Site icon MacTech.com

U.S. senator says governments are spying on iPhone, Android phone push notifications

Unidentified governments are surveilling smartphone users (including those of us using iPhones) via their apps’ push notifications, a U.S. senator warned on Wednesday, reports Reuters.

In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Apple and Alphabet’s Google and Apple. Although details were sparse, the letter lays out yet another path by which governments can track smartphones.

From the letter: I write to urge the Department of Justice (DOJ) to permit Apple and Google to inform their customers and the general public about demands for smartphone app notification records. 

In the spring of 2022, my office received a tip that government agencies in foreign countries were demanding smartphone “push” notification records from Google and Apple. My staff have been investigating this tip for the past year, which included contacting Apple and Google. In response to that query, the companies told my staff that information about this practice is restricted from public release by the government. 

Push notifications are the instant alerts delivered to smartphone users by apps, such as a notification about a new text message or a news update. They aren’t sent directly from the app provider to users’ smartphones. Instead, they pass through a kind of digital post office run by the phone’s operating system provider. For iPhones, this service is provided by Apple’s Push Notification Service; for Android phones, it’s Google’s Firebase Cloud Messaging. These services ensure timely and efficient delivery of notifications, but this also means that Apple and Google serve as intermediaries in the transmission process.

As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information. Importantly, app developers don’t have many options; if they want their apps to reliably deliver push notifications on these platforms, they must use the service provided by Apple or Google, respectively. Consequently, Apple and Google are in a unique position to facilitate government surveillance of how users are using particular apps. The data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification.

Apple and Google should be permitted to be transparent about the legal demands they receive, particularly from foreign governments, just as the companies regularly notify users about other types of government demands for data. These companies should be permitted to generally reveal whether they have been compelled to facilitate this surveillance practice, to publish aggregate statistics about the number of demands they receive, and unless temporarily gagged by a court, to notify specific customers about demands for their data. I would ask that the DOJ repeal or modify any policies that impede this transparency. 

“Apps of all kinds rely on push notifications to alert smartphone users to incoming messages, breaking news, and other updates,” notes Reuters. “These are the audible ‘dings’ or visual indicators users get when they receive an email or their sports team wins a game. What users often do not realize is that almost all such notifications travel over Google and Apple’s servers.

In a statement given to Reuters, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.

“In this case, the federal government prohibited us from sharing any information,” the tech giant said. “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”




Article provided with permission from AppleWorld.Today
Exit mobile version