> Push notification “spies”
FOREIGN AND U.S. government agencies have been asking Apple and Google for user data related to push notifications, both companies confirm. The practice came to light in an open letter to the Department of Justice from U.S. Senator Ron Wyden, a member of the Senate intelligence committee, asking the DoJ to end the secrecy it imposes about the practice. (This, of course, instantly lifted the lid on it.)
Apple said it “is committed to transparency” but “in this case, the federal government prohibited us from sharing any information.” Now that this has become public, Apple said, it will be detailing these requests in its annual transparency reporting, designed to inform users what data it provides to governments and law enforcement.
Unlike local notifications from an app on your device, push notifications are in effect messages sent via a server — Apple’s Push Notification service (APNs) for iPhones, or Google’s Firebase Cloud Messaging for Android phones. Like messages sent through iMessage or WhatsApp, the message content itself is end–to–end encrypted, but APNs does record metadata including the originating developer/app, the recipient device, and its associated Apple ID. On receipt of a search warrant or certain other legal orders, Apple is legally required to hand over this metadata and (unspecified) “associated records”. Apple has tightened this up and says it now requires a court order.
On its own this data may not reveal much, but privacy advocates warn that all personally identifying data can be misused. If you do not want this data to be collected, the only option is to turn off push notifications app by app.