This might be slightly old, but it is no less relevant.

<https://www.wired.com/story/apple-google-push-notification-surveillance/>

The United States government and foreign law enforcement can demand
Apple and Google share metadata associated with push notifications from
apps on iOS and Android, according to a US senator and court records
reviewed by WIRED. These notifications can reveal which apps a person
uses, along with other information that may be pertinent to law
enforcement investigations.

US Senator Ron Wyden, an Oregon Democrat, highlighted the government surveillance technique in a letter sent to the US Department of Justice
(DOJ) today. Wyden is specifically asking the DOJ to allow Apple and
Google to discuss government requests for push notification records with
their users, which Wyden says the US government has required them to
keep secret thus far.

“In the spring of 2022, my office received a tip that government
agencies in foreign countries were demanding smartphone ‘push’
notification records from Google and Apple,” Wyden wrote in the letter,
which was first reported by Reuters. “My staff have been investigating
this tip for the past year, which included contacting Apple and Google.
In response to that query, the companies told my staff that information
about this practice is restricted from public release by the government.”

App developers deliver push notifications using Apple’s Push
Notification Service on iOS or Google’s Firebase Cloud Messaging on
Android. Each user of an app is assigned a “push token,” which is transferred between the app and the mobile operating system’s push notification service. Push tokens are not permanently assigned to a
single user, and new tokens may be generated when a person reinstalls an
app or switches to a new device.

To identify a person of interest and whom they may have been
communicating with, law enforcement must first go to an app developer to
obtain the relevant push token and then bring it to the operating system maker—Apple or Google—and request information on which account the token
is associated with. This puts the tech giants in “a unique position to facilitate government surveillance of how users are using particular
apps,” Wyden writes.

According to Wyden, the records that governments can obtain from Apple
and Google include metadata that reveals which apps a person has used,
when they’ve received notifications, and the phone associated with a particular Google or Apple account. The content of push notifications is
not included in this information, but, for at least some apps, law
enforcement could obtain information about the content of specific
pushes through additional requests based on the information from the
push tokens.

While Wyden’s letter says that governments outside the US have requested people’s push notification records, the Federal Bureau of Investigation
(FBI) has done so as well. A February 2021 search warrant application
submitted by an FBI agent to the US District Court in Washington, DC,
requested details for two accounts controlled by Meta (then Facebook), specifically citing a request for push notification tokens. The search
warrant request related to an investigation into a person accused of
taking part in the January 6, 2021, attack on the US Capitol.

Meta, which owns Facebook, WhatsApp, and Instagram, did not immediately
respond to WIRED’s request to comment. A spokesperson for Signal, the
popular encrypted messaging app, also did not respond. The DOJ declined
to comment.

Although Wyden is asking the DOJ to allow Apple and Google to discuss government requests for push notification records, the senator’s letter appears to have enabled them to do just that.

An Apple spokesperson tells WIRED that the company has updated its Law Enforcement Guidelines in its transparency report to reflect government requests for push notification records. The company will also begin to
detail these requests in its next transparency report. Apple's updated
rules for police requests say push notification records “may be obtained
with a subpoena or greater legal process.”

“Apple is committed to transparency and we have long been a supporter of efforts to ensure that providers are able to disclose as much
information as possible to their users,” Apple says in a statement. “In this case, the federal government prohibited us from sharing any
information and now that this method has become public we are updating
our transparency reporting to detail these kinds of requests.”

Google confirmed to WIRED that it receives requests for push
notification records, but the company says it already includes these
types of requests in its transparency reports. The company says requests
from US-based law enforcement for push notification records require
court orders with judicial approval.

--
RabidPedagog
Catholic paleoconservative
Linux Mint patron

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-01-26 04:19, RonB wrote:

On 2024-01-26, RabidPedagog <rabid@pedag.og> wrote:

This might be slightly old, but it is no less relevant.

<https://www.wired.com/story/apple-google-push-notification-surveillance/> >>
The United States government and foreign law enforcement can demand
Apple and Google share metadata associated with push notifications from
apps on iOS and Android, according to a US senator and court records
reviewed by WIRED. These notifications can reveal which apps a person
uses, along with other information that may be pertinent to law
enforcement investigations.

US Senator Ron Wyden, an Oregon Democrat, highlighted the government
surveillance technique in a letter sent to the US Department of Justice
(DOJ) today. Wyden is specifically asking the DOJ to allow Apple and
Google to discuss government requests for push notification records with
their users, which Wyden says the US government has required them to
keep secret thus far.

