Apple confirms ‘push notification spying’ by governments

In a statement to media Wednesday, following U.S Senator Ron Wyden’s revelation that governments are spying on Apple and Google users via push notifications, Apple said:

Apple is committed to transparency and we have long been a supporter of efforts to ensure that providers are able to disclose as much information as possible to their users. In this case, the federal government prohibited us from sharing any information and now that this method has become public we are updating our transparency reporting to detail these kinds of requests. – Apple Inc.

Ben Lovejoy for 9to5Mac:

Apple has confirmed that foreign governments have been carrying out what has been described as “push notification spying,” stating that the company was not previously allowed to disclose the practice.

Governments have been serving both Apple and Google with secret legal orders to hand over details of the push notifications sent to iPhones and Android smartphones.

Wyden says that he wrote to both Apple and Google, asking them to confirm that this was happening, and both told him that information on this was “restricted from public release” by the US government.

Importantly, this means that Apple has not been able to reveal the practice in its annual transparency reports, intended to let people know what data it provides to governments and law enforcement agencies.


MacDailyNews Take: We can’t get this song lyric out of our heads:

Livin’ in the new world
With an old soul
These rich men north of Richmond
Lord knows they all just wanna have total control
Wanna know what you think, wanna know what you do
And they don’t think you know, but I know that you do…

— Oliver Anthony, “Rich Men North of Richmond”

We very much look forward to Apple sharing information with the public about how governments are monitoring users’ push notifications.

The December 6, 2023 letter from Oregon Senator Ron Wyden asking the Department of Justice to lift any existing restrictions around discussions of push notification surveillance, verbatim:

December 6, 2023

The Honorable Merrick B. Garland
Attorney General
U.S. Department of Justice
950 Pennsylvania Avenue, NW
Washington, DC 20530-0001

Dear Attorney General Garland:

I write to urge the Department of Justice (DOJ) to permit Apple and Google to inform their customers and the general public about demands for smartphone app notification records.

In the spring of 2022, my office received a tip that government agencies in foreign countries were demanding smartphone “push” notification records from Google and Apple. My staff have been investigating this tip for the past year, which included contacting Apple and Google. In response to that query, the companies told my staff that information about this practice is restricted from public release by the government.

Push notifications are the instant alerts delivered to smartphone users by apps, such as a notification about a new text message or a news update. They aren’t sent directly from the app provider to users’ smartphones. Instead, they pass through a kind of digital post office run by the phone’s operating system provider. For iPhones, this service is provided by Apple’s Push Notification Service; for Android phones, it’s Google’s Firebase Cloud Messaging. These services ensure timely and efficient delivery of notifications, but this also means that Apple and Google serve as intermediaries in the transmission process.

As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information. Importantly, app developers don’t have many options; if they want their apps to reliably deliver push notifications on these platforms, they must use the service provided by Apple or Google, respectively. Consequently, Apple and Google are in a unique position to facilitate government surveillance of how users are using particular apps. The data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification.

Apple and Google should be permitted to be transparent about the legal demands they receive, particularly from foreign governments, just as the companies regularly notify users about other types of government demands for data. These companies should be permitted to generally reveal whether they have been compelled to facilitate this surveillance practice, to publish aggregate statistics about the number of demands they receive, and unless temporarily gagged by a court, to notify specific customers about demands for their data. I would ask that the DOJ repeal or modify any policies that impede this transparency.

Thank you for your attention to this pressing matter. If you have any questions or require clarification, please contact Chris Soghoian in my office.

Sincerely,

Ron Wyden
United States Senator

Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!

Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.

The post Apple confirms ‘push notification spying’ by governments appeared first on MacDailyNews.