Governments spying on Apple, Google users through push notifications

Apps of all kinds rely on push notifications to alert smartphone users to incoming messages, breaking news, and other updates. These are the audible "dings" or visual indicators users get when they receive an email or their sports team wins a game. What users often do not realize is that almost all such notifications travel over Google and Apple's servers.

That gives the two companies unique insight into the traffic flowing from those apps to their users, and in turn puts them "in a unique position to facilitate government surveillance of how users are using particular apps," Wyden said. He asked the Department of Justice to "repeal or modify any policies" that hindered public discussions of push notification spying.

Apple talks a big game about privacy and security, but Apple Push Notification service is a centralized channel of communication where Apple necessarily holds the keys to decrypt every notification in transit (of the trillions per day that they process), and surely retains those notifications long enough that a device that's disconnected for a few hours or days could reconnect to the Internet and fetch them.

I knew all this, and it's one (of many) reasons that I disable almost all notifications on my phone, even messaging—I can't help but check my messages a dozen times per hour out of force of habit, after all. But until I read this report, it hadn't occurred to me that most users have no idea how APNs work or that this vector would exist for a PRISM-like surveillance tool. Government gets a warrant for a stream of someone's push notifications, appends them to a running log, and they have at least one side of every conversation—it doesn't even matter if the user has Advanced Data Protection enabled.

What I didn't know is that Apple released an API that allows developers to encrypt the contents of every APNs notification to prevent Apple from seeing them with UNNotificationServiceExtension. The API has been available for a few years (2017, it looks like?), but because developers have to go out of their way to roll their own encryption regime on either end of the communication to cut Apple out of the loop, it's unlikely that very many apps are doing this. Are any major messaging apps? Is Signal? (Update: according to Orta, yes, Signal does encrypt notification contents.)

Will be interesting to see how large developers respond to this news and whether Apple starts promoting the use of this API more loudly as a result.

Got a taste for fresh, hot takes?

Then you're in luck, because you can subscribe to this site via RSS or Mastodon! And if that ain't enough, then sign up for my newsletter and I'll send you a usually-pretty-good essay once a month. I also have a solo podcast, because of course I do.