Unidentified governments are reportedly surveilling smartphone users through their apps' push notifications, warned US Senator Ron Wyden on Wednesday, Nov. 6.
In a letter to the US Department of Justice, Senator Wyden expressed concern over foreign officials seeking data from tech giants Alphabet's Google and Apple. While details were limited, the letter highlights a new avenue through which governments can track smartphones.
How Governments Can Spy Via Push Notifications
Push notifications, common across various apps, serve to alert smartphone users to incoming messages, breaking news, and updates. Users often overlook that these notifications traverse Google and Apple's servers. The situation grants these giant tech companies unique insights into the data flow from apps to users, placing them in a position "to facilitate government surveillance of how users are using particular apps," noted Senator Wyden, per Reuters. Consequently, he urged the Department of Justice to reconsider or amend policies hindering public discourse on push notification spying.
The source of Senator Wyden's letter was a "tip," but his staff did not disclose. However, a source verified that foreign and US government agencies wanted Apple and Google push notification data, which might connect anonymous messaging app users to Apple or Google accounts.
The source identified the foreign countries as democracies that are aligned with the United States but did not name them. The duration for which such information was gathered through this method remains unknown.
Push Notifications are a 'Privacy Nightmare'
Although users frequently ignore push notifications, technologists have paid attention to their deployment on occasion without sending data to Google or Apple. French developer David Libeau highlighted earlier this year that users and developers were often unaware of how apps emitted data to these tech giants via push notifications, deeming them a "privacy nightmare."
In response, Apple stated that Senator Wyden's tip has empowered them to disclose further details about how governments surveil push notifications. The tech juggernaut, in a statement, noted, "In this case, the federal government prohibited us from sharing any information. Now that this method has become public, we are updating our transparency reporting to detail these kinds of requests," as quoted by Phone Arena.
The US Department of Justice refrained from responding to queries about push notification surveillance and whether it had restricted Apple or Google from discussing the matter. Similarly, Google did not provide comments on the issue.
According to 9 to 5 Mac, it is crucial to highlight that end-to-end encrypted messaging services such as iMessage and WhatsApp safeguard message content, even if the iPhone is set to preview it. Apple, in this case, would not possess the message content to comply with any government request.
However, push data can still reveal significant information. Even notifications from seemingly harmless apps like food delivery or ride-hailing services may disclose details like the delivery source or meeting locations. Analyzing patterns of push data could reveal insights, such as identifying a spike in messaging activity between two users, even without the actual content. This information could be used to determine the nature of their communication, posing potential privacy concerns.
Related Article : New US Navy Cyber Strategy Emphasizes Stealthy 'Non-Kinetic Effects' in Future Warfare