Apple Gave Governments Data on Thousands of Push Notifications
Apple Gave Governments Data on Thousands of Push Notifications
Push notification data can sometimes include the unencrypted content of notifications. Requests include from the U.S., U.K., Germany, and Israel.
We've known about this for a long time. Google too. Apple publishes it in their transparency reports now.
I was going to say why is this news now? This was a big thing at the end of 2023. Like they even mentioend it in the article.
The practice first came to light in 2023 when Senator Ron Wyden sent a letter to the U.S. Department of Justice
Data breaches should always be news, even if it is unsurprising to you personally. There's literally always going to be someone out there who doesn't have the same information that you do.
Edit: yes, I do think it ought to be considered a data breach when data is shared with additional parties, even (or maybe especially) when that party is the government.
It’s paywalled for me so can’t see this all. But does this mean signal, rcs and other encrypted messages are being logged? Kind of defeats the purpose of privacy based use cases if so
Yes. 100%. Some app creators will encrypt the contents but I don't think they can encrypt the metadata.
Even the most "private" of companies like Signal and Proton don't provide any alternative either. Third-party fork Molly adds UnifiedPush support to Signal.
From Signal CEO:
PSA: We've received questions about push notifications. First: push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls–not to Apple, not to Google, not to anyone but you & the people you're talking to.
In Signal, push notifications simply act as a ping that tells the app to wake up. They don't reveal who sent the message or who is calling (not to Apple, Google, or anyone). Notifications are processed entirely on your device. This is different from many other apps.
What's the background here? Currently, in order to enable push notifications on the dominant mobile operating systems (iOS and Android) those building and maintaining apps like Signal need to use services offered by Apple and Google.
Apple simply doesn’t let you do it another way. And Google, well you could (and we've tried), but the cost to battery life is devastating for performance, rendering this a false option if you want to build a usable, practical, dependable app for people all over the world.
So, while we do not love Big Tech choke points and the control that a handful of companies wield over the tech ecosystem, we do everything we can to ensure that in spite of this dynamic, if you use Signal your privacy is preserved.
(Note, if you are among the small number of people that run alt Android-based operating systems that don't include Google libraries, we implement the battery-destroying push option, and hope you have ways to navigate.)
PSA: We've received questions about push notifications. First: push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls–not to Apple, not to Google, not to anyone but you & the people you're talking to.
Doesn't this mean there is nothing to log? You got me confused
Signal is E2EE. While it does use notifications, there is no meaningful unencrypted content in them. The content of the notification you see is decrypted on-device.
A push notification, from a technical standpoint, is just a way to wake up an app. It doesn't have to contain any information.
So when you get a message, the messaging service sends a push notification through Apple/Google, which is a way of saying "Hey messaging app, wake up". The app then starts running in the background on your phone, connects to it's server, asks if there is anything new to know about, and the server tells it about a new message, if any. This can then generate a notification on your phone, but importantly what you are seeing in the notification did not come through Apple/Google, all that did was the "Hey messaging app, wake up!".
If authorities then request this data from Apple/Google, all they can see is the times at which your messaging app was asked to wake up. Not whether any message was actually received, or what it contained, or from who. Because all that never touched Apple/Google's systems, not even in an encrypted form.
That being said, some data can be sent directly through the Apple/Google system along with the wake up message, so it's not impossible that some apps include some metadata there. In theory they shouldn't. For example simple marketing notifications or ads often are just included with the push, because it's simple to do.
all they can see is the times at which your messaging app was asked to wake up. Not whether any message was actually received, or what it contained, or from who.
Here's what Senator Ron Wyden had to say on the matter:
The data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification.
So they know:
- What app received the notification
- when it was received
- who it was sent to
Yes, these are not "private" services, they are "secure messaging" services. Commonly confused issue. Privacy requires controlling the communication infrastructure. Security only requires controlling the items being shared.
And that is why we use ntfy :)
Not the main instance ofc because then you have one big silo again, but there are plenty of publicly hosted servers.Selfhosted gotify rules
Does ntfy solve this problem?
It gives you full control over everything required for push notifications. If you self host tge server its perfect ofc, but even if you dont, spreading notification data over hundreds or thousands of push servers makes it much harder for governments to find what they are looking for.
Would be great if app publishers actually made it available. To my knowledge there are only 2 or 3.
Apple’s transparency reports are interesting to look at, though I think the last update was June 2024.
Here’s the latest update for the US.
Thank you
Thousands, you say? gasp
Exactly. Out of the trillions that they probably process every day, over several years, they only had to turn over “thousands”. If the government can find a bunch of loopholes to get what they want, then that’s hardly the fault of Apple.
If the worst you can say about Apple is that they still, very rarely, are forced to turn over data to the government due to bureaucratic loopholes and are no fault of their own, then I still stand behind them.
And if they got anything useful out of that data? Then it is the fault of the actors for not properly encrypted their data when they have the opportunity.
Oh hey it's one of Signal's main vulnerabilities again @rysiek@szmer.info
I'm actually surprised this came up again. Wasn't this a thing back like a year and a half ago or something as well? I remember a big push to get on unified push about then.