U.S. Senator Ron Wyden took action last week by sending a letter to the U.S. Department of Justice, seeking more details about a concerning tip his office had received.
The back-and-forth correspondence between the parties involved – Apple and Google – uncovered a startling revelation: Governments have the ability to surveil smartphone users by accessing their push notification data.
Recent changes by Apple
As reported by Reuters, Apple has quietly updated its law enforcement policies within the past 7 days, making it tougher for the government to obtain this data.
Apple publicly provides Legal Process Guidelines for law enforcement on its website. According to the Reuters report, these guidelines have been recently revised to now require a “judge’s order” or search warrant for Apple to disclose a user’s push notification data.
The relevant update can be found in the policy’s “Apple Push Notification Service (APNs)” section.
“When users allow an application they have installed to receive push notifications, an Apple Push Notification Service (APNs) token is generated and registered to that developer and device,” Apple’s guidelines state. “The Apple ID associated with a registered APNs token and associated records may be obtained with an order under 18 U.S.C. §2703(d) or a search warrant.”
Google already had similar requirements in place, according to the company’s statement to Reuters when the story broke last week.
As previously covered by Mashable, data provided by a user to third-party mobile apps is typically stored by those third-party developers. However, when this data appears as a push notification on a user’s phone, it goes through Apple and Google’s servers, potentially making it accessible to iPhone and Android device makers — and open to requests by law enforcement.
Now that this practice is out in the open, users should be cautious about granting push notification access to certain apps. Additionally, companies like Apple are adjusting their own rules around how this data is handled.
