Apple has confirmed that authorities in several countries around the world are quietly ordering the company to share logs of push notifications on some users’ iPhones. Similar procedures apply to Google and Android devices.
The information was made public thanks to the actions of American Senator and member of the Intelligence Committee Roy Wyden – in the spring of 2022, he received information that such surveillance of users was probably being carried out and decided to conduct an investigation. The politician and his subordinates have studied this issue in detail. They found that push notifications are delivered to devices not by application developers and operators, but through something like post offices run by mobile operating system developers. At Apple this service is called Push Notification Service, at Google it is called Firebase Cloud Messaging – that is, Apple and Google act as intermediaries in the transmission of these notifications.
Apple and Google store this data about their users, and governments can request it, among many other things. Wyden asked both companies to confirm that this was indeed the case, but received the same response: this information “Excluded from public distribution” from the US government. This meant that Apple had no opportunity to disclose these practices in regularly published transparency reports. Then Wyden voluntarily made this problem public.
He sent an open letter to the US Department of Justice calling on the department to lift the secrecy rule, directly mentioning the government’s requests for logs of push notifications sent to users. The politician himself has thus made this information publicly accessible and the secrecy requirements previously imposed on Apple and Google no longer apply automatically. Regardless of the Justice Department’s response, Apple can now include statistics about such requests in its transparency report, the company has confirmed Reuterswhich has already added this information.
It should be noted that when communicating via messengers with end-to-end encryption, the content of the correspondence remains protected, even if message preview is selected in the notification settings. So, the presence of a notification log does not reveal the secrets of the correspondence, but reveals the fact of its existence and the number of messages received. And the notification log can reveal a lot about the user: food delivery services and messages from taxi services can serve as confirmation that the user was in a specific place at a specific time.