Apple will no longer give police users' push notification data without a warrant

Apple said it will no longer give over records of users’ push notifications to law enforcement unless the company receives a valid judge’s order.

In its law enforcement guidelines updated this week, Apple said law enforcement and government agencies can now obtain push notification records with a court order or a search warrant, both of which have to be approved by a judge.

Previously, Apple allowed police to obtain this information with a subpoena, which are issued by police departments and law enforcement agencies with no judicial oversight.

Apple’s change in how it handles demands for push notification data lands days after U.S. senator Ron Wyden disclosed that Apple and Google can be “secretly compelled by governments” to hand over the contents of push notifications sent to customers’ phones.

For its part, Google requires a court-issued order before it will hand over push notification data.

Apple did not respond to a request for comment, or say for what reason it previously allowed law enforcement to obtain users’ push notification data without a warrant.

Push notifications appear as pop-up messages on a phone alerting the user to new messages, breaking news, and other app-based updates. Push notifications are typically routed through Apple and Google servers, meaning “Apple and Google are in a unique position to facilitate government surveillance of how users are using particular apps,” said Wyden.

According to Wyden, the previously secret practice meant that Apple and Google were prevented from publicly disclosing these types of government demands. Wyden said unnamed foreign governments are also demanding Apple and Google turn over users’ push notification data.

Not all apps are vulnerable to having push notifications intercepted or obtained by law enforcement demands.

Meredith Whittaker, the president of end-to-end encrypted messaging app Signal, said in a series of Mastodon posts that Signal’s push notifications “don’t reveal who sent the message or who is calling” and are “processed entirely on your device.”

Source link