“In the spring of 2022, my office received a tip that government agencies in foreign countries were demanding smartphone ‘push’ notification records from Google and Apple,” Wyden’s letter [PDF] says.

Following the publication of Wyden’s letter, Apple told Reuters that it intends to update its transparency reports to reflect receipt of push notification data requests.

Apple and Google each offer push notifications, alerts managed at the operating system level that allow mobile apps to notify users about specific events, like the receipt of messages or updated content.

As operators of push notification servers, Apple and Google are uniquely situated to serve government surveillance efforts, Wyden said.

Push notifications (but not metadata) are typically encrypted in transit (TLS) but are not necessarily protected on Apple’s or Google’s servers unless developers have taken the necessary additional steps.

David Libeau, a Paris-based developer, published a report about the problem in January titled “Push notifications are a privacy nightmare.”

Saved 69% of original text.