Foreign governments are likely monitoring your smartphone activity, and Senator Ron Wyden’s office is advocating for transparency from Apple and Google regarding the specifics of this surveillance. The alerts you receive from apps, known as push notifications, could potentially be shared with government entities by companies upon request. Despite this, it seems the Department of Justice is preventing companies from disclosing this practice.
Push notifications do not directly originate from the app itself. Instead, they pass through the smartphone provider, such as Apple for iPhones or Google for Androids, before reaching your screen. This process has created an ambiguous space for government surveillance. As Senator Wyden highlighted in his letter on Wednesday, “Because Apple and Google handle push notification data, they can be covertly compelled by governments to disclose this information.”
Apple asserts that it was prevented from disclosing this process, leading Senator Wyden’s letter to specifically address the Department of Justice. Apple explained, “In this case, the federal government prohibited us from sharing any information, and now that this method has become public, we are updating our transparency reporting to detail these kinds of requests,” in a statement to Engadget. The forthcoming transparency report from Apple will encompass requests for push notification tokens.
Senator Wyden is urging the Department of Justice to permit Apple and Google to inform both customers and the general public about the requests for these app notification records. Google expressed its commitment to transparency in a statement, stating, “We were the first major company to publish a public transparency report sharing the number and types of government requests for user data we receive, including the requests referred to by Senator Wyden. We share the Senator’s commitment to keeping users informed about these requests.”
The situation is further complicated because apps have limited control over it. Even if an app pledges individual security measures, it must utilize the Apple or Google system to deliver push notifications. In practical terms, this implies that private messaging could potentially be disclosed to a foreign government if push notifications from the app are in use, including any associated metadata, such as account information.
This revelation about push notifications emerges at a time when privacy and security are increasingly emphasized as selling points. Companies often advertise their commitment to keeping user information safe, but as more vulnerabilities come to light, distinguishing what is genuinely trustworthy is becoming a more challenging task.
