Push Notifications May Come Under Surveillance

John Lister's picture

Apple says it will demand a court order before handing over details of a user's push notifications. It follows revelations that foreign officials were using the tactics for surveillance, with questions asked about whether the Department of Justice does the same in the US.

A push notification is a message created by an app and shown on the phone screen even if the app itself is closed. This could be anything from a summary of a new email to a breaking story from a news app.

Senator Ron Wyden wrote to the DOJ earlier this month to report a tip that both US and foreign governments (said to be allies of the US) had asked Apple and Google to hand over details about push messages. He also suggested the DOJ had told the two tech giants not to speak publicly about the requests. At the time of writing, the DOJ had not responded publicly to either claim. (Source: reuters.com)

User Identities Uncovered

It doesn't appear the officials making the requests were seeking or received the content of the notifications themselves. Instead they were looking for details of which apps a particular user received notifications from. That's something easy for Apple and Google to track as the push notifications travel via their servers.

These details could be problematic for somebody who uses an app anonymously, for example to exchange messages while maintaining privacy. The information could make it easier for officials to tie use of an app to an Apple or Google account where somebody's identity is not hidden.

Court Order Needed

Apple has now updated its guidelines on handling law enforcement requests. A new section says:

"When users allow an application they have installed to receive push notifications, an Apple Push Notification Service (APNs) token is generated and registered to that developer and device. Some apps may have multiple APNs tokens for one account on one device to differentiate between messages and multi-media. The Apple ID associated with a registered APNs token and associated records may be obtained with an order under 18 U.S.C. §2703(d) or a search warrant." (Source: apple.com)

A previous Supreme Court ruling noted that such a court order should only be granted "if the governmental entity offer specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation."

Google already had a policy to require a court order for such details.

What's Your Opinion?

Are you surprised governments have asked for such details? Would you have anything to worry about if the government knew which apps you use? Does the need for a court order address any concerns you may have on this policy?

Rate this article: 
Average: 4.6 (7 votes)