Hand holding mobile phone with generic social media push notifications hovering above it

US government is snooping on people via phone push notifications, says senator

Many people don’t realize that the instant alert push notifications you get on your phone are routed through Google or Apple’s servers, depending on which device you use. So if you have an iPhone or iPad, any push notifications can be seen by Apple, and if you use an Android, they can be seen by Google.

But, it seems, it’s not just Apple and Google who can view them.

In a letter to Attorney General Merrick B. Garland, Senator Ron Wyden urged the Department of Justice (DOJ) to “permit Apple and Google to inform their customers and the general public about demands for smartphone app notification records.”

And, since Apple and Google serve as intermediaries in the delivery of these push notifications this puts them in “a unique position to facilitate government surveillance of how users are using particular apps, “ wrote Senator Wyden.

The type of information varies from app to app, but in certain cases, it might also contain unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in a notification.

In the letter, Senator Wyden asked the DOJ to repeal or modify any policies that hinder public discussions of push notification spying.

“Apple and Google should be permitted to be transparent about the legal demands they receive, particularly from foreign governments, just as the companies regularly notify users about other types of government demands for data.”

The reason for this request stems from the fact that Apple and Google told the senator’s staff that information about this practice is restricted from public release by the government.

Apple said in a statement that it welcomed Wyden’s letter as it gave the opening it needed to share more details with the public about how governments monitored push notifications.

A source familiar with the matter confirmed to Reuters that both foreign and US government agencies have been asking Apple and Google for metadata related to push notifications to, for example, help tie anonymous users of messaging apps to specific Apple or Google accounts.

This is possible because the data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. So, if you’re using a messaging app which you’d like not to be tied to your device or online accounts, you probably shouldn’t allow those apps to show you notifications and instead check manually whether there are new messages.

Disabling notifications

After writing the above I went over the list of apps that had permissions to send me notifications and limited this to a few that I feel I need and won’t do too much harm. If you want to do the same, here is what you can do.

On Android devices open your Settings app and click on Notifications. In the dropdown menu, tap All apps. Here you can turn the app’s notifications on or off. There could be slight variations due to Android version and phone vendors.

On iPhones and iPads open the Settings app and click on Notifications. You’ll see a list of apps that are allowed to show push notifications. To disable them, you need to click on the individual app in that list and disable notifications (turn the slider from green to grey).

No doubt there is more to come on this story. We’ll keep you updated.


We don’t just report on privacy—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.