Al Mayadeen English

  • Ar
  • Es
  • x
Al Mayadeen English

Slogan

  • News
    • Politics
    • Economy
    • Sports
    • Arts&Culture
    • Health
    • Miscellaneous
    • Technology
    • Environment
  • Articles
    • Opinion
    • Analysis
    • Blog
    • Features
  • Videos
    • NewsFeed
    • Video Features
    • Explainers
    • TV
    • Digital Series
  • Infographs
  • In Pictures
  • • LIVE
News
  • Politics
  • Economy
  • Sports
  • Arts&Culture
  • Health
  • Miscellaneous
  • Technology
  • Environment
Articles
  • Opinion
  • Analysis
  • Blog
  • Features
Videos
  • NewsFeed
  • Video Features
  • Explainers
  • TV
  • Digital Series
Infographs
In Pictures
  • Africa
  • Asia
  • Asia-Pacific
  • Europe
  • Latin America
  • MENA
  • Palestine
  • US & Canada
BREAKING
Iranian Foreign Minister Abbas Araghchi: We are neither in a hurry nor stalling, and the results of the current negotiations will become evident once the rights of the Iranian people are secured
Iranian Foreign Minister Abbas Araghchi: We are negotiating with patience and composure, and we will not relinquish the rights of the Iranian people, including the right to enrichment
Brigadier General Saree: Operation achieved its objective successfully, forcing millions to flee to shelters, and halted air traffic at the airport.
YAF spox Yahya Saree: Yemeni Missile Force executed military operation targeting Ben Gurion airport with hypersonic ballistic missile.
Israeli media: Traffic halted in Ben Gurion following launch of Yemeni missile
Israeli media: Sirens sound in al-Quds, surrounding areas.
Al-Qassam Brigades: Our fighters spotted enemy helicopters landing to evacuate their troops and swiftly carried out a coordinated operation against the occupying forces entrenched in a house in al-Qarara
Al-Qassam Brigades: We detonated a tunnel entrance where several enemy soldiers had gathered in the town of al-Qarara and engaged them with light weapons
Al-Qassam Brigades: We struck an enemy force, causing casualties and injuries, by detonating a heavy explosive device in a house in the town of al-Qarara, south of the Gaza Strip
Brigadier General Kioumars Heydari, Commander of Iran’s Army Ground Forces, warned: Any act of aggression against Iran will result in the destruction of its origin and perpetrators

‘Push’ notifications: A secret spying frontier

  • Kit Klarenberg Kit Klarenberg
  • Source: Al Mayadeen English
  • 10 Dec 2023 15:39
  • 12 Shares
9 Min Read

In this piece, Kit Klarenberg provides valuable insight into how push notifications are being used by governments to spy on users.

  • x
  • A surveillance request known as a “pen register” compels WhatsApp to provide the FBI with the source and destination of a user’s messages every 15 minutes. (Al Mayadeen English; Illustrated by Zainab ElHajj)
    A surveillance request known as a “pen register” compels WhatsApp to provide the FBI with the source and destination of a user’s messages every 15 minutes. (Al Mayadeen English; Illustrated by Zainab ElHajj)

On December 6, US Senator Ron Wyden dispatched a strongly-worded letter to the Department of Justice (DOJ). He urged officials to “permit Apple and Google to inform their customers and the general public” about demands for “push” notification data, from “government agencies in foreign countries.”

In the spring of 2022, Wyden’s office “received a tip” that major tech firms were handing over data related to these communications upon request from state entities. His staff have been investigating the issue ever since, although Apple and Google stonewalled their approaches, as “information about this practice is restricted from public release,” by direct US government order.

Push notifications are clickable, attention-grabbing pop-up messages that appear on users’ smartphones and internet browsers. In recent years, popular apps and websites - in particular those of mainstream media outlets - have ever-more widely encouraged users to permit these notifications on their devices and browsers. While a convenient means of remaining constantly updated about news developments, or public and private social media communications, their method of transmission creates a little-considered but extremely serious vulnerability, gravely threatening individual user privacy.

These notifications aren’t dispatched directly from an app to users. Instead, a device’s operating system serves as an intermediary, receiving the information and then passing it on through its internal processing system. Along the way, the data contained within is harvested by the processor. All app stores - including those provided by Amazon and Microsoft - have in-house systems of this kind. App developers have no choice but to utilise them if they wish to offer users push notifications.

