A U.S. senator just revealed some unsettling information about how some governments are spying on smartphone users using their apps’ push notifications.
Oregon Sen. Ron Wyden sent a letter to Attorney General Merrick Garland in which he told Garland about a tip his office received that exposed how government agencies in foreign countries demanded those notifications’ records from Google and Apple.
The letter never identified which governments were involved in the surveillance tactic and details were limited on the exact process they used to access smartphone users’ information, but Wyden did map out a possible path.
When a person first receives a push notification on their smartphone, the alert isn’t just instantly sent. It first travels through what Wyden characterized as a “digital post office” that’s operated by Google and Apple servers. App companies have no choice but to use those servers to get their notifications to iPhone and Android users.
The senator stated that foreign governments can persuade Google and Apple to hand over the metadata that goes through their servers daily. That data can reveal app information and details about the phones to which the push alerts were sent.
While Wyden’s letter seems mostly speculative, an anonymous source confirmed to Reuters that what he surmised is indeed the case. Both foreign and U.S. government agencies have asked Apple and Google for push alert metadata, the source told Reuters. That data could reportedly help link anonymous users of messaging apps to specific Apple or Google accounts.
Wyden is demanding that both tech companies remain transparent with the U.S. government if they receive these requests.
“These companies should be permitted to generally reveal whether they have been compelled to facilitate this surveillance practice, to publish aggregate statistics about the number of demands they receive, and unless temporarily gagged by a court, to notify specific customers about demands for their data,” the letter states.
According to Reuters, Apple released a statement saying that Wyden’s letter was the opportunity they needed to share more details about how governments monitored push notifications.
“In this case, the federal government prohibited us from sharing any information,” the company said in a statement. “Now that this method has become public, we are updating our transparency reporting to detail these kinds of requests.”
Google also sent Vice News a statement:
“We were the first major company to publish a public transparency report sharing the number and types of government requests for user data we receive, including the requests referred to by Senator Wyden. We share the Senator’s commitment to keeping users informed about these requests.” The spokesperson did not clarify any restrictions on publishing information relating to requests for push notification data.”
Reuters reported that the Department of Justice has declined to comment on this means of surveillance or whether it had prevented Apple or Google from talking about it. The outlet further reported that its source, familiar with the tip given to Sen. Wyden, said the foreign governments seeking such data were “democracies allied to the United States.”
While governments have long been known to employ tactics of mass surveillance, as smartphones carry and transport sizable amounts of data between app developers and tech companies, this report showcases new ways that state actors can access personal information or breach data.
In 2018, a whistleblower revealed that the company Cambridge Analytica was gathering millions of social media profiles to develop a system that would target individual voters with personalized political ads on Facebook, namely promoting Donald Trump’s campaign.
One of the most notable surveillance revelations was publicized in 2013 when Edward Snowden, a former National Security Agency employee, gave journalists classified NSA documents that revealed the U.S. government was conducting mass surveillance on terrorist suspects and innocent U.S. civilians.
Years prior to that bombshell, news reports revealed in 2005 that the NSA had been intercepting Americans’ phone calls and internet communications.
