Unidentified governments are surveilling smartphone users via their apps’ push notifications, a U.S. senator warned on Wednesday. In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Google and Apple. Although details were sparse, the letter lays out yet another path by which governments can track smartphones.

Apps of all kinds rely on push notifications to alert smartphone users to incoming messages, breaking news, and other updates. What users often do not realize is that almost all such notifications travel over Google and Apple’s servers.

That gives the two companies unique insight into the traffic flowing from those apps to their users, and in turn puts them “in a unique position to facilitate government surveillance of how users are using particular apps,” Wyden said. He asked the Department of Justice to “repeal or modify any policies” that hindered public discussions of push notification spying.

In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.

“In this case, the federal government prohibited us from sharing any information,” the company said in a statement. “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”

Wyden’s letter cited a “tip” as the source of the information about the surveillance. His staff did not elaborate on the tip, but a source familiar with the matter confirmed that both foreign and U.S. government agencies have been asking Apple and Google for metadata related to push notifications to, for example, help tie anonymous users of messaging apps to specific Apple or Google accounts. The source declined to identify the foreign governments involved in making the requests but described them as democracies allied to the United States.

  • YearOfTheCommieDesktop [they/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    I fucking knew it

    It’s the single point of failure for so much shit. Perfect place to tap in. Having a non-google/apple phone is rough because of it but there’s not a ton of great opensource options for replacing firebase, etc because they’re so ubiquitous and its a big task to replace, and the most privacy conscious users don’t want a central server with all their notifs to begin with.