This is of enormous concern, given tech giants can be compelled to hand over this information without notifying users through a variety of means. For example, buried at the bottom of Apple’s official “legal process guidelines”, which sets out how the company cooperates with US government and law enforcement agencies, it is acknowledged:

“When users allow an application they have installed to receive push notifications, an Apple Push Notification Service (APNs) token is generated and registered to that developer and device. Some apps may have multiple APNs tokens for one account on one device to differentiate between messages and multimedia. The Apple ID associated with a registered APNs token may be obtained with a subpoena or greater legal process.”

Wyden’s letter concludes on a forceful note. He calls for the Justice Department to allow Apple and Google “to be transparent about the legal demands they receive, particularly from foreign governments, just as the companies regularly notify users about other types of government demands for data”:

“These companies should be permitted to generally reveal whether they have been compelled to facilitate this surveillance practice, to publish aggregate statistics about the number of demands they receive, and unless temporarily gagged by a court, to notify specific customers about demands for their data. I would ask the DOJ to repeal or modify any policies that impede this transparency.”

‘The Payload’

Given the wealth of sensitive intelligence on users produced by push notifications, it is unsurprising the US government and major tech firms alike are wary of discussing the matter candidly. Contained within these updates is extensive metadata, detailing which app received a notification and when, as well as the device and associated app store account to which the notification was delivered.

Moreover, push notification data can contain the content of texts sent via popular encrypted messaging apps - including the allegedly impenetrable Signal and Telegram - and private communications dispatched on Facebook, Instagram, Twitter, and other popular social networks. The nature of the “tipoff” received by Wyden’s office isn’t stated. Nonetheless, it is evident from a February 2021 search warrant application submitted by an FBI operative to a Washington, DC court that the import of this data has long been well-understood by US intelligence.

Related News

Signal facing collapse after CIA cuts funding

The Bureau special agent requested a court order for access to extensive information related to two Facebook accounts, operated by an individual allegedly embroiled in the January 6, 2021, Capitol invasion, from the social network’s parent company Meta. This included “unique application numbers and push notification tokens” associated with the accounts. 

This information was of particular interest, the FBI special agent wrote, “based on my training and experience,” strongly suggesting Bureau apparatchiks are specifically tutored in exploiting this data in investigations, and officially encouraged to seek it out. The operative went on to note that when providers send push notifications to a device, this includes both a “push token” and “the payload associated with the notification (i.e., the substance of what needs to be sent by the application to the device)”:

“To ensure this process works, push tokens associated with a subscriber’s account are stored on the provider’s server(s). Accordingly, the computers of [Facebook] are likely to contain useful information that may help to identify the specific device(s) used by a particular subscriber to access the subscriber’s [Facebook] account via the mobile application.”

After this information was secured, the FBI special agent expected to unearth other “identifiers” tying suspects to particular devices, including their unique application numbers, smartphone models and serials, operating systems, network providers, telephone numbers, and much, much more. All this information could “constitute evidence of the crimes under investigation,” identifying Facebook accounts “created or accessed” by the same devices, “likely belonging” to the same users, and potentially linked to digital devices seized from the suspects.

‘Delivery Delays’

An alleged US government-enforced gag order on the provision of push notification data to state agencies can only cast significant doubt on the publicly avowed positions of tech giants on user privacy. In recent years, due to overwhelming concerns about the security of sensitive user data, leaders of the sector have made significant pledges to protect information stored on their platforms from both malign actors, and the prying eyes of states.

In September 2021, Apple’s CEO Tim Cook boldly declared that he believed “privacy is a basic human right,” and “one of the most consequential issues of our time.” He boasted of how his app store had implemented a privacy “nutrition label” system, outlining to users what information apps collect on them, and why:

“We’re all about giving the user transparency and control…It sounds simple, but it’s a profound change. We’re working for the user. It’s not about a marketing slogan or a way to sell things. It’s a core value of ours.”

Not long after, however, a sensitive FBI document released under freedom of information laws amply exposed such lofty principles to be very much “marketing slogans”. The file spelled out in concise yet shocking detail the FBI’s ability to secure messaging app content and associated metadata via warrants and subpoenas. Apple’s iMessage and WhatsApp were, markedly, the most forthcoming to approaches from US authorities.

