Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
65,315
33,590


Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US senator warned on Wednesday (via Reuters).

iOS-16-4-Web-Push.jpeg

In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications put the companies "in a unique position to facilitate government surveillance of how users are using particular apps," Wyden said. He asked the Department of Justice to "repeal or modify any policies" that hindered public discussions of push notification spying.

In a statement given to Reuters, Apple said that Wyden's letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.
"In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests."
According to the report, Wyden's letter said a "tip" was the source of the information about the surveillance. A source familiar with the matter confirmed that both foreign and U.S. government agencies have been asking Apple and Google for metadata related to push notifications. The data is said to have been used to attempt to tie anonymous users of messaging apps to specific Apple or Google accounts.

Reuters' source would not identify which governments were making the data requests but described them as "democracies allied to the United States." They did not know how long the requests had been going on for.

Apple advises developers not to include sensitive data in notifications and to encrypt any data before adding it to a notification payload. However, this requires action on the developers' part. Likewise, metadata (like which apps are sending notifications and how often) is not encrypted, potentially giving anyone with access to the information insight into users' app usage.

Article Link: Apple Confirms Governments Using Push Notifications to Surveil Users
 
Last edited:

gigapocket1

macrumors 68020
Mar 15, 2009
2,389
1,890
wow... wherever there's a will.. there's a way.. didn't see this method unfolding.. But now we know that apples push notification service is the weak link.. Between this and now iMessage on android coming out yesterday using the push notification service to basically bring the functionality.....

I bet apple does a full rewrite in the upcoming year or 2..
 

0339327

Cancelled
Jun 14, 2007
634
1,934
Unsurprising yet still sickening.

When governments force companies, private citizens, to keep secrets from the public, you know you're on the road to communism or worse.

There is a reason we have a court system with judicial oversight. The reason is to allow the subject...er suspect, a reasonable defense on government overreach.

When the citizens of a country are required to be complicit, yet must also remain quiet about their actions in support of government, that itself is a crime against the people.

Kudos to the whistle blower. Hopefully there will be some congressional hearings on this behavior.


Added Note: I have no issue with a hidden warrant. That is a tool used for criminal investigation. My problem is prohibiting companies from acknowledging what is being asked of them, even without disclosing whom the suspect(s) may be.

Furthermore, the worse crime, in this case, is blanket surveillance without evidence a crime was committed. In the US, the constitution prohibits such arbitrary abuse of law enforcement. Our judicial system allows for criminal investigation, the key word being criminal, as in a crime has been committed and therefore government must investigate the crime and prosecute the offenders. It prohibits personal investigation where the government investigates an individual, often for less than ethical reasons (such a political opponent of the investigator or investigating agency) looking to find, or, more often, looking to charge someone of anything that they can convince the public was a crime.
 
Last edited:

WarmWinterHat

macrumors 68030
Feb 26, 2015
2,664
7,864
Makes me feel good about having disabled push notifications for absolutely everything except weather and texts. I DESPISE push notifications.

That said, it sounds like it's time for Apple to require push notifications to be encrypted, or they don't pass them along.
 
Last edited by a moderator:

0339327

Cancelled
Jun 14, 2007
634
1,934
Israel, Mexico and the UK are probably the first ones that come to mind


Russia
China
the entire EU

I mean seriously, any country without a constitution prohibiting this is likely involved in this behavior. I wouldn't put this past Canada or Australia.

Mexico? I doubt they have the manpower to deal with this. They can't even track stop the corruption within a municipal office, let alone tracking millions of people. Maybe the drug lords use this stuff. I wouldn't put it past Apple to deal with the mob if they could earn a profit doing so.
 

contacos

macrumors 603
Nov 11, 2020
5,367
20,531
Mexico City living in Berlin
Russia
China
the entire EU

I mean seriously, any country without a constitution prohibiting this is likely involved in this behavior. I wouldn't put this past Canada or Australia.

Mexico? I doubt they have the manpower to deal with this. They can't even track stop the corruption within a municipal office, let alone tracking millions of people. Maybe the drug lords use this stuff. I wouldn't put it past Apple to deal with the mob if they could earn a profit doing so.

Mexico was (if not) the first and still the biggest client of Pegasus. They actually used it to spy on the parents of the missing / murdered college students a few years ago for example

edit: found a source: https://www.nytimes.com/2023/04/18/world/americas/pegasus-spyware-mexico.html

there is actually a trial happening right now against the former president of Mexico

 

zakarhino

Contributor
Sep 13, 2014
2,600
6,946
"Unidentified governments"

So that confirms USA, Germany, UK, Israel, France, New Zealand, Australia, Saudi, UAE, Ukraine, and a few more European states.

But I guess the media and social media will want to focus on how China, Iran, and Russia are using this instead because foreign countries doing bad things is more important than our own countries and allies doing it to us apparently.
 

zakarhino

Contributor
Sep 13, 2014
2,600
6,946
Notifications are sent to you from a third party. How would a firewall on your phone prevent what's happening here?

No the notifications are sent from a third party and routed through Apple's servers to actually get to the iPhone. When a dev sends a notification, they send it to Apple and Apple delivers it to you. That's the point of this article. So yes, while I agree with OP that a Little Snitch style easy firewall for iOS would be awesome, unless you're blocking Apple's servers (which renders the iPhone useless) a firewall does nothing on this one.
 

rb24

macrumors regular
Jun 20, 2017
144
136
Won't developers of apps like Signal and Telegram that are supposed to be secure have thought of this and be careful how they construct their push notifications?
 

lazyrighteye

Contributor
Jan 16, 2002
4,164
6,444
Denver, CO
Push notification tracking? Didn’t see that coming. Interesting…

It’s great this is being revealed. It should not at all (but somehow will, for a staggering number of people) come as BREAKING NEWS to learn that governments are surveilling its citizens nor that they are legally preventing companies from divulging said surveilling (wait… whaaaat?!?). Right, wrong, or something in between, that’s how it’s worked since we crawled out of the ocean: a select few control govern the masses.

While this is clearly so much bigger than any one company, I fully expect usual suspects to call for Tim’s ousting. Brace yourselves.
 

displayblock

macrumors regular
Jul 31, 2014
138
446

jav6454

macrumors Core
Nov 14, 2007
22,303
6,262
1 Geostationary Tower Plaza
What happened?
Your post is wrong on many levels:

Objectively speaking... To start, it's not the iPhone that is being targeted, it is the notifications being pushed towards it. If you actually read the article, you would know that these notifications can be encrypted but it depends on the developer, not Apple.

Secondly, the iPhone itself is still safeguarded, governments, as always, just found a technicality to access data.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.