Apple and Google have confirmed that they have been providing push notification data to governments, following a letter from Senator Ron Wyden that exposed this practice, MacRumors is reporting.
Push notifications create a token that links user devices to their account information, potentially allowing governments to track individuals.
Apple’s updated Legal Process Guidelines now state that the Apple ID associated with a push notification token can be obtained with legal process. This confirms reports that governments have been using notification data for user surveillance.
From Apple’s website:
“When users allow an application they have installed to receive push notifications, an Apple Push Notification Service (APNs) token is generated and registered to that developer and device. Some apps may have multiple APNs tokens for one account on one device to differentiate between messages and multi-media.
The Apple ID associated with a registered APNs token may be obtained with a subpoena or greater legal process.”
Reuters has previously confirmed that both U.S. and foreign governments have requested push notification data from Apple and Google.
This data has been used to link anonymous users of messaging apps to their accounts.
The Washington Post also found court documents related to federal requests for push notification data, including nine related to the January 6th Capitol riot investigation.
This revelation raises concerns about user privacy and the potential for misuse of push notification data by governments. Senator Wyden called for greater transparency and accountability in how this data is collected and used.
