.png)
What are push notifications?
Unlike regular notifications that pop up when an app is open, push notifications are only sent when an app is closed. When an “event” — something the app wants to tell you about — happens, it sends data to Google and Apple’s servers, which then sends it to your phone to wake the app up.
Why are they a security issue?
It’s up to developers whether or not they encrypt push notification data, which is left behind on Google and Apple servers. Last week, U.S. Senator Ron Wyden said he got a tip that foreign governments had been pushing the companies to share that data, suggesting it was for surveillance purposes.
How much can push notifications actually reveal?
When pieced together, a surprising amount. Think of how often map, ride sharing, and delivery apps send you notifications about where you are, which could be used to see a pattern of behaviour or determine which places you frequent. They could also be used to link users of otherwise anonymous messaging apps to specific Google or Apple accounts.
How worried should I be?
Apple updated its law enforcement guidelines to state that it will only turn push notification data over if ordered to by a judge, bringing its policy in line with Google’s, so that data isn’t likely to be revealed or turned over to foreign governments unless you’re the subject of an investigation. However, even though it’s secure, Google and Apple still have all this information stored away somewhere, so it’s up to you how to feel about that.