Is this a joke? Do you release a completely rebuilt app, and UnifiedPush is still gone? Users of degoogled phones will still not have notifications? Will you still only use Google FCM?

Why Google (FCM) notifications on Android are dangerous:

Everyone knows that the content of the notification is encrypted, BUT THIS IS NOT ENOUGH:

https://www.privacy-handbuch.de/handbuch_73.htm

Requests to the PM Team (for example, for the implementation of Unified Push) have been ignored for many years.

For some people, using a safe ProtonMail app with a dangerous FCM can be a disaster in some countries (journalists, signals, political opposition, etc.)

Please repair it!

Even if it is an advertisement, can the threats be true?

I am not associated with any tested company or this blog.

I am an ordinary user of all Proton products since his birth and I love him.

Because the test looks credible, I just want an expert from Proton to dispel my doubts or honestly confirm the problem.

In that case, it seems to me that the only threat is the mindless copying of public keys to other servers, as described in the article. But who does so? Do admins not create separate private-public keys for each server?

Thank you for the explanation!

When installing from Github you only trust the developer and their signed certificate key.

When installing from F-Droid you additionally also have to trust the F-Droid developer’s signature.

Besides that F-droid has its own problems:

https://privsec.dev/posts/android/f-droid-security-issues/

I don’t use F-Droid. I use Obtainium and additionally check signatures in AppVerifier.

https://sideofburritos.com/blog/obtainium-overview/