in a few API versions.

Could you please explain what's happening here then, in terms of how Google is reading our Signal messages to provide "smart" replies?

Smart replies are provided on the OS side after notification is generated using on-device ML model.

They show up on all apps that provide messaging.

This does ultimately mean Google is intercepting and reading them then (albeit on the device).

IIRC Signal doesn't send message contents over GCM because of that - it just sends a ping that wakes the app to retrieve the data.

(The app of course also has a choice of encrypting the payload - it's free form after all.)

I believe there is an API for hooking into notification text prior to display, which allows the Signal app to decrypt the message. The Signal server doesn't have access to the plaintext message in order to send it in a GCM.

Push notification from GCM should not contain any user data. It should be treated just like a notification to the app to check its event source and then display user notification with data sourced from there.

thats not a reliable assumption.

push notifications services can merely send instructions, and the visual notification can be an object formed completely client side.