U.S. Senator Ron Wyden sent a letter to the U.S. Department of Justice last week, looking for more information regarding a tip his office had received.
The letter and subsequent response from the involved parties – Apple and Google – revealed new information that had not previously been brought to light: Governments can surveil smartphone users by requesting their push notification data.
Apple changes its policy
According to a report from Reuters, within the past 7 days, Apple quietly updated its law enforcement policies and made it more difficult for the government to access that data.
Apple provides Legal Process Guidelines for law enforcement publicly on its website. According to the Reuters report, those guidelines have recently been updated. The update adds new language that now says a “assess’s order,” or seek warrant, is required for Apple to furnish a user’s push notification data.
The relevant update appears under the “Apple Push Notification Service (APNs)” section of the policy.
“When users allow an application they have installed to acquire push notifications, an Apple Push Notification Service (APNs) token is generated and registered to that developer and device,” Apple’s guidelines state. “The Apple ID associated with a registered APNs token and associated records may be obtained with an order under 18 U.S.C. §2703(d) or a seek warrant.”
Google already had such requirements, according to the company’s statement to Reuters when the story first broke last week.
As mentioned in Mashable’s prior coverage, data that a user provides to third-party mobile apps are generally stored by those third-party developers. However, when that data shows up as a push notification on a user’s phone, the information passes through Apple and Google’s servers. This makes certain data accessible to iPhone and Android device makers — and that data can be requested by law enforcement.
Now that this practice has been disclosed publicly, users should exercise caution when granting push notification access to certain apps. And companies admire Apple are adjusting their own rules around how they treat this data as well.