Apple admits to secretly giving governments push notification data

[TEUser2K1]

Apple admits to secretly giving governments push notification data
Apple to update transparency report to break out push notification data requests.

Apple admits to secretly giving governments push notification data

Apple to update transparency report to break out push notification data requests.

arstechnica.com

For their part, recently haven't seen Ads boasting how much Apple cares about user data privacy.

 

[desiibond]

Wow. What a clickbait article. First, companies cannot block judicial order to share data. Most companies including Apple share the data if it is as per the law/jurisdiction. Second, if it is limited to push notifications, they wont get much at all from push notifications as it wont have full details of the notifications on the server (if the application pushing data is E2E encrypted). Third, this will help companies to be more transparent if the restrictions around confidentiality of requests is fully lifted. The ugly side is that perpetrators or abusers (data of whom is taken) may get a sniff that police/government is on to them and take necessary precautions.
Now, see these quotes from the original letter sent by Wyden to DoJ. (https://www.documentcloud.org/docum...ification_surveillance_letter_to_doj_-_signed)

In the spring of 2022, my office received a tip that government agencies in foreign countries were demanding smartphone “push” notification records from Google and Apple. My staff have been investigating this tip for the past year, which included contacting Apple and Google.

As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information.

Apple and Google should be permitted to be transparent about the legal demands they receive, particularly from foreign governments, just as the companies regularly notify users about other types of government demands for data.

Apple and Google should be permitted to be transparent about the legal demands they receive, particularly from foreign governments, just as the companies regularly notify users about other types of government demands for data. These companies should be permitted to generally reveal whether they have been compelled to facilitate this surveillance practice, to publish aggregate statistics about the number of demands they receive, and unless temporarily gagged by a court, to notify specific customers about demands for their data. I would ask that the DOJ repeal or modify any policies that impede this transparency.

This appeal is actual helpful for companies like Apple who are already bringing some transparency.

Here is Apple's statement to curb this excitement among those who do not have money to buy iPhones and Macs.

Apple receives various forms of legal process requesting information from or actions by Apple. Apple requires government and private entities to follow applicable laws and statutes when requesting customer information and data. We contractually require our service providers to follow the same standard we apply to government information requests for Apple data. Our legal team reviews requests to ensure that the requests have a valid legal basis. If they do, we comply by providing data responsive to the request. If a request does not have a valid legal basis, or if we consider it to be unclear, inappropriate or overly broad, we challenge or reject the request. We report on the requests every 6 months.

Source: https://www.apple.com/in/privacy/government-information-requests/

You can actually go and see list of requests

Privacy - Transparency Report - Apple

www.apple.com

Sincere suggestion: Do not get over excited and next time, do not fall for such clickbait posts. Also, there is a difference between selling data (Google/Meta/Twitter) and sharing data due to judicial order.

 

[TEUser2K1]

@desiibond
in-before blaming clickbait about the article title:

News from Sep. 2022:
Apple says it prioritizes privacy. Experts say gaps remain
"In multi-platform ad campaigns, the company told consumers that “what happens on your iPhone, stays on your iPhone,” and equated its products with security through slogans like “Privacy. That’s iPhone.”"

Apple says it prioritizes privacy. Experts say gaps remain

Tech behemoth could do more to protect user data from landing in the hands of police and other authorities, some say

www.theguardian.com

News on Dec.2023:
Apple updates legal process documents to acknowledge push notification data requests

Apple updates legal process documents to acknowledge push notification data requests - 9to5Mac

Yesterday, it was revealed for the first time that governments around the world have been “spying” on iPhone users via...

9to5mac.com

Thats all...

 

[desiibond]

@desiibond
in-before blaming clickbait about the article title:

News from Sep. 2022:
Apple says it prioritizes privacy. Experts say gaps remain
"In multi-platform ad campaigns, the company told consumers that “what happens on your iPhone, stays on your iPhone,” and equated its products with security through slogans like “Privacy. That’s iPhone.”"

Apple says it prioritizes privacy. Experts say gaps remain

Tech behemoth could do more to protect user data from landing in the hands of police and other authorities, some say

www.theguardian.com

News on Dec.2023:
Apple updates legal process documents to acknowledge push notification data requests

Apple updates legal process documents to acknowledge push notification data requests - 9to5Mac

Yesterday, it was revealed for the first time that governments around the world have been “spying” on iPhone users via...

9to5mac.com

Thats all...

What is your point? Both articles refer to Apple sharing data to authorities when legal processes are followed. However strong user privacy settings and policies are in the company, they cannot withhold information asked by authorities with court orders.

