If you’re tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.
Back in 2023, we reported on how US agencies have used push notification metadata on smartphones for surveillance, pressuring tech companies like Apple and Google to hand over user information. Prompted by Senator Ron Wyden’s inquiry, Apple revealed it had been legally barred from disclosing this practice, which raises serious concerns about civil liberties and government overreach.
Cut to today and government demands for user information tied to Apple’s push notification system continued into the first half of 2024, with the United Kingdom submitting 141 requests, despite the nation’s relatively small size, and the United States following with 129.
Germany also obtained data during this period. Singapore, despite making inquiries, received none. These figures come from Apple’s most recent transparency report, shedding light on global government interest in a lesser-known surveillance vector.
Protect Yourself: App Notifications Have Proven To Be a Surveillance Nightmare. Here’s What To Do About Them.
Even some privacy apps can be undermined by surveillance at the push notification level. Many apps have to rely on Apple or Google to deliver notifications; services that can expose critical metadata such as which app sent the notification, when it was sent, and how often.
This metadata can be used by governments to infer user activity, and social connections, and even de-anonymize users. It bypasses app-level encryption entirely, exploiting a layer outside the user’s or developer’s control.
Apple’s report outlines what’s at stake with these requests. When someone enables notifications for an app, the system generates a “push token” that links the device and app to a specific Apple account.
According to the company, “Push Token requests are based on an Apple Push Notification service token identifier. When users allow a currently installed application to receive notifications, a push token is generated and registered to that developer and device. Push Token requests generally seek identifying details of the Apple Account associated with the device’s push token, such as name, physical address and email address.”
As long as platforms control the notification infrastructure and are legally bound to secrecy, they become silent partners in a system that compromises privacy, even for those using tools designed to protect it.
Push token data had been obtainable through subpoenas, an easier route for law enforcement, until Apple adjusted its policy at the end of 2023. Beginning that December, the company began requiring a judge’s order before providing this type of user information.
Protect Yourself: App Notifications Have Proven To Be a Surveillance Nightmare. Here’s What To Do About Them.
If you’re tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.
The post UK Leads Global Push For Notification Data Requests appeared first on Reclaim The Net.
Be the first to comment