Years ago, I worked for a company that provided phone location for emergency services (fire, police, medical) to the big 3 cellular companies in the US. It required cell providers to install special hardware; back then, GPS was less ubiquitous, but it (still) suffers from accuracy in urban environments; it doesn’t take much to block GPS signals. Also, you don’t need access to anything more than the service provider’s logs to do trilateration; it’s harder to get GPS data from a phone without having software on the phone. In any case, Google pioneered getting around that by mapping wifi signals and supplementing poor GPS with trilateration, and it was good enough. Even back then, our lunch was being eaten by the cost of our systems, and work-arounds like wifi mapping.
Anyway, fast forward a decade and I’m working for a company that provides emergency support for customers who are traveling, and we’re looking at ways to locate customers’ business phones to provide relevant notifications. One of the issues was that there are places in the world where data connections are not great, and it was not acceptable for us to just ignore clients without data connections. One of the things we explored was called zero-length SMS. It’s what it sounds like: an SMS message with zero-length does not alert the phone, but it does cause a ping to the phone. It was an idea that didn’t pan out, but that’s not relevant.
Cell phones have a lot of power-saving algorithms that try to reduce the amount of chatter – both to reduce load on cell towers, but because all that cellular traffic is battery-intensive. So, if you’re a government trying to track a phone, and you’re working with a cell provider, and you don’t have a backdoor in the phone, then you will be able to see which cell tower the phone last spoke with, but that probably won’t give you very good location data and it may not update frequently. This is especially true in rural environments, where there’s low density and a single cell tower might have a service radius of 3 miles – that’s a lot of area.
If you’re tracking someone by phone, a normal cell connection may not be granular enough. Sending SMSes to a phone can force the phone to ping the tower and give you more data points about where the phone may be, how it’s moving, and so on.If you’re lucky, you can get pings from multiple towers, which might allow you to trilaterate to within a dozen meters.
Push notifications use data, but I wouldn’t be surprised if there’s some of that going on, too. It says “through Apple and Google’s servers” which means they’re talking about the push notification servers and not the phones. Android phones are constantly sending telemetry back to Google, so if that is what they’re doing sending push notifications is probably more useful to them for Apple phones.
The article is light on details, but that’d be my guess. Forcing traffic to get more frequent cell tower pings and more data points for trilateration.
Just been reading up on this, they’re basically using the push device ID to see when certain devices are receiving data and from what apps. It sounds like more work than its worth, but it’s clearly something that’s being used widely.
That makes sense, too. So it’s not that they’re using push notifications, but the server data.
Yup
I can think of one government that definitely surveils data that goes through Google servers.
This is why I have always said you shouldn’t trust Apple. They have absolute power over you.
Did you read the article? It says the federal government compelled Apple to comply and gave them a gag order.
You can de-Google an Android phone with a custom ROM and have a phone that you have control over and know nobody is spying on you by running a firewall on the phone.
Can’t do that on an Apple.
Actually, you can, with Lockdown for iOS or Lulu for macOS. There are other alternatives available, these are just a pair of FOSS examples. You can totally block *.apple.com if you really want to.
It’s not quite the same though. With a custom android ROM, you can be pretty confident that everything kernel-and-up is not spying on you. On iOS and macOS, you don’t have the same level of verifiability, as the OS could just circumvent any VPN/firewall you might have configured. They might pinky promise not to, but without running another external firewall it’s not really verifiable.
Which means Apple can’t be trusted. My data stays local.
deleted by creator
As the article says, Apple and Google both do it. Apple disclosed it, Google did not.
How is your conclusion ‘I don’t trust Apple’?