Governments Spying Smartphones
A U.S. senator has raised alarm bells regarding foreign governments exploiting push notifications on smartphones to spy on users. In a letter to the Department of Justice this week, Senator Ron Wyden (D-OR) urged action to address the privacy and security risks.
Wyden, a senior member of the Senate Intelligence Committee, said his office received a tip in spring 2022 indicating that foreign intelligence agencies have been “demanding” access to push notification records from Apple and Google. Because push notifications must pass through the device’s operating system, rather than just the app, Apple and Google have unique insight into user behavior across apps.
By accessing these records, Wyden warns that foreign governments can see private details like which apps users have notifications enabled for, how frequently notifications are received, what time of day they interact with certain apps, and more. Armed with this data, spies could decipher daily routines, interests, relationships and identities.
What Are Push Notifications and Why Are They a Target?
For those unfamiliar, push notifications are pop-up messages and alerts delivered by apps to users. They serve many functions —breaking news updates, reminders, promotions, new messages, and more. Without opening the related app, users can glimpse basic notification content or tap to access the full details.
The majority of apps now utilize push notifications as a core function given their effectiveness for continual user engagement. They are enabled by default in settings for most apps downloaded on an iPhone or Android device.
From a spying perspective, accessing push notification logs provides tremendous insight into real-time app usage and behavior patterns. The extensive reach of push notifications across apps and devices renders billions of data points that can be aggregated for intelligence purposes.
And since push notifications must be transmitted through Apple’s iOS or Google’s Android operating systems before appearing on iPhones or Androids, these tech providers have access to metadata revealing when notifications were sent and received as well as associated usage details.
Apple and Google in “Unique Position” with Complete View Into App Activities
In his letter, Wyden stressed that Apple and Google’s positions operating iOS and Android provide “unique” and comprehensive visibility into user app activities via analysis of push notification traffic. He described the companies as being “in a unique position to facilitate government surveillance.”
This unprecedented access presents tremendous risks in terms of government overreach and foreign spying if exploited. The detailed app usage insights available from accessing volumes of push notification records over an extended period effectively provides intelligence agencies a window into citizens’ day-to-day behaviors, interests, relationships and identities.
And the fact that users have no visibility into what notification-related metadata is being accessed compounds the privacy implications.
Calls for Transparency Around Government Data Requests
When Senator Wyden’s staff contacted Apple and Google as part of their investigation into foreign governments obtaining Americans’ push notification information, the tech giants confirmed receiving such requests but said they were barred from publicly disclosing details.
Wyden is now urging the Department of Justice to repeal or modify policies preventing transparency around government push notification data demands. In his letter to Attorney General Garland, Wyden wrote:
“Apple and Google should be permitted to be transparent about the legal demands they receive, particularly from foreign governments…These companies should be permitted to generally reveal whether they have been compelled to facilitate this surveillance practice, to publish aggregate statistics about the number of demands they receive, and unless temporarily gagged by a court, to notify specific customers about demands for their data.”
Greater transparency would allow Apple, Google and app developers to alert users if their push notification information has been compromised. It would also help inform the public on the scope of surveillance overreach impacting smartphone technologies.
Unchecked, access to push notification logs at scale poses tremendous risks to civil liberties and personal freedoms. And without transparency around what data is being accessed and by whom, citizens are unable to give informed consent.
Wyden’s revelation that foreign governments are already exploiting iPhone and Android push notifications for spying purposes makes clear the urgent need to act before abuse becomes more rampant. As he concluded in his letter:
“Individuals cannot consent to surveillance they do not know about, and so I urge you to immediately clarify the rules…so that Americans can fully understand the extent to which their data is vulnerable to foreign government demands.”
In surfacing concerning cases of foreign push notification spying, Senator Ron Wyden has brought welcome attention to significant privacy issues in the smartphone era. His calls for transparency from both government and Big Tech reflect responsible leadership to counter unchecked surveillance overreach.
Americans have a right to understand exactly what personal data is being accessed and how it is being used. Wyden’s actions represent an important first step toward securing informed user consent and ensuring platforms like iPhones and Androids do not become enablers of mass rights violations by intelligence agencies and authoritarian regimes abroad.
The outcomes of his appeal to the Department of Justice — whether in the form of modified transparency rules, public reports on data demands or even notification systems for impacted users — now bears monitoring. One thing is clear: revelation of foreign governments exploiting push notification metadata provides urgent motivation to act.