Dated January 7, 2021, and prepared by the FBI’s Science and Technology Branch and Operational Technology Division, it lists a number of popular messaging apps, the methods by which information can be extracted from them, and what data can be secured by investigators. The file notes that a subpoena submitted to WhatsApp’s owner Meta delivers “basic” user records, a court order “information like blocked users,” and a search warrant “address book contacts and WhatsApp users” who have the “target” saved as a contact.

A surveillance request known as a “pen register” compels WhatsApp to provide the FBI with the source and destination of a user’s messages every 15 minutes. The actual content apparently won’t be disclosed. Although, even without access to messages themselves, knowing who has been texting who, and when, is still highly revealing. For example, this data could be crucial in identifying who within an organisation has been leaking information to journalists.

WhatsApp messages can in any event be accessed by the FBI if an iPhone user has enabled iCloud backups. Apple turns over iCloud encryption keys in response to FBI warrants as a matter of policy, which unlocks iMessage content. Data requests filed under 18 US Code § 2703 turn up “25 days of iMessage lookups to and from a target number.” 

Meanwhile, WhatsApp is the only messaging platform listed that offers the Bureau close-to real-time disclosure of data. The guide, no doubt with some chagrin, records how the slow pace with which other apps provide information “may impact investigations due to delivery delays.”

By contrast, investigators can access little information on users of Signal, except the date and time a user registered, and the last time they were active on the app. Telegram’s strict policy of not cooperating with court orders, apart from in the context of “confirmed terrorist investigations,” when the app may disclose IP addresses and phone numbers to relevant authorities, is also noted.

Push notifications offer a significantly more intimate trove, for ready access by security and intelligence agencies the world over. Mercifully, for the time being at least, it is an individual’s discretion whether they ‘opt in’ for these updates. The vast profusion of apps and websites that today relentlessly bombard visitors and users with invitations to do so tends to suggest the option may cease to exist outright, should Wyden’s disclosures provoke sufficient controversy.

The opinions mentioned in this article do not necessarily reflect the opinion of Al mayadeen, but rather express the opinion of its writer exclusively.
  • Signal
  • Facebook
  • Whatsapp
  • technology
  • spying
  • Apple
  • Telegram
  • Meta
Kit Klarenberg

Kit Klarenberg

Investigative journalist.

Most Read

All
Although the background information does not indicate direct US involvement, considering the broader geopolitical context, it is plausible that the US would have an indirect impact. (Al Mayadeen English; Illustrated by Zeinab El-Hajj)

Did 'Israel', US fight a proxy war with China in South Asia during the India-Pakistan escalation?

  • Feature
  • 19 May 2025
It is clear that the Israeli project in Syria is not over and that Tel Aviv seeks to use what it sees as a historic opportunity to divide the country and achieve “Greater Israel”. (Al Mayadeen English; Illustrated by Zeinab El-Hajj)

The Israeli Syria Dilemma

  • Opinion
  • 15 May 2025
Starmer’s rapid, ruthless rise to power strongly suggests he was groomed and protected by Britain’s deep state every step of the way. (Al Mayadeen English; Illustrated by Batoul Chamas)

British intelligence: A law unto themselves

  • Opinion
  • 14 May 2025
The spirit of Bandung: 70 years on

The spirit of Bandung: 70 years on

  • Opinion
  • 18 May 2025

Coverage

All
The Ummah's Martyrs

More from this writer

All
Eurovision: NATO Psychological Warfare Tool

Eurovision: NATO Psychological Warfare Tool

Starmer’s rapid, ruthless rise to power strongly suggests he was groomed and protected by Britain’s deep state every step of the way. (Al Mayadeen English; Illustrated by Batoul Chamas)

British intelligence: A law unto themselves

Throughout Operation Prosperity Guardian, current and former US military and intelligence officials expressed disquiet at the enormous “cost offset” involved in battling Ansar Allah. (Al Mayadeen English; Illustrated by Zeinab El-Hajj)

Ansar Allah triumphant: US facing Red Sea defeat again

Did Ukrainian Intel Attempt Trump Assassination?

Did Ukrainian Intel Attempt Trump Assassination?

Al Mayadeen English

Al Mayadeen is an Arab Independent Media Satellite Channel.

All Rights Reserved

  • x
  • Privacy Policy
  • About Us
  • Contact Us
  • Authors
Android
iOS