PRIVACY: Apple Confirms Governments Using Push Notifications to Surveil Users.
According to the report, [Sen. Ron] Wyden’s letter said a “tip” was the source of the information about the surveillance. A source familiar with the matter confirmed that both foreign and U.S. government agencies have been asking Apple and Google for metadata related to push notifications. The data is said to have been used to attempt to tie anonymous users of messaging apps to specific Apple or Google accounts.
Reuters’ source would not identify which governments were making the data requests but described them as “democracies allied to the United States.” They did not know how long the requests had been going on for.
Apple advises developers not to include sensitive data in notifications and to encrypt any data before adding it to a notification payload. However, this requires action on the developers’ part. Likewise, metadata (like which apps are sending notifications and how often) is not encrypted, potentially giving anyone with access to the information insight into users’ app usage.
Not a great look for a company that’s been using privacy as a big part of its sales pitch.