Apple Push Notifications and Privacy

[periscopesf]

I've been reading up extensively on APNS, and was curious if anyone is familiar with Apple's stance on server-side logging. In order to allow for push notifications, each device (such as an iPhone) "establishes an accredited and encrypted IP connection with the service and receives notifications over this persistent connection."

Source: https://developer.apple.com/library...otificationsPG/Chapters/ApplePushService.html

This essentially means that Apple tracks every single IP address that a user's phone is connected to at any time including wifi hotspots, and will initiate an automatic connection with its servers when the user enters his/her own home, even when that user is not actually using his/her phone. While I understand this process is essential to allowing for push based notifications, my question is for how long does Apple keep this log data?

(They claim to not log the content of notifications including iMessage here: http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf However, I'm interested in the logging of the metadata associated with those notifications.)

 

[Just_Me_D]

I do know the answer to your question and I can't say what it is that is actually logged. Sorry.

 

[periscopesf]

I do know the answer to your question and I can't say what it is that is actually logged. Sorry.

Yeah it's kind of an interesting situation. I haven't been able to find any sort of information addressing this question anywhere in spite of reading all of Apple's documentation. There has been quite a bit of concern with regard to unique identifiers in pretty much every other realm, including historical IP address information for mobile carriers (Which Telecoms Store Your Data the Longest? Secret Memo Tells All | Threat Level | WIRED) and when Chrome users protested Google's persistent browser cookie awhile back (Google to strip unique client ID from future Google Chrome installs).

I realize that Apple identifies itself as "not in the data collection business." However, as Apple has already sold 500 million iPhones (Without Much Fanfare, Apple Has Sold Its 500 Millionth iPhone - Forbes), it has a substantial user base. Push notifications represent an "always on" connection with Apple's servers. It's important that people know if their phone IPs are being sent on a real time basis to Apple, and how long that history is being kept for. If it's for awhile, then it's a pretty trivial task to figure out the actual user doing any browsing on a mobile device either via LTE or wifi without having to query the wireless carrier.

If you do know the answer to that question, is there any clue you could give us, such as "definitely less than six months?" Either way, thanks for posting and for any information you can offer.