Apple admits to secretly giving governments push notification data: Push notifications contain useful metadata
Push notifications are used to provide a wide variety of alerts to app users. A friendly ding or text alert on the home screen notifies users about new text messages, emails, social media comments, news updates, packages delivered, gameplay nudges—basically any app activity where notifications have been enabled could be tracked by governments, Wyden said.
According to Wyden, many app users do not realize that these instant alerts “aren’t sent directly from the app provider to users’ smartphones” but instead “pass through a kind of digital post office run by the phone’s operating system provider” to “ensure timely and efficient delivery of notifications.”
A source familiar with Wyden’s probe told Reuters that “both foreign and US government agencies have been asking Apple and Google for metadata related to push notifications to, for example, help tie anonymous users of messaging apps to specific Apple or Google accounts.”
Apple has since confirmed in a statement provided to Ars that the US federal government “prohibited” the company “from sharing any information,” but now that Wyden has outed the feds, Apple has updated its transparency reporting and will “detail these kinds of requests” in a separate section on push notifications in its next report.
Ever since SMS text messages came into being, governments have been accessing message content and metadata. Since many messengers now have end-to-end-encryption of the message content, they can no longer read the message content. But the metadata is still available. This is the same metadata that WhatsApp has been passing upstream to Facebook (as contained in its privacy policy).
The fact is, there is a lot of value around metadata, and more so when harvested in bulk. The only way to get around this is to disable push notifications for sensitive apps. Some open source apps installed from, for example F-Droid, will not use Google’s push notifications. But any other push notification service will still see the same metadata. It will be interesting to see how this is able to be locked down.
Android’s OS settings only go as far as preventing content displaying on the lock screen, but the data is still passing through the push notification system itself.
Signal messenger does have an in-app notification setting to display name and message, name only, or no name or message. So, in Signal’s case, you can change this to name only (it will leak the person’s name and when they messaged you), while the no name or message may be best as it will probably just inform you there is “a message”.
But this type of granular in-app push notification setting probably does not yet exist in Google Messages, Apple Messages, WhatsApp, Telegram, etc.
Comments