I know that push notifications sent by apps are routed through Apple and Google servers without any sort of end-to-end encryption with the client, so presumably they can?
If so, that’s a lot of data flowing through these two companies with potentially very private information (e.g. DMs).