Apple Gave Governments Data On Thousands of Push Notifications (404media.co) 12
An anonymous reader quotes a report from 404 Media: Apple provided governments around the world with data related to thousands of push notifications sent to its devices, which can identify a target's specific device or in some cases include unencrypted content like the actual text displayed in the notification, according to data published by Apple. In one case, that Apple did not ultimately provide data for, Israel demanded data related to nearly 700 push notifications as part of a single request. The data for the first time puts a concrete figure on how many requests governments around the world are making, and sometimes receiving, for push notification data from Apple.
The practice first came to light in 2023 when Senator Ron Wyden sent a letter to the U.S. Department of Justice revealing the practice, which also applied to Google. As the letter said, "the data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification." The published data relates to blocks of six month periods, starting in July 2022 to June 2024. Andre Meister from German media outlet Netzpolitik posted a link to the transparency data to Mastodon on Tuesday. Along with the data Apple published the following description: "Push Token requests are based on an Apple Push Notification service token identifier. When users allow a currently installed application to receive notifications, a push token is generated and registered to that developer and device. Push Token requests generally seek identifying details of the Apple Account associated with the device's push token, such as name, physical address and email address."
The practice first came to light in 2023 when Senator Ron Wyden sent a letter to the U.S. Department of Justice revealing the practice, which also applied to Google. As the letter said, "the data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification." The published data relates to blocks of six month periods, starting in July 2022 to June 2024. Andre Meister from German media outlet Netzpolitik posted a link to the transparency data to Mastodon on Tuesday. Along with the data Apple published the following description: "Push Token requests are based on an Apple Push Notification service token identifier. When users allow a currently installed application to receive notifications, a push token is generated and registered to that developer and device. Push Token requests generally seek identifying details of the Apple Account associated with the device's push token, such as name, physical address and email address."
One-stop shop (Score:4, Informative)
It's not going to matter in the USA with Palantir creating the Big, Beautiful Database (AKA "ImmigrationOS") to track everyone, all the time. At the moment, the US government needs help from Google/Apple and internet/phone providers, in order to connect that phone number or email address to a real person. That's not difficult either, as anyone can ring a corporation and declare "I'm a cop, give me the name and IP address/physical address on this account." Apple 'owning' the hardware and tracking their customers, makes it a one-stop shop for the US (and UK) government.
Simple fix (Score:2)
Re: (Score:2)
It's not going to matter in the USA with Palantir creating the Big, Beautiful Database (AKA "ImmigrationOS") to track everyone, all the time. At the moment, the US government needs help from Google/Apple and internet/phone providers, in order to connect that phone number or email address to a real person. That's not difficult either, as anyone can ring a corporation and declare "I'm a cop, give me the name and IP address/physical address on this account." Apple 'owning' the hardware and tracking their customers, makes it a one-stop shop for the US (and UK) government.
How do you say "papere bitte" in 'Murican?
Or are they going to skip that part and just go straight to ze Russian front.
Re: (Score:2)
How do you say "papere bitte" in 'Murican?.
Papiere, bitte... und lern' gefälligst Deutsch!
We should demand it opened (Score:2)
The reasons to force the phone ecosystems to open continue to mount, and itâ(TM)s pretty clear governments are benefiting greatly from our lack of control over our devices
Do it a different way... (Score:4, Insightful)
If some sort of "push manager" on a phone registered URLs sent to it by apps, and those URLs were websocket streams of facebook.com, myappthatwantstonotifyyou.com, (and then the websocket connects would say "now display this notification") doesn't this seem like a more secure way to do things than to run every single message through Google and Apple's hands? It almost feels like they gather the data in one place on purpose in order to have it exfiltrated into govt hands...
Re: (Score:2)
The original idea was to save resources (energy and bandwidth) by having applications stopped, and a connection to a single server serving all notifications.
This reduces the amount of background daemons, and reduces persistent TCP connections to 1, which on mobile actually does make a difference.
Now, piping everything through a single entity, with unencrypted content is a really bad idea privacy wise, and we'll now see the full extent of how bad.
This to say that the original idea for push notifications wasn