There is this European company called Bittium. They have this phone that is one of the most secure phones. Here is a snippet from their T&C

Bittium may share personal data within the limits of the applicable law within the Bittium group of companies. Personal data may also be transferred under the applicable law when Bittium uses subcontractors in the data processing.

The personal data may also be shared with authorities in statutory cases.

Hope you understand that companies must share data when there is a court order. That arstechnica article is absolutely a click-bait article. These tech news sites love creating FUD and sensationalize things for hits and money.

There are multiple points here.

1. Apple does not store APNS data unless the device that is supposed to receive the notification is offline. Once the message is delivered, it is removed from servers. This is documented in Apple's documentation. From what I understand, Apple seem to be caching data of users mentioned in court order and sharing that to authorities. What would be damning is if Apple stores data of all users forever. This does not seem to be the case at this point of time. In the world of powerful streaming services like Kafka, companies dont have to store raw unprocessed data. Companies can process data in real time and extract information that they need.
2. Apple sharing APNS data to governments. They cannot decline this if governments know that the data can be pulled either from past or from that point on.
3. US Government not allowing tech giants not to disclose these APNS requests in their transparency reports, as per Federal law. With (whatever the law is) this law in place, if Apple publishes those reports, they would be under Federal investigation and they for sure wont get into that mud.
4. No comments till now as to why US Government does not allow this data to be published. What happens if the reports come out? What kind of skeletons are they hiding? More than this, what kind of users are they monitoring and will publishing this report hinder intelligence that works day and night to stop us from getting bombed?

For their part, recently haven't seen Ads boasting how much Apple cares about user data privacy.

This line from you is misleading and makes not sense given that not disclosing this detail is done as per the federal law. If I have to question, I would rather question US Federal government and any other government that prohibits Apple and other companies from disclosing such reports. But, I do not give rats ass as governments can get persons details one way or other.

 

[TEUser2K1]

> This line from you is misleading and makes not sense given that not disclosing this detail is done as per the federal law.

This is the quote from The Guardian, a reputed source, not mine:

"For years, Apple has carefully curated a reputation as a privacy stalwart among data-hungry and growth-seeking tech companies.
In multi-platform ad campaigns, the company told consumers that “what happens on your iPhone, stays on your iPhone,” and equated its products with security through slogans like “Privacy. That’s iPhone.
But experts say that while Apple sets the bar when it comes to hardware and in some cases software security, the company could do more to protect user data from landing in the hands of police and other authorities.”

 

[desiibond]

> This line from you is misleading and makes not sense given that not disclosing this detail is done as per the federal law.

This is the quote from The Guardian, a reputed source, not mine:

"For years, Apple has carefully curated a reputation as a privacy stalwart among data-hungry and growth-seeking tech companies.
In multi-platform ad campaigns, the company told consumers that “what happens on your iPhone, stays on your iPhone,” and equated its products with security through slogans like “Privacy. That’s iPhone.
But experts say that while Apple sets the bar when it comes to hardware and in some cases software security, the company could do more to protect user data from landing in the hands of police and other authorities.”

Those experts should understand how law works before giving their opinions. Apple can be a trillion dollar company but there is a limit to which they can resist these requests or orders.

 

[TEUser2K1]

> Those experts should understand how law works before giving their opinions.

It is not those experts those "carefully curated a reputation" that “what happens on your iPhone, stays on your iPhone,”, but Apple alone.

The point is, if they were / have to 'secretly' co-operate with authorities, they should have admitted the same, than propagating false info /ads about their products. Article was just pulling down them from their high horse and opened their holy shameful secret for public information, thats all. Average person should be thankful for getting perspective of truth, that blaming the messenger.

 

[desiibond]

> Those experts should understand how law works before giving their opinions.

It is not those experts those "carefully curated a reputation" that “what happens on your iPhone, stays on your iPhone,”, but Apple alone.

Again, you are conveniently getting confused between data shared to authorities and data sold to 3rd parties for profit. Google and Meta sells data to 3rd party as that is the only way they earn revenue. If you are saying misleading and biased things out of jealousy towards those who use Apple products, well, I respect freedom of speech.

The point is, if they were / have to 'secretly' co-operate with authorities, they should have admitted the same, than propagating false info /ads about their products. Article was just pulling down them from their high horse and opened their holy shameful secret for public information, thats all. Average person should be thankful for getting perspective of truth, that blaming the messenger.

