Apple and Google had been told to keep the practice secret until Sen. Ron Wyden revealed it in a letter Wednesday.

  • girlfreddy
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    Apps use push notifications to buzz users’ phones or tablets with updates on new messages or alerts. When a user enables push notifications, Apple and Google create a small bit of data, known as a token, that links their device to the account information they’ve given the companies, such as name and email address.

    In his letter, Wyden said the federal government had started demanding records on those tokens from Apple and Google because those companies operate as a “digital post office” for relaying the notifications. The tokens could reveal details about who a person is communicating with over a messaging or gaming app, what times they talk and, in some cases, the text of any message displayed in the notification.

    Depending on how users have set up their push notifications, the token data could also potentially expose limited information about anyone who had exchanged emails, texts or social media messages with someone that federal investigators have pursued.

    Never use push notifications people.

    • akilou
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      What’s a push notification? Is it a notification? If so, it’s impossible to use a phone without them. How am I supposed to know that I’m getting a message, it’s my turn in a game, etc?

      • SheeEttin@lemm.ee
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        It’s any notification not generated locally. Your phone maintains a persistent, continuous connection to the notification service, which is provided by Google or Apple. When there’s a notification, they push it down the pipe to your device.

        This is opposed to regular “pull”, where the device opens a new connection every so often to poll the server and ask “hey you got any new messages for me?”

        There’s really no easy way to tell whether a notification is pushed or pulled. Even if you turn off notifications entirely, the connection is probably still present so that your app still receives data about new email, your turn to play, etc.

        (And on the other hand, promotional notifications, like ones that remind you to play a game, or order something on Doordash, are probably on a recurring local timer, not pushed down ad-hoc each time.)

    • amzd@kbin.social
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      the token data could also potentially expose limited information about anyone who had exchanged emails

      I assume if the gov can use the digital post office argument on push notifications they can also do that on your email directly? So it wouldn’t change anything if you have notifications for that right?

    • Maeve@kbin.social
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Thank you for that. Wapp spams tf out of you if you sign up for eligible free articles.