I just started my de-googling journey recently, and so the mechanics of notifications were still unclear to me, and I found this video super helpful.
It explains how most mobile messaging apps (including privacy-focused ones like Signal) rely on Google and Apple’s centralized servers to deliver push notifications, which exposes vast amounts of user metadata.
Here’s the YT link, for people who prefer it: https://youtu.be/c3ennD3wKn0
The video correctly identifies that push notification reliance forces even privacy-centric apps to hand over metadata to platform providers. This creates a fundamental tension where true end-to-end encryption for metadata often requires trusting the device’s OS vendor or accepting a third-party notification service, which is why many users now prefer self-hosted or desktop-only solutions to avoid this specific tracking vector.