“In the spring of 2022, my office received a tip that government
agencies in foreign countries were demanding smartphone ‘push’
notification records from Google and Apple,” Wyden wrote in the letter,
which was first reported by Reuters. “My staff have been investigating
this tip for the past year, which included contacting Apple and Google.
In response to that query, the companies told my staff that information
about this practice is restricted from public release by the government.” >>
App developers deliver push notifications using Apple’s Push
Notification Service on iOS or Google’s Firebase Cloud Messaging on
Android. Each user of an app is assigned a “push token,” which is
transferred between the app and the mobile operating system’s push
notification service. Push tokens are not permanently assigned to a
single user, and new tokens may be generated when a person reinstalls an
app or switches to a new device.

To identify a person of interest and whom they may have been
communicating with, law enforcement must first go to an app developer to
obtain the relevant push token and then bring it to the operating system
maker—Apple or Google—and request information on which account the token >> is associated with. This puts the tech giants in “a unique position to
facilitate government surveillance of how users are using particular
apps,” Wyden writes.

According to Wyden, the records that governments can obtain from Apple
and Google include metadata that reveals which apps a person has used,
when they’ve received notifications, and the phone associated with a
particular Google or Apple account. The content of push notifications is
not included in this information, but, for at least some apps, law
enforcement could obtain information about the content of specific
pushes through additional requests based on the information from the
push tokens.

While Wyden’s letter says that governments outside the US have requested >> people’s push notification records, the Federal Bureau of Investigation
(FBI) has done so as well. A February 2021 search warrant application
submitted by an FBI agent to the US District Court in Washington, DC,
requested details for two accounts controlled by Meta (then Facebook),
specifically citing a request for push notification tokens. The search
warrant request related to an investigation into a person accused of
taking part in the January 6, 2021, attack on the US Capitol.

Meta, which owns Facebook, WhatsApp, and Instagram, did not immediately
respond to WIRED’s request to comment. A spokesperson for Signal, the
popular encrypted messaging app, also did not respond. The DOJ declined
to comment.

Although Wyden is asking the DOJ to allow Apple and Google to discuss
government requests for push notification records, the senator’s letter
appears to have enabled them to do just that.

An Apple spokesperson tells WIRED that the company has updated its Law
Enforcement Guidelines in its transparency report to reflect government
requests for push notification records. The company will also begin to
detail these requests in its next transparency report. Apple's updated
rules for police requests say push notification records “may be obtained >> with a subpoena or greater legal process.”

“Apple is committed to transparency and we have long been a supporter of >> efforts to ensure that providers are able to disclose as much
information as possible to their users,” Apple says in a statement. “In >> this case, the federal government prohibited us from sharing any
information and now that this method has become public we are updating
our transparency reporting to detail these kinds of requests.”

Google confirmed to WIRED that it receives requests for push
notification records, but the company says it already includes these
types of requests in its transparency reports. The company says requests
from US-based law enforcement for push notification records require
court orders with judicial approval.

This is why I keep trying to find something other than Android or iOS for my phones. I mostly use a flip phone, but even it runs a limited version of Android, AO... something — much more limited, though, I think.

I would avoid phones altogether, but I've become a fan of podcasts and
enjoy having them play in the background while I drive. I doubt any
flip-phone would allow me to get podcasts. I barely ever get calls and
rarely call people. I get texts, but they're mostly from my wife and my favourite colleague at my previous school board. Otherwise, the device
is utterly useless to me. I only ever got one in 2003 because I was
convinced that the girl I was dating at the time would want to call me
all the time.

--
RabidPedagog
Catholic paleoconservative
Linux Mint patron

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 26 Jan 2024 13:57:25 -0500, RabidPedagog wrote:

I only ever got one in 2003 because I was convinced that the girl I was dating at the time would want to call me all the time.

My boss tried to convince me to get one. He knew I hiked alone and
stressed the safety aspect. I pointed out there was no cell coverage in
most of my favorite areas anyway.

When my brother's health started to fail, I finally got one. Most of my
actual phone calls are with my wife. I've got a geocaching and step
counter app I use, plus slack for work related messages. It's also a lot
easier for 2FA.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-01-26 21:46, rbowman wrote:

On Fri, 26 Jan 2024 13:57:25 -0500, RabidPedagog wrote:

I only ever got one in 2003 because I was convinced that the girl I was
dating at the time would want to call me all the time.

My boss tried to convince me to get one. He knew I hiked alone and
stressed the safety aspect. I pointed out there was no cell coverage in
most of my favorite areas anyway.

When my brother's health started to fail, I finally got one. Most of my actual phone calls are with my wife. I've got a geocaching and step
counter app I use, plus slack for work related messages. It's also a lot easier for 2FA.

Ah yes, 2FA. Admittedly, I use that a lot. That is one good reason to
have a smartphone on our person.

--
RabidPedagog
Catholic paleoconservative
Linux Mint patron

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)