US Senator Ron Wyden send a letter to the U.S. Department of Justice last week seeking more information about a tip his office received.
The letter and the subsequent response from the parties involved—Apple and Google—reveal new information that had not previously been brought to light: Governments can monitor smartphone users by asking for their notification data.
Apple is changing its policy
According to a Reuters report, over the past 7 days, Apple has been quietly updating its enforcement policies and making it harder for the government to access this data.
Apple provides Legal process guidelines for law enforcement publicly on its website. According to the Reuters report, these guidelines have recently been updated. The update adds new language that now states that a “judge warrant” or search warrant is required for Apple to provide data for targeted user notification.
The corresponding update appears in the “Apple Push Notification Service (APN)” section of the policy.
“When users allow an app they’ve installed to receive push notifications, an Apple Push Notification Service (APNs) token is generated and registered to that developer and device,” Apple’s guidelines state. “The Apple ID associated with a registered APN token and related records may be obtained with a warrant pursuant to 18 USC §2703(d) or a search warrant.”
Google already had such requirements, according to the company’s statement to Reuters when the story first broke last week.
As mentioned in Mashable’s previous coverage, data that a user provides to third-party mobile apps is typically stored by those third-party developers. However, when this data appears as a push notification on the user’s phone, the information passes through Apple and Google servers. This makes certain data available to iPhone and Android device manufacturers — and that data can be requested by law enforcement.
Now that this practice has been exposed publicly, users should be careful when granting push notification access to certain apps. And companies like Apple are adjusting their own rules about how they treat that data as well.