You seem to have no understanding of how companies adhere to country-specific and regional laws. Let me give you another example. Blackberry had one of the strongest encryption systems and user data was stored on their servers and they did not have any server in India. GoI gave them an ultimatum to give Indian authorities access to their servers. This is because those who attacked Taj and other places in Mumbai were using RIM phones to avoid snooping. Instead, RIM enabled a module that will allow Indian authorities to scan the data (SMSs, internet usage, Emails etc) as RIM had no other choice. Either adhere to local laws or lose the license to sell devices in the country. They had to do the same in the Middle East to avoid losing access to those key markets. So, please do your homework before blaming Apple for sharing data with authorities.

 

[TEUser2K1]

> Google and Meta sells data to 3rd party as that is the only way they earn revenue.
The thing is, they are not denying it.

> If you are saying misleading and biased things out of jealousy towards those who use Apple products, well, I respect freedom of speech.
Eeew, so this is your problem, keep your iSnobbery thingies and thoughts with you dude (reminding other products John Ive designed lolz). You know, there are other people in this world who may be living normal life not having to wear their money and fake attitude on their sleeves.
As for affordability, I actually purchased few of these iWhiteElephants and gifted those to deserving pretentious hipsters (who whined about purchasing new s/w and accessories later, lolz), don't have time here to stupidly bend over backwards to use such devices. There was a time decades back when those were worth for graphic designing, audio processing, etc. now meh. Anyways...

> You seem to have no understanding of how companies adhere to country-specific and regional laws.
I know all these things dude, lived through those times.
Only difference is others in general didn't ideologize nor "carefully curated a reputation" faking all that, created walled gardens, selling iwastetrinket accessories to mint billons from naive plebs. When there were problems, mostly they admitted it.

 

[rsaeon]

I suspected this, since there was never any mention of encryption with notifications — only with message content and cloud storage. It's just one more thing to keep in mind if you're privacy focussed. Which I have increasingly become over the years — you can either not care and let things like this go or try to take control by making life a little bit more difficult for yourself. As a kid I used to stare at walls while the power was out during the monsoon season so it's not a new concept.

As a rule, I don't use any first party services other than the app store. No icloud, no gmail — I don't even have contacts, I memorize numbers like it's the 90s. The only contacts I have on my phone are Mamma and Daddy, which is a water tanker service and a vehicle towing service — and a Police helpline in case I get caught up in a gang war. I'm not even kidding:

 

[desiibond]

> Google and Meta sells data to 3rd party as that is the only way they earn revenue.
The thing is, they are not denying it.

Point is that Apple does not sell user data and that is what they are vocal about. Are you arguing just because you made a boo boo and don’t want to agree that it was a boo boo?

> If you are saying misleading and biased things out of jealousy towards those who use Apple products, well, I respect freedom of speech.
Eeew, so this is your problem, keep your iSnobbery thingies and thoughts with you dude (reminding other products John Ive designed lolz). You know, there are other people in this world who may be living normal life not having to wear their money and fake attitude on their sleeves.
As for affordability, I actually purchased few of these iWhiteElephants and gifted those to deserving pretentious hipsters (who whined about purchasing new s/w and accessories later, lolz), don't have time here to stupidly bend over backwards to use such devices. There was a time decades back when those were worth for graphic designing, audio processing, etc. now meh. Anyways...

Ah, so you are giving your expert opinion without owning an Apple product. I now understand why your views are so biased and clueless.
If you had used, you would have had basic idea of difference between notifications and APNs. Most notifications on iphone, even Android are local notifications generated by apps on phone. There are few notifications that come directly from the applications server through APNs. Most of these are ads. Notification does not have any useful information as the actual data is passed through encrypted channel when user clicks on notification. This data is tracked only when user gives permission to track. Trying to explain this so that you understand the kind of data that is passed through APNs and how data is accessed.

> You seem to have no understanding of how companies adhere to country-specific and regional laws.
I know all these things dude, lived through those times.
Only difference is others in general didn't ideologize nor "carefully curated a reputation" faking all that, created walled gardens, selling iwastetrinket accessories to mint billons from naive plebs.

you are just repeating same thing. Looks like you have nothing else to say other than saying that it was fake. Gave you RIM example, a company that was also absolutely vocal about safety and privacy. Told you that Apple made it clear that it was a gag order from government that made them keep quiet. But no, you just want to bash Apple. What do you gain by twisting news and spreading misinformation other than satisfying your ego?

When there were problems, mostly they admitted it.

ROFLMAO. Looks like you are so disconnected from the tech world that you have no clue about the things that 'they' do to sell ads or rather, to keep all ads to themselves.

Coming back to the legal nature of the requests.
Dig around and you will find every company be it phone maker or cloud storage or hosting company time and again share data with the authorities because they have no other option. This has nothing to do with their privacy and data security policy. Hope you try to understand this.

