Big news from United States Senator Ron Wyden (D-OR) has everyone’s attention – Google and Apple might have to share push notification data upon request.
The news comes after the senator penned a letter to the United States Department of Justice (DOJ) demanding a change in policies.
Wyden says that “In the spring of 2022, my office received a tip that government agencies in foreign nations were demanding smartphone ‘push’ notification records from Google and Apple.”
How Are Law Enforcement Agencies Spying Through Push Notifications?
At the heart of the matter are push notifications sent via Google’s Firebase Cloud Messaging on Android and Apple’s Push Notification Service on iOS. Every user is assigned a unique “push token” which can be used to track and monitor user activity.
Ron Wyden’s staff was on the case for over a year and discussed the issue with both Apple and Google.
By using these push tokens, police can identify users, their contacts, and interactions. They can approach the app developer for the token and then bring it to Apple or Google to request metadata associated with the push notifications.
So what can the governments track? Everything from the apps used to specific times when notifications were received and more. While the content of the notices isn’t usually shared, law enforcement may request for the actual content from Apple or Google under certain circumstances.
“The current rules put companies like Apple and Google in a unique position where they are obliged to quietly help governments spy on how specific apps are being used,” said Wyden.
Wyden Calls for Increased Transparency on Push Notification Surveillance
In his letter to the DoJ, Wyden demanded a change in policy to increase transparency and allow companies to inform users about any surveillance activities unless prevented by a court order.
While the letter only mentioned “unspecified foreign governments,” Wyden is looking to get more clarity on this matter.