Governments Requests for Google, Apple Push Notifications

In a letter, Senator Ron Wyden alerted the Department of Justice about requests from unidentified governments attempting to acquire push notification metadata from Google and Apple's smartphone users. While details surrounding these surveillance requests remain unclear, Wyden's letter reveals an innovative avenue through which governments and cybercriminals alike can exploit smartphones to surveil users, raising data privacy concerns.

Push notifications, audible alerts or visual indicators, on smartphones serve to notify users of incoming messages, new updates, and other relevant information to their devices. As these notifications pass through Apple and Google servers, they afford the companies unprecedented insight into the traffic generated by the applications and smartphone details. Sometimes, this traffic can include encrypted content that includes the actual text displayed in the notification, putting users’ confidential and private information at risk. 

This places both tech giants “in a unique position to facilitate government surveillance of how users are using particular apps,” explained Wyden in its letter. In light of this potential, Senator Wyden asked the Department of Justice to “repeal or modify any policies” that obstructed public debate related to push notification surveillance. By removing barriers to public discourse, the government can allow citizens to be informed about the surveillance methods employed by tech giants while ensuring that surveillance practices respect their right to privacy.

According to Reuters, the United States is among the unidentified foreign governments that asked both tech companies for metadata concealed within push notifications, including useful information that may lead governments to identify the specific devices utilized by users. When asked for comment, Apple, despite its commitment to transparency and disclosure, stated “in this case, the federal government prohibited us from sharing any information.” In contrast, Google expressed alignment with Wyden's dedication to keeping users informed about such requests. The Department of Justice refrained from commenting on the push notification surveillance altogether or whether it had imposed restrictions on Apple and Google from disclosing details.

“These companies should be permitted to generally reveal whether they have been compelled to facilitate this surveillance practice, to publish aggregate statistics about the number of demands they receive, and unless temporarily gagged by a court, to notify specific customers about demands for their data,” writes Wyden in its letter. 

The potential for surveillance practices facilitated by push notifications poses significant risks in Mexico, where 96 million citizens have internet connectivity. Among those Mexican internet users, 42.7% spend between seven and nine hours online, generating an enormous amount of data that can later be exploited for surveillance purposes, according to a MEXDEC study. As more Mexicans use Google and Apple devices, their risk surface will inevitably increase, exposing them to potential data monitoring practices.