Back in 2023, we reported on how US agencies have used push notification metadata on smartphones for surveillance, pressuring tech companies like Apple and Google to hand over user information. Prompted by Senator Ron Wyden’s inquiry, Apple revealed it had been legally barred from disclosing this practice, which raises serious concerns about civil liberties and government overreach.
Cut to today and government demands for user information tied to Apple’s push notification system continued into the first half of 2024, with the United Kingdom submitting 141 requests, despite the nation’s relatively small size, and the United States following with 129.
Germany also obtained data during this period. Singapore, despite making inquiries, received none. These figures come from Apple’s most recent transparency report, shedding light on global government interest in a lesser-known surveillance vector.
Even some privacy apps can be undermined by surveillance at the push notification level. Many apps have to rely on Apple or Google to deliver notifications; services that can expose critical metadata such as which app sent the notification, when it was sent, and how often.
This metadata can be used by governments to infer user activity, and social connections, and even de-anonymize users. It bypasses app-level encryption entirely, exploiting a layer outside the user’s or developer’s control.
Apple’s report outlines what’s at stake with these requests. When someone enables notifications for an app, the system generates a “push token” that links the device and app to a specific Apple account.
Hellbound and Down 