Apple has recently admitted to secretly supplying governments around the world with data related to push notifications from its devices. The data provided goes beyond the display text of notifications that users see to backend directives to individual apps.
Ars Technica reports that tech giant Apple has come under scrutiny following its admission of secretly providing governments with push notification data from its devices. This revelation was brought to light by Senator Ron Wyden (D-OR), who has been investigating the issue. In a recent letter, Wyden demanded that the Department of Justice update policies that prohibit companies from informing the public of data requests from the government.
Push notifications, often used for alerts about new messages, emails, social media comments, and news updates, are sent through servers run by the phone’s operating system provider, such as Apple or Google. This system ensures timely and efficient delivery of notifications, but also means that these companies can be compelled by governments to hand over this information.
The data provided to requesting governments by Apple includes metadata detailing which app received a notification and when, along with the phone and associated Apple account information. In some cases, the data shared may include unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in a notification.
Sen. Wyden’s investigation, which followed a tip received in spring 2022, revealed that both foreign and U.S. government agencies had been requesting this data. It remains unknown how long these requests have been occurring and the exact nature of the foreign governments involved.
In response to these findings, Apple has updated its transparency reporting and will now detail these kinds of requests in a separate section on push notifications in its next report. Google, on the other hand, has been documenting requests for push notification data in its transparency reports. Both companies, however, have been prohibited from sharing detailed information about these requests, particularly those from foreign governments.