Unidentified governments are using push notifications to surveil smartphone users, according to US Senator Ron Wyden. In a letter to the Department of Justice, Wyden expressed concern that foreign officials were demanding data from Google and Apple to track smartphones. He argued that the companies’ unique access to the traffic flowing from these notifications makes them an ideal source for government surveillance. Apple has stated that they were previously prohibited from sharing information on this surveillance, but now plan to update their transparency reporting to include these types of requests. Both foreign and US government agencies have reportedly been requesting metadata related to push notifications in order to tie anonymous users to specific Apple or Google accounts. The specific governments making these requests have not been identified, but they are described as “democracies allied to the United States.” Apple advises developers to avoid including sensitive data in notifications and to encrypt any data they do include, but this requires action on the developers’ part. The metadata itself, such as which apps are sending notifications and how often, is not encrypted and could potentially provide insight into users’ app usage.
https://www.macrumors.com/2023/12/06/apple-governments-surveil-push-notifications/