So, does this mean that Google and Apple have copies of every Signal message from or to anyone with notifications turned on?
Yikes.
I guess it is possible.
🤖 I’m a bot that provides automatic summaries for articles:
Click here to see the summary
“In the spring of 2022, my office received a tip that government agencies in foreign countries were demanding smartphone ‘push’ notification records from Google and Apple,” Wyden’s letter [PDF] says.
Following the publication of Wyden’s letter, Apple told Reuters that it intends to update its transparency reports to reflect receipt of push notification data requests.
Apple and Google each offer push notifications, alerts managed at the operating system level that allow mobile apps to notify users about specific events, like the receipt of messages or updated content.
As operators of push notification servers, Apple and Google are uniquely situated to serve government surveillance efforts, Wyden said.
Push notifications (but not metadata) are typically encrypted in transit (TLS) but are not necessarily protected on Apple’s or Google’s servers unless developers have taken the necessary additional steps.
David Libeau, a Paris-based developer, published a report about the problem in January titled “Push notifications are a privacy nightmare.”
Saved 69% of original text.