Apple has updated its Legal Process Guidelines to reflect the company's legal obligation to comply with law enforcement requests for Apple ID information associated with its push notification service. The change follows yesterday's revelation that governments are actively using smartphone notification data as a user surveillance tool.
In the section titled "Information Available from Apple," Apple has appended an alphabetical list with the subsection "AA. Apple Push Notification Service (APNs)," which reads:
Apple and Google have been forced by governments at home and abroad to provide users' data from notifications they get on their devices, US Senator Ron Wyden revealed on Wednesday in a letter to the Justice Department, drawing attention to a new smartphone privacy concern.When users allow an application they have installed to receive push notifications, an Apple Push Notification Service (APNs) token is generated and registered to that developer and device. Some apps may have multiple APNs tokens for one account on one device to differentiate between messages and multi-media.
The Apple ID associated with a registered APNs token may be obtained with a subpoena or greater legal process.
The Justice Department declined to comment on the letter, but Apple and Google confirmed that they have been subject to the requests. The companies explained that they had been prohibited from sharing information about how governments monitored push notifications until Wyden's letter had been made public and given them the legal opening they needed.
With push notifications enabled, Apple and Google create a small bit of data, known as a token, that links the user's device to the account information they've given the companies, such as their name and email address.
A Reuters source familiar with the matter confirmed that both foreign and U.S. government agencies have been asking Apple and Google for user information related to push notifications. The data is said to have been used to attempt to tie anonymous users of messaging apps to specific Apple or Google accounts.
The Washington Post said on Wednesday it had found more than two dozen search warrant applications and other documents in court records related to federal requests for push notification data. Though many were redacted, nine of the documents pertained to the federal hunt for U.S. Capitol rioters on January 6, 2021.
Article Link: Apple Adds Push Notification Data to Law Enforcement Guidelines