Will be glad to discuss further once you understand what all this is about. Until then, you will be going in circles shouting vague and misleading rants.

PS: I just don’t understand why some start salivating the moment they see some random clickbait news about Apple.

 

[kiran6680]

I don't even have contacts, I memorize numbers like it's the 90s

Great, a fellow nocontacter ! Yes, contacts are abused a lot by nearly all apps to find your connections. If someone gives their number to me, I think it is betrayal of their trust to upload that number to Google and advertise it to so many apps.

But you don't have to go to stone age. The app "OpenContacts" from F-droid stores contacts out of the main contact store, invokes telephone app for making outgoing calls, and overlays the incoming call screen with contact names - so we get some benefits of contacts without most of the drawbacks.

 

[desiibond]

I suspected this, since there was never any mention of encryption with notifications — only with message content and cloud storage. It's just one more thing to keep in mind if you're privacy focussed. Which I have increasingly become over the years — you can either not care and let things like this go or try to take control by making life a little bit more difficult for yourself. As a kid I used to stare at walls while the power was out during the monsoon season so it's not a new concept.

There is no user data in this world that governments cannot take from companies or directly by spying. The only data that these companies will not share is if that person is having certain status in corporate or political world and if there is no criminal case on that person.

As a rule, I don't use any first party services other than the app store. No icloud, no gmail — I don't even have contacts, I memorize numbers like it's the 90s. The only contacts I have on my phone are Mamma and Daddy, which is a water tanker service and a vehicle towing service — and a Police helpline in case I get caught up in a gang war. I'm not even kidding:

Man, this is some level of privacy. I will introduce you to another guy who is at same level. DM me.
while it is not possible to have this level of secrecy, your point of minimizing first party application use makes so much sense. I had to distribute my content amoung various services to avoid one service getting a hold on me. Stopped sharing personal photos and data on any social network as well. Was avid FB user once upon a time.

 

[ze_cook]

I suspected this, since there was never any mention of encryption with notifications — only with message content and cloud storage. It's just one more thing to keep in mind if you're privacy focussed. Which I have increasingly become over the years — you can either not care and let things like this go or try to take control by making life a little bit more difficult for yourself. As a kid I used to stare at walls while the power was out during the monsoon season so it's not a new concept.

As a rule, I don't use any first party services other than the app store. No icloud, no gmail — I don't even have contacts, I memorize numbers like it's the 90s. The only contacts I have on my phone are Mamma and Daddy, which is a water tanker service and a vehicle towing service — and a Police helpline in case I get caught up in a gang war. I'm not even kidding:

Modern operating system are a nightmare for privacy. I remember using cyanogen mod privacy guard, and it had granular privacy controls for apps, and you could deny an app certain permissions (contacts, for example). Denying an app a permission meant the app would just get blank data, instead of failing the API call to fetch the data. This imo was the best implementation of a privacy feature, as the app gets denied the permission transparently.

Attached is a photo of my mom's realme phone asking for phone permission, when trying to use camera. Why? And why is it a mandatory permission.

 

[desiibond]

Modern operating system are a nightmare for privacy. I remember using cyanogen mod privacy guard, and it had granular privacy controls for apps, and you could deny an app certain permissions (contacts, for example). Denying an app a permission meant the app would just get blank data, instead of failing the API call to fetch the data. This imo was the best implementation of a privacy feature, as the app gets denied the permission transparently.

Attached is a photo of my mom's realme phone asking for phone permission, when trying to use camera. Why? And why is it a mandatory permission.

It all started with ‘free’ and ‘at cost’ sale of apps and devices. To compensate, these apps and OEMs went for ads and once they got taste of money…..

 

[rsaeon]

But you don't have to go to stone age. The app "OpenContacts" from F-droid stores contacts out of the main contact store, invokes telephone app for making outgoing calls, and overlays the incoming call screen with contact names - so we get some benefits of contacts without most of the drawbacks.

Thanks for the app recommendation! For a while I used to use a text file with numbers before I took it upon myself to memorize numbers — it was like a mental game of sorts.

your point of minimizing first party application use makes so much sense.

I still have public/free accounts and such, but not for personal use:

• I have a gmail that's primarily for academia related correspondence (basically anything that has to do with my degree).
• Banking/tax/municipality/kyc related stuff is on outlook since I want those cordoned off.
• Backup/recovery emails for both are on Yahoo.

Using mainstream providers like these gives the appearance of having some kind of online presence (especially when crossing borders) but almost everything else (mostly social/shopping related) is with a private/paid email service.

