Apple, Google Forced To Give Governments User “Push Notifications” Data
Apple Inc. and Alphabet Inc.’s Google have been forced by foreign governments to provide users’ data from notifications they get on their devices, according to a US lawmaker, drawing attention to a new privacy concern. Apple, Google Forced To Give Governments User “Push Notifications” Data
* Apple, Google Confirm It Gets Such Requests From Governments
In a letter published Wednesday, US Senator Ron Wyden of Oregon asked the Justice Department to allow the technology companies to discuss the practice publicly. The Democrat said the companies previously told him that the “practice is restricted from public release by the government.”
The senator’s letter didn’t specify which governments have sought notification data from Apple and Google, but indicated that they are foreign entities.
After the publication of the letter, Apple confirmed it does receive such requests from foreign governments. The US federal government “prohibited us from sharing any information,” the company said. “Now that this method has become public, we are updating our transparency reporting to detail these kinds of requests.”
Both Apple and Google have their own so-called push notification systems that provide instant alerts for everything from text messages to bank deposits to sports scores.
The companies deliver billions of notifications to users each month, and the systems are used by millions of third-party developers.
Notification data — if obtained by a government — could reveal a user’s habits, communications and whereabouts. They’re potentially some of the most private pieces of information sent to a person’s smartphone, tablet or computer.
“As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information,” Wyden wrote.
“Importantly, app developers don’t have many options; if they want their apps to reliably deliver push notifications on these platforms, they must use the service provided by Apple or Google.”
In response to the letter, Google said it has already been publishing transparency reports that share “the number and types of government requests for user data we receive, including the requests referred to by Senator Wyden.”
“We share the senator’s commitment to keeping users informed about these requests,” the company said in a statement.
Both companies said they have in-depth processes for either accepting or rejecting government requests. And Apple now plans to break out the push notification requests it receives in its next transparency report.
“Apple is committed to transparency, and we have long been a supporter of efforts to ensure that providers are able to disclose as much information as possible to their users,” the company said.
Governments Spying On Apple, Google Users Through Push Notifications – US Senator
WASHINGTON, Dec 6 (Reuters) – Unidentified governments are surveilling smartphone users via their apps’ push notifications, a U.S. senator warned on Wednesday.
In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet’s Google and Apple. Although details were sparse, the letter lays out yet another path by which governments can track smartphones.
Apps of all kinds rely on push notifications to alert smartphone users to incoming messages, breaking news, and other updates.
These are the audible “dings” or visual indicators users get when they receive an email or their sports team wins a game.
What users often do not realize is that almost all such notifications travel over Google and Apple’s servers.
That gives the two companies unique insight into the traffic flowing from those apps to their users, and in turn puts them “in a unique position to facilitate government surveillance of how users are using particular apps,” Wyden said.
He asked the Department of Justice to “repeal or modify any policies” that hindered public discussions of push notification spying.
In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.
“In this case, the federal government prohibited us from sharing any information,” the company said in a statement. “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”
Google said that it shared Wyden’s “commitment to keeping users informed about these requests.”
The Department of Justice declined to comment on the push notification surveillance or whether it had prevented Apple or Google from talking about it.
Wyden’s letter cited a “tip” as the source of the information about the surveillance. His staff did not elaborate on the tip, but a source familiar with the matter confirmed that both foreign and U.S. government agencies have been asking Apple and Google for metadata related to push notifications to, for example, help tie anonymous users of messaging apps to specific Apple or Google accounts.
The source declined to identify the foreign governments involved in making the requests but described them as democracies allied to the United States.
The source said they did not know how long such information had been gathered in that way.
Most users give push notifications little thought, but they have occasionally attracted attention from technologists because of the difficulty of deploying them without sending data to Google or Apple.
Earlier this year French developer David Libeau said users and developers were often unaware of how their apps emitted data to the U.S. tech giants via push notifications, calling them “a privacy nightmare.”
Police Can Spy On Your iOS And Android Push Notifications
Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.
Whereas Wyden’s letter says that governments outdoors the US have requested folks’s push notification data, the Federal Bureau of Investigation (FBI) has accomplished in order effectively.
A February 2021 search warrant utility submitted by an FBI agent to the US District Courtroom in Washington, DC, requested particulars for 2 accounts managed by Meta (then Fb), particularly citing a request for push notification tokens.
The search warrant request associated to an investigation into an individual accused of collaborating within the January 6, 2021, assault on the US Capitol.
Meta, which owns Fb, WhatsApp, and Instagram, didn’t instantly reply to WIRED’s request to remark. A spokesperson for Sign, the favored encrypted messaging app, additionally didn’t reply. The DOJ declined to remark.
Though Wyden is asking the DOJ to permit Apple and Google to debate authorities requests for push notification data, the senator’s letter seems to have enabled them to do exactly that.
An Apple spokesperson tells WIRED that the corporate has up to date its Legislation Enforcement Pointers in its transparency report back to replicate authorities requests for push notification data.
The corporate may also start to element these requests in its subsequent transparency report. The corporate’s up to date guidelines for police requests say push notification data “could also be obtained with a subpoena or better authorized course of.”
“Apple is dedicated to transparency and now we have lengthy been a supporter of efforts to make sure that suppliers are in a position to disclose as a lot info as attainable to their customers,” Apple says in an announcement.
“On this case, the federal authorities prohibited us from sharing any info and now that this technique has turn out to be public we’re updating our transparency reporting to element these sorts of requests.”
Google confirmed to WIRED that it receives requests for push notification data, however the firm says it already consists of these kind of requests in its transparency stories.
“We had been the primary main firm to publish a public transparency report sharing the quantity and sorts of authorities requests for person knowledge we obtain, together with the requests referred to by Senator Wyden,” a Google spokesperson tells WIRED.
“We share the senator’s dedication to conserving customers knowledgeable about these requests.”
A WIRED evaluation of Google’s most up-to-date transparency report for the interval between December 2019 and December 2022 discovered that it doesn’t particularly escape authorities requests for push notification data, and Google confirmed that it aggregates this knowledge in its transparency report.
Google’s transparency report exhibits that the US authorities requested Google Cloud Platform knowledge from enterprise prospects 175 occasions throughout the interval, and of these, used a search warrant 13 occasions.
It’s unclear whether or not any of these requests for person knowledge included push notification data—particulars that will, following Wyden’s letter, be revealed sooner or later.