Foreign governments likely spy on your smart phone usage, and now Senator Ron Wyden's office is pushing for Apple and Google to reveal how exactly it works. Push notifications, the dings you get from apps calling your attention back to your phone, may be handed over from a company to government services if asked. But it appears the Department of Justice won't let companies come clean about the practice.
Push notifications don't actually come straight from the app. Instead, they pass through the smart phone provider, like Apple for iPhones or Google for Androids, to deliver the notifications to your screen. This has created murky room for government surveillance. "Because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information," Wyden wrote in the letter on Wednesday.
Apple claims it was suppressed from coming clean about this process, which is why Wyden's letter specifically targets the Department of Justice. "In this case, the federal government prohibited us from sharing any information and now that this method has become public we are updating our transparency reporting to detail these kinds of request,” Apple said in a statement to Engadget. Apple's next transparency report will include requests for push notification tokens, according to the company. Specifically, Wyden asks the DOJ to let Apple and Google tell customers and the general public about the demand for these app notification records. "We were the first major company to publish a public transparency report sharing the number and types of government requests for user data we receive, including the requests referred to by Senator Wyden. We share the Senator’s commitment to keeping users informed about these requests," Google said in a statement.
It's even more complicated because apps can't do much about it. Even if there's an individual pledge for security, if an app delivers push notifications, it must use the Apple or Google system to do so. In theory, this means your private messaging could be shared with a foreign government if you're getting push notifications from the app. That includes any metadata about the notification, too, like account information.
The revelation about push notifications come at a time when privacy and security have become a selling point. Companies advertise how they'll keep your information safe, but as more loopholes come to light, it's becoming harder to suss out what's actually trustworthy.