Privacy is already a vital aspect for all smartphone users, whether iPhones or Android; and both Apple and Google base a good part of their marketing on boasting advanced methods to hide and encrypt our personal information. Apple has been especially harsh in criticizing Google for considering Android a “mass tracking device . ”
However, at the same time, both companies have been offering governments an easy and simple method of accessing user data for an indeterminate amount of time, possibly years ; and they have not confessed it, or rather, they have not been able to confess it, until now.
In just a few hours, the technological world has entered into crisis, and the consequences of this revelation will probably be felt for years; because from now on, many people will think twice when a technology company assures them that their data is safe and that no one can see it.
Mobile users spied on
The revelation has come in the form of a public letter written by US Senator Ron Wyden, addressed to the US Department of Justice, according to Reuters . In the letter, Wyden assures that governments of other countries are asking for user data from Alphabet (Google’s parent company) and Apple; although it was later confirmed that the US government also makes these requests. Until then, nothing that had not already been known; The interesting thing is that Wyden, whether intentionally or unintentionally, has confirmed how this data leak occurs: through push notifications from the apps .
When an app wants to show a push notification, it cannot simply write the text or display the image directly on the mobile screen; First, you have to take certain steps and use the methodology approved by Apple and Google . And something that many iPhone and Android users do not know is that many of the notifications they receive on their mobile have previously passed through Apple and Google servers.
Push notifications are also used on wearables (the red dot) Manuel Ramirez The Free Android
Both iOS and Android use a notification system that requires the app to first send a message to an external server with the content of the notification, which in turn will send the notice to our mobile. Although there are methods for the app developer to use their own notification server on Android, for most projects that is too much of an investment and work and they prefer to use the Google platform.
Therefore, this implies that all the information that the apps want to transmit to their users is accessible by Apple and Google, and in turn, that is the great ‘weak point’ in terms of cybersecurity. Once the information is on the company’s server, it is subject to the security and privacy laws of each country. Both companies may be forced to hand over notification information , which may include personal or private data, if they receive a court order or in some countries, a simple request from the police; Not only that, but they are also obliged to remain silent and not inform users of this type of access.
Notifications are one of the oldest features of iOS and Android
Both Apple and Google have confirmed that this is the case, following the publication of Senator Wyden’s letter ; although they have only been able to confirm the existence of this data access method, without being able to clarify if it has been used or which countries have requested access.
Apple has explained that the US government prohibited them from discussing this method of accessing user data, and has already modified its terms of use to indicate that notifications may be among the data that Apple can deliver to the police and other state security forces. For its part, Google has shared Wyden’s desire for greater transparency that allows them to inform users about these types of requests. However, the Justice Department has not yet responded to Wyden’s letter.
On the other hand, neither of the two technological giants has dared to criticize this method, or to suggest a change in the laws that allow it; perhaps because they both benefit from the large amount of information about their users that passes through their servers. The big question is whether this will change in future versions of iOS and Android, and everything will depend on the traction this scandal gains.
