There should be a public API, open to any user-designated program (including self-made, without requiring any special hoops to obtain any fancy entitlements), that can act as a "firewall" for all notifications (except, possibly, for few system-critical ones), allowing it to control and modify those as it seems fit.

Applications can interact with notifications on the user's behalf via the accessibility permission - I do this with KDE Connect. I don't know what the limitations are.

On iOS?

Last time I've checked, kdeconnect-ios was unable to read any third-party notifications, not to mention doing anything to them or modifying their text or appearance in any way.

Project readme still says "Notification syncing doesn't work because iOS applications can't access notifications of other apps" (https://github.com/KDE/kdeconnect-ios?tab=readme-ov-file#kno...) so I think it's still a thing.

On Android, I forgot to mention.

Sounds great! Until your grandpa downloads a notification filter than really just forwards all his notifications to the bad guys so they can hack all his accounts

That can already happen because apps can get the permission to read your notifications.

Precisely this. There needs to be an API that all apps have to use not only for notifications but also for getting your contacts, your phone's location, etc. that is spoofable by the user. Or better yet, an AI program that runs entirely on the phone and does the spoofing automatically and entirely on behalf of the user.

Let the enshittified apps' ads interact with your AI agent and steal your fake "data" in the background without bothering the user.

Also important: It must be IMPOSSIBLE for any app to detect that its requests are being intercepted by your agent. (If they can tell, they'll refuse to work until you give them direct access.)

This is a real killer app for AI but you'll never get VC funding to build it.

On Android such a spoof app existed, it can hook into seemingly any API call and return things you control: https://www.youtube.com/watch?v=_dt50HWys1k&t=27s

But of course you need a rooted phone, and rooted phones can't run banking apps, tap-to-pay, Netflix, Pokemon Go, blah blah..

The notification "firewall" is probably not impossible to make. I use Pushbullet, it mirrors notifications to my computer (to the browser extension to be exact), and I can already dismiss notifications coming into my phone from the computer. It should be possible to make an app that intercepts all notifications, analyzes their contents and dismiss them if they're spam...

> Google tried to tackle this with notification channels, but the onus falls on the developer to actually use them honestly. No company trying to draw attention back to their app with advertisement notifications will willingly name a notification channel “advertisements” or “user re-engagement” or similar — they’ll just interleave spam with all the non-spam. This API from G hasn’t worked.

Revolut are really annoying for this. I'm sure there's a few spare days In their development cycle for someone to implement it if they wanted to, but instead they keep everything on the same channel which is 50% promo shit, because you don't want to miss that notification warning you about fraudulent activity on your card.

We also need some kind of (privacy friendly) open rate tracking and spam protection.

If many users receive a new kind of notification, using a new template, with low open rates, and uncorrelated with app activity, somebody at Apple should at least give it a 5-second glance and decide between "false positive" and "needs to be elevated"