Governments forcing Apple and Google to share notification data
UK could be involved
Governments around the world have been using smartphone push notifications to spy on users, according to a letter US Senator Ron Wyden sent to the Department of Justice.
Push notifications are the audible and visual 'pings' that appear on a phone when an app needs a user's attention, like new message notifications or deal alerts.
In his letter, Wyden says "government agencies in foreign countries" have been demanding Apple and Google, developers of the world's largest smartphone operating systems, share their push notification records.
"Apple and Google are in a unique position to facilitate government surveillance of how users are using particular apps," Wyden writes.
And why is that? Because apps are unable to send push notifications directly to a user's phone; instead, all alerts have to travel through Apple/Google's servers, on either Apple's Push Notification Service or Google's Firebase Cloud Messaging.
"The data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered.
"In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification."
Wyden says his office received "a tip" about the practice in Spring 2022, which they have been investigating ever since, including contacting Apple and Google.
Those companies confirmed the tip to Wyden, and told his staff that "information about this practice is restricted from public release by the [US federal] government."
Both companies have now publicly confirmed the claims, with Apple in particular specifically blaming the federal government for being unable to share information about the practice until Wyden's letter went public. Now, however, it is updating its transparency reporting.
The US government's wariness of sharing this information implies that it, too, has been asking Apple and Google for push notification data, and a source speaking to Reuters confirmed it:
"A source familiar with the matter confirmed that both foreign and US government agencies have been asking Apple and Google for metadata related to push notifications to, for example, help tie anonymous users of messaging apps to specific Apple or Google accounts," Reuters said.
The source did not name the governments involved, but described them as "democracies allied to the United States."