Wyden: Governments spy on Apple, Google users through smartphone notifications

Sen. Ron Wyden warned in a letter to the Department of Justice on Wednesday that governments are spying on Apple and Google smartphone users through mobile push notifications.

The Oregon Democrat, who has long been a privacy advocate, said his office received a tip about the practice last year, and sought more information on the alleged surveillance from Apple and Google. The tech giants told Wyden that the U.S. government bars them from publicly releasing the requests, the senator said.

In his letter on Wednesday, Wyden asked the DOJ to revise the policies that restrict companies from publicly disclosing the demands. His letter was first reported by Reuters.

“Apple and Google should be permitted to be transparent about the legal demands they receive, particularly from foreign governments, just as the companies regularly notify users about other types of government demands for data,” Wyden wrote to Attorney General Merrick Garland.

He added that companies should be allowed to “generally reveal” whether they have been forced to allow the surveillance, make statistics about the number of demands received publicly, and alert customers about queries for their data unless under a court order not to.

A spokesperson for the Department of Justice declined to comment.

For iPhones, push notifications are sent through Apple's Push Notification Service while Android phones use Google's Firebase Cloud Messaging, making Apple and Google the main players in the push notification system. The notifications typically cross Google and Apple servers, placing the tech giants in a “unique position to facilitate government surveillance of how users are using particular apps,” Wyden wrote.

Wyden’s letter noted that app developers don’t have ways to stop the practice if they want to be able to send notifications on the Apple and Google platforms which iPhones and Android phones rely on.

“As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information,” Wyden wrote.

He also told Garland the push notification data Apple and Google receive includes metadata documenting which app received a notification and when. The tech giants also see which phone and related Apple or Google account receive the notifications, he wrote, noting that in some cases the companies may also receive unencrypted information which could include “backend directives for the app to the actual text displayed to a user in an app notification.”