Governments spying on smartphone users through push notifications: US senator
US lawmaker Ron Wyden has sounded the alarm on foreign governments using push notification data from Apple and Google to spy on users. Although he didn't name specific governments, Wyden revealed in a letter that the US government has limited the ability of these companies to share information about this issue. Push notifications, which notify users about new messages and updates, go through Apple's and Google's servers, putting these companies in a unique position to help the governments with surveillance.
How push notifications enable surveillance
Wyden explained that Apple and Google collect metadata from push notifications, including which app received a notification, when it was received, and the phone and account it was intended for. He stated, "Because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information." In some instances, the companies may also receive unencrypted content, like the actual text shown in the notification.
Apple and Google confirm Wyden's assertions
Apple confirmed that the US government has prohibited them from sharing any information related to this surveillance issue. In a statement to Reuters, Apple said, "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests." Google also expressed its commitment to keeping users informed about such requests. A source cited by Reuters mentioned that democracies allied with the United States have made similar requests for metadata related to push notifications.
Wyden's call for transparency
Senator Wyden called on the Justice Department to repeal or modify any policies that hinder transparency. In his letter, he wrote, "Apple and Google should be permitted to be transparent about the legal demands they receive, particularly from foreign governments." The letter also states that the companies should have the freedom to disclose if they have been forced to aid in this surveillance, share overall statistics on request numbers, and, unless court-restricted, inform individual customers about demands for their data.
