by Dan Moren
Apple will now disclose government requests for push notification data
Ashley Belanger, writing at Ars Technica:
Apple has since confirmed in a statement provided to Ars that the US federal government “prohibited” the company “from sharing any information,” but now that Wyden has outed the feds, Apple has updated its transparency reporting and will “detail these kinds of requests” in a separate section on push notifications in its next report. Ars verified that Apple’s law enforcement guidelines now notes that push notification records “may be obtained with a subpoena or greater legal process.”
Push notifications aren’t run on an app-by-app basis; rather, they all travel through servers controlled by Apple and Google. These requests can give up a surprising amount of information, perhaps the least of which is the actual content of the notification. For example, it could reveal which app or device the notification was sent to, as well as presumably timestamp data. Even in cases where it didn’t reveal sensitive content, information could be gleaned from seemingly innocuous information. (I have no trouble believing that a sufficiently clever intelligence apparatus could, for example, use something like Apple or CARROT Weather’s live precipitation notifications to derive location information based on where it was raining at the time.)
Stopping these requests, which were issued by foreign governments, is difficult if not impossible. But allowing Apple to acknowledge them in its transparency reports is a step in the right direction; at the very least, it encourages developers to be more careful about any unencrypted information shared in those notifications.
This is the classic cat-and-mouse game of intelligence: governments and their agencies will always look for new information to exploit, while companies (hopefully) try to increasingly protect their information from snooping.