Another quote from the article: "The data that is required to 'turn on any push notification service' is quite invasive and can unexpectedly reveal/track your location/store your movement with a third-party marketing company or one of the app stores, which is merely a court order or subpoena away from potentially exposing those personal details."
Those little popups may reveal location, device details, IP address, and more
"App developers can encrypt these messages when they're stored (in transit they're protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted."
This post featured on hackernews argues that users should be aware that this makes your google account only as secure as your weakest device security and thus isn't ideal for the average user: https://lauren.vortex.com/2023/10/10/dont-use-google-passkeys-now