Apple Confirms Governments Use iPhone, Android Push Notifications To Spy On Users
If you get notifications alerting you about a live match score, some killer online deal that is about to end soon — or any such time-sensitive information popping up in a banner on the home or lock screen — well, your government might be using to spy on you.
Oregon state Senator Ron Wyden has written a letter to the Department of Justice, asking Attorney General Merrick Garland to allow Google and Apple to disclose this surveillance technique using push notifications. Wyden notes that he received an anonymous tip and has been investigating the issue for about a year. Notably, it was not just the U.S. involved in this push notification snooping.
His letter also mentions "democracies allied to the United States" allegedly abusing their privilege and coaxing these companies into providing identifiable information. Apple has also admitted that multiple governments have been using push notifications to spy on users. Apple says Wyden's letter provided the necessary opportunity for them to disclose more information to the public regarding government surveillance of push notifications.
"In this case, the federal government prohibited us from sharing any information. Now that this method has become public we are updating our transparency reporting to detail these kinds of requests," an Apple spokesperson told Reuters.
Wyden notes in his letter that push notifications can help extract valuable information such as which app it targeted, and the Google or Apple account attached to the notification's target, aka the user.
Forcing open the doors for more transparency
"In some instances, they also might receive unencrypted content, which could range from backend derivatives for the app to the actual text displayed to a user in the app notifications," says Wyden's letter.
Now, one might wonder why Google and Apple are being asked to reveal these shady snooping practices. Well, unlike a regular notification app sent by an app, push notifications follow a special protocol and need to pass through Apple and Google's servers before they appear on a person's phone. Wyden says governments can compel these companies to provide them with information about these push notifications. There's little reason to believe that they don't oblige.
Apple recently confirmed that it works with law enforcement agencies to provide them with useful data with due process involved, such as a subpoena or court order. However, as Apple notes in its statement on the legal process, it was stopped from informing users about spying by government agencies. The U.S. senator has asked the DOJ to allow Google and Apple to tell their customers when and how push notifications are being used to keep an eye on them for surveillance.
Cybersecurity giant Avast also warned that push notifications are particularly effective on smartphones, as they can seamlessly masquerade as standard system alerts like missed calls or new text messages. Wyden recently also exposed how AT&T was allowing mass-scale surveillance of citizens courtesy of the "Hemisphere Project."