For the first time, Apple has published concrete figures on government requests for so-called push tokens. This provides a small insight into which countries are interested in such data – and to what extent. The interest of law enforcement and other authorities in push tokens is therefore growing: In the second half of 2022, Apple logged 70 requests worldwide; in the first half of 2024, the figure was already 277. More recent figures are not available. Individual requests are often aimed at a larger number of push tokens.
Requests almost exclusively from North America and Western Europe
In the period from mid-2022 to mid-2024, most requests were made by authorities from the USA, followed by the UK and – with a clear lead from – Germany. There were also requests from Canada, France, Poland, the Netherlands and Israel. Singapore is the only Asian country on the list. Apple states that it does not automatically disclose data, but according to the figures, around 60 to 80 percent of requests are ultimately successful. In the other cases, Apple apparently does not provide any information.
The requests are “usually” aimed at obtaining data about the Apple account linked to a push token, Apple explains. This includes the user’s name, place of residence and email address. Law enforcement officers may therefore be able to assign a specific Messenger ID to a specific user.
A push token is assigned to each iPhone app that is allowed to receive messages. The messages are sent via Apple’s push notification service (APN). In addition to the metadata of who communicates with whom and when, it is also possible to record content that is transmitted in plain text. Apple does not provide a detailed breakdown of the specific data released to the authorities. With crypto messengers, messages are usually encrypted or instruct the app to only display them locally.
With Android, push notifications work in the same way, except that the messages are sent via Google’s servers. However, apps can also offer their own solutions here without using Google’s push service.
Requests for push tokens remained hidden for a long time
According to a report by Netzpolitik.org, US Senator Ron Wyden drew attention to the practice at the end of 2023, meaning that companies such as Apple are now allowed to disclose figures. Previously, these were “hidden” in the requests for iCloud accounts or Apple devices in the transparency report. This report also breaks down every six months which other government requests were made to Apple for user data.
(lbe)
