Governments around the world made more attempts than ever in 2024 to access data from iPhone push notifications. Despite the surge, Apple turned down a greater share of those requests compared with previous years.
In its latest transparency report, the company revealed that official requests linked to push notifications rose from 119 in early 2023 to 277 by the middle of 2024. But while the number of inquiries went up, the approval rate went the other way—dropping from 76 percent to just 59 percent. It’s the clearest sign yet that Apple is now more reluctant to hand over this type of user information, even as authorities increasingly rely on it.
When someone enables notifications for an app, Apple generates a small data link known as a push token. It connects the user’s Apple ID, their device, and the app itself. This token allows the app to send alerts, but it also opens a door to identifying details like names, email addresses, and home locations—data governments can request.
Apple said some countries did receive access to metadata and, in limited cases, unencrypted content delivered through its Push Notification service. That last part is key: if an app doesn’t encrypt the alerts it sends, law enforcement may be able to read the actual content of the message, not just the technical metadata surrounding it.
The existence of this backchannel came to light in 2023, when a U.S. senator disclosed that both Apple and Google had been legally compelled to hand over push notification data. Privacy experts warned at the time that even apps designed for secrecy—such as Signal—could unintentionally expose sensitive information if their alerts were not encrypted end to end.
Apple explained that it doesn’t decrypt push notifications itself, but acts as the delivery system. Whether the message remains private depends on how each app is built. This subtle detail, buried in the company’s report, has significant implications for users who assume their messages are always protected.
The data also reveals which countries are most active. Between July and December 2023, the United States submitted 99 separate requests covering more than 300 push tokens. Apple responded to 65. The United Kingdom was more successful, submitting 123 and receiving data in 111 cases. Other countries including Germany, France, the Netherlands, and Singapore also filed requests, but many of them were declined.
One of the most unusual came from Israel, which asked for data covering 694 push tokens in a single request. Apple turned it down. While the report doesn’t say what that request involved, the size suggests it may have been a sweeping search tied to national security or surveillance efforts. No further details were released.
In the first half of 2024, the pattern shifted again. The U.S. received information in only 36 cases. While the UK still saw many of its requests approved, the overall global approval rate dropped sharply to 28 percent.
The change appears to follow a quiet policy update inside Apple. As of December 2023, the company now requires a judge’s sign-off before any push data is released. Previously, a simple subpoena would often do. This stricter rule mirrors Apple’s broader privacy campaign, which in recent years has included features like App Tracking Transparency and Mail Privacy Protection.
Even so, push notifications remain a blind spot. Most users are unaware that these alerts, which often seem harmless, can include sensitive personal information and are stored by Apple as part of its infrastructure. In its report, the company said its goal is to inform users and to insist on proper legal steps before data is handed over.
For those concerned, there are ways to limit exposure. Turning off notifications for apps that don’t need them reduces the number of push tokens generated. To stop message content from appearing on the lock screen, users can adjust preview settings to show messages only when the phone is unlocked—or not at all.
It’s a reminder that while Apple has added more tools to protect privacy, some parts of the system still leave users exposed in ways they may not expect.
Read next: WhatsApp to Let Users Build Custom AI Assistants Without Coding
In its latest transparency report, the company revealed that official requests linked to push notifications rose from 119 in early 2023 to 277 by the middle of 2024. But while the number of inquiries went up, the approval rate went the other way—dropping from 76 percent to just 59 percent. It’s the clearest sign yet that Apple is now more reluctant to hand over this type of user information, even as authorities increasingly rely on it.
When someone enables notifications for an app, Apple generates a small data link known as a push token. It connects the user’s Apple ID, their device, and the app itself. This token allows the app to send alerts, but it also opens a door to identifying details like names, email addresses, and home locations—data governments can request.
Apple said some countries did receive access to metadata and, in limited cases, unencrypted content delivered through its Push Notification service. That last part is key: if an app doesn’t encrypt the alerts it sends, law enforcement may be able to read the actual content of the message, not just the technical metadata surrounding it.
The existence of this backchannel came to light in 2023, when a U.S. senator disclosed that both Apple and Google had been legally compelled to hand over push notification data. Privacy experts warned at the time that even apps designed for secrecy—such as Signal—could unintentionally expose sensitive information if their alerts were not encrypted end to end.
Apple explained that it doesn’t decrypt push notifications itself, but acts as the delivery system. Whether the message remains private depends on how each app is built. This subtle detail, buried in the company’s report, has significant implications for users who assume their messages are always protected.
The data also reveals which countries are most active. Between July and December 2023, the United States submitted 99 separate requests covering more than 300 push tokens. Apple responded to 65. The United Kingdom was more successful, submitting 123 and receiving data in 111 cases. Other countries including Germany, France, the Netherlands, and Singapore also filed requests, but many of them were declined.
One of the most unusual came from Israel, which asked for data covering 694 push tokens in a single request. Apple turned it down. While the report doesn’t say what that request involved, the size suggests it may have been a sweeping search tied to national security or surveillance efforts. No further details were released.
In the first half of 2024, the pattern shifted again. The U.S. received information in only 36 cases. While the UK still saw many of its requests approved, the overall global approval rate dropped sharply to 28 percent.
The change appears to follow a quiet policy update inside Apple. As of December 2023, the company now requires a judge’s sign-off before any push data is released. Previously, a simple subpoena would often do. This stricter rule mirrors Apple’s broader privacy campaign, which in recent years has included features like App Tracking Transparency and Mail Privacy Protection.
Even so, push notifications remain a blind spot. Most users are unaware that these alerts, which often seem harmless, can include sensitive personal information and are stored by Apple as part of its infrastructure. In its report, the company said its goal is to inform users and to insist on proper legal steps before data is handed over.
For those concerned, there are ways to limit exposure. Turning off notifications for apps that don’t need them reduces the number of push tokens generated. To stop message content from appearing on the lock screen, users can adjust preview settings to show messages only when the phone is unlocked—or not at all.
It’s a reminder that while Apple has added more tools to protect privacy, some parts of the system still leave users exposed in ways they may not expect.
Read next: WhatsApp to Let Users Build Custom AI Assistants Without Coding
