Photo of a person's hands holding a phone with icons of phone notifications overlayed above the phone.

Things You Should Know But Don’t: Are Your Push Notifications Being Tracked?

Posted December 11, 2023

Cyber-security is a topic that I feel should be on everybody’s radar. While it’s easy to fall behind in this digital age where technology seems to change and improve on a day-to-day basis, it’s still important to stay informed about data privacy so that you can protect yourself. There are some simple steps you can take to make these positive changes. For instance, I have previously urged my audience to consider switching to a chat app like Signal that uses end-to-end encryption and to stay up-to-date on how law enforcement obtains personal cell data. This makes your private conversations harder to decipher for hackers, law enforcement, and other agencies that may be trying to get it. I try to inform and update my audience about this topic as much as possible.

On December 6th U.S. Senator Ron Wyden sent a letter to the U.S. Department of Justice that stated government agencies have been demanding push notification data from companies like Apple and Google. According to Wyden, companies were prohibited from disclosing these requests, explaining that “the companies told my staff that information about this practice is restricted from public release by the government.” A recent article from Wired goes into detail about how law enforcement retrieves the requested metadata—first by asking individual apps and then following up with the relevant operating system company for information on the associated account— and the type of data that could be obtained. The Washington Post looked into court records from past years and found over two dozen documents “related to federal requests for push notification data.” Some were found to have been from at least 2020, suggesting that these requests have been happening unnoticed for years.

Usually this sort of thing is preventable— tech companies like Apple and Google have what are called transparency reports. These are documents that provide the statistics on how many government requests for user data and what types are submitted over a six-month period. They also tend to publicly outline the kinds of data they will share with law enforcement. On the same day Wyden’s letter was sent, Apple updated their Law Enforcement Guidelines to now include a section on push notifications. However, prior to Wyden’s letter it wasn’t explicitly clear that government agencies had been making these demands and in some cases receiving metadata as a response. While the government prohibited companies from divulging this information, “Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.

While it seems Wyden’s letter is already having positive impacts on transparency (with more to possibly come), the implications are worrying. Even if you’ve been using apps that you consider safe and secure, such as ones with end-to-end encryption, it is possible the data could still end up in unwanted hands if you’ve had push notifications enabled. Considering most apps default to turning push notifications on and that until now there’s been little reason to deactivate them, it’s possible that nearly all your apps use this feature—something you may want to reconsider for the time being.

Leave a Reply

Your email address will not be published. Required fields are marked *