Other things like Play Store, Maps and Google Pay each have their own accounts and I have iCloud which I use for app data syncing between Apple devices for mundane things like to do lists and calculations. Personal stuff like notes, photos and videos are only local synced through Syncthing. I do like Apple devices but for this kind of functionality (also for Leica/Zeiss colour science) my main phone has been Android for a few years now. At the same time, I haven't found anything more powerful than Apple's Shortcuts app for scripting and automation so I have two phones — second phone is an older model iPhone.

Attached is a photo of my mom's realme phone asking for phone permission, when trying to use camera. Why? And why is it a mandatory permission.

Back when we could still root phones (and not have any app incompatibilities), I remember swapping out nearly every default app with a third party one. These days it's just changing the launcher, gallery and SMS app.

 

[rootyme]

in case I get caught up in a gang war.

How often does this happen?

Back when we could still root phones (and not have any app incompatibilities), I remember swapping out nearly every default app with a third party one. These days it's just changing the launcher, gallery and SMS app.

Even better would be to nuke the stock ROM altogether unless you need something very specific.

 

[rsaeon]

How often does this happen?

It's hyperbole but India is changing.

I like long night drives in areas with a large green cover but those areas also attract uninhibited people.

 

[desiibond]

I still have public/free accounts and such, but not for personal use:

• I have a gmail that's primarily for academia related correspondence (basically anything that has to do with my degree).
• Banking/tax/municipality/kyc related stuff is on outlook since I want those cordoned off.
• Backup/recovery emails for both are on Yahoo.

Using mainstream providers like these gives the appearance of having some kind of online presence (especially when crossing borders) but almost everything else (mostly social/shopping related) is with a private/paid email service.

Had to move from single mail provide (gmail) for all to multiple mail providers. Gmail for all junk mail and really old services that I do not use anymore, private mail for sensitive services like banking, Outlook for app logins etc. Documents and other phone/macOS data goes to iCloud but all photos are stored locally and on a cloud service. People should understand that privacy settings and process is not a 1 or 0. One has to put in effort to mask companies from creating a detailed profile.

Other things like Play Store, Maps and Google Pay each have their own accounts

Won't help. Google also tracked based on IP address and location so they already have mapped your multiple accounts into one ID. Also, not saving contacts on phone does not really help anymore. Thanks to technologies like Graph Databases (https://en.wikipedia.org/wiki/Graph_database), companies like Google have already linked you to all your contacts.

and I have iCloud which I use for app data syncing between Apple devices for mundane things like to do lists and calculations. Personal stuff like notes, photos and videos are only local synced through Syncthing. I do like Apple devices but for this kind of functionality (also for Leica/Zeiss colour science) my main phone has been Android for a few years now. At the same time, I haven't found anything more powerful than Apple's Shortcuts app for scripting and automation so I have two phones — second phone is an older model iPhone.

I am yet to fully explore Shortcuts. I am actively using Focus Modes and I love the way I can combine it with shortcuts so that based on my location, phone's Focus Mode can change the way my Home Screen looks, notifications are controlled etc.

Back when we could still root phones (and not have any app incompatibilities), I remember swapping out nearly every default app with a third party one. These days it's just changing the launcher, gallery and SMS app.

Even if you change every default app, the modules built and packaged into the Andoird OS collects so much of data. Remember that controversy around App cleaners in some Chinese droids and how much data they were sending to China?

 

[TEUser2K1]

> Are you arguing just because you made a boo boo and don’t want to agree that it was a boo boo?

Dude, it is not me doing 'boo boo', it is boo boo from one of the most read technical websites on internet.
The problem with you is that, you are taking everything personally. For others, it is just a device to use for convenience, information related to it and business as usual.

Have posted a link about Intel, earlier about AMD, etc. I own several devices from them. So, posting article is blaming or taking anything against anyone personally. Not into fanboyism.

As for my usage of idevices, had a brief stint in advert business where media, video and audio content was involved, Apple was hit for such cases those times. Now, not so much. So, stop preaching.

> PS: I just don’t understand why some start salivating the moment they see some random clickbait news about Apple.

Vs. when you look you look in the mirror. lolz.

> Will be glad to discuss further once you understand what all this is about. Until then, you will be going in circles shouting vague and misleading rants.

I posted a widely discussed article from one of the most read websites here for member's info. The rest of snobbery (as for that the ceo and corpn which didn't have any Indian plans, now wanting to make it a business plan lolz.), salivating and ranting ensued from you and am finding this strangely funny. lolz. bye dude, as usual whatever floats your boat.