Your Push Notifications Aren't Safe From the FBI
The FBI can access push notification data from Apple, Google, and Microsoft servers without users knowing, according to a new WIRED security roundup. This matters because billions of people assume their phone alerts are private, and that assumption is wrong.
According to WIRED's security team, the weekly news roundup published this week covers a dense cluster of digital security threats, with the push notification surveillance story anchoring a broader set of warnings that include Iran-linked infrastructure attacks, record cryptocurrency theft figures, and Anthropic's controversial new Claude Mythos Preview model being quietly handed to a select group of tech giants.
Why This Matters
Push notifications touch every smartphone on the planet, and most users treat them as throwaway alerts with no privacy implications. That thinking is dangerously outdated. The FBI does not need to crack Signal or subpoena your texts if it can simply compel Apple or Google to hand over notification metadata, which reveals who you communicate with, how often, and from what device. This is the kind of structural surveillance gap that does not get patched with a software update.
Daily briefing from 50+ sources. Free, 5-minute read.
The Full Story
The core issue with push notifications comes down to architecture. When any app sends you an alert, that message does not travel directly from the app's server to your phone. It routes through a centralized relay operated by Apple, via its Push Notification Service, or Google, via Firebase Cloud Messaging. Those companies sit in the middle of every alert you receive, and they retain metadata about each one, including device identifiers, delivery timestamps, and sender information.
The problem is that this infrastructure was never designed with end-to-end encryption between sender and recipient. The notification is encrypted between your device and the notification provider, but the provider itself can read the contents and the metadata. That makes Apple and Google not just technology companies but de facto custodians of surveillance-ready communication logs that law enforcement can access through legal instruments like subpoenas or National Security Letters.
The WIRED roundup frames this within a week of unusually heavy government surveillance news. Iran-linked hackers were actively attacking US energy and water infrastructure targets, according to a US government warning issued this week. That attack campaign ran alongside negotiations between the US and Iran over a ceasefire, with President Donald Trump issuing threats during those talks. The overlap of offensive cyber operations and diplomatic negotiations is exactly the kind of environment that historically accelerates law enforcement demand for expanded digital access.
Anthropic's announcement of Claude Mythos Preview added another dimension to the surveillance conversation. The company is releasing the model exclusively to a consortium called Project Glasswing, which includes Apple, Microsoft, Google, and the Linux Foundation, a group of a few dozen leading tech and financial organizations in total. Mythos Preview is being positioned as a tool for exploring advanced hacking and cybersecurity capabilities, and the deliberate restriction to a small, vetted group is Anthropic's attempt to get ahead of what happens when those capabilities eventually spread to other models and reach attackers. Experts who spoke with WIRED were skeptical that this rollout would trigger a dramatic security catastrophe, but agreed that the early-access window is an opportunity for defenders to fundamentally change how software gets developed and patched.
Elsewhere in the roundup, cryptocurrency scams hit a record high for money stolen from Americans, though the specific dollar figure was not detailed in the available text. Iran's internet blackout crossed the 1,000-hour mark, a milestone that underscores how state actors are using connectivity as a control mechanism. And a separate WIRED investigation found that Telegram groups are being used by men to share thousands of nonconsensual images of women and girls, purchase spyware targeting spouses and friends, and coordinate doxing and sexual abuse campaigns.
The border security angle in the roundup is also striking. WIRED found that nonprofit organizations linked to Customs and Border Protection facilities were selling challenge coins celebrating the Trump administration's immigration raids. One of those coins depicted characters from Charlotte's Web dressed in riot gear.
Key Details
- Anthropic's Claude Mythos Preview is available to a consortium of a few dozen organizations, including Apple, Microsoft, Google, and the Linux Foundation.
- The Project Glasswing consortium is specifically tasked with assessing Mythos Preview's advanced hacking and cybersecurity capabilities.
- Iran's internet blackout reached the 1,000-hour mark this week.
- Nearly 1 in 5 people in Lebanon have been displaced by Israeli attacks, straining the country's emergency digital infrastructure.
- US political candidates have increased security spending this week, including purchases of home alarms and bulletproof vests, according to a separate WIRED investigation.
- Push notification systems from Apple and Google retain metadata including device identifiers, message delivery timestamps, and recipient information.
What's Next
The Project Glasswing rollout gives the participating organizations a narrow window to identify and patch vulnerabilities before Mythos Preview's capabilities spread to models with broader public access. Security researchers and privacy advocates will likely push for legislative action on push notification data access in the next congressional session, particularly as the FBI's use of notification metadata becomes more widely understood. Expect Apple and Google to face direct pressure from privacy groups to implement end-to-end encryption across their notification infrastructure within the next 12 to 18 months.
How This Compares
The push notification surveillance story is not new in the strictest sense, but its public profile is growing fast. In December 2023, Senator Ron Wyden first publicly disclosed that the FBI and foreign governments had been requesting push notification data from Apple and Google, forcing both companies to acknowledge that they receive such requests. That disclosure was a starting gun, not a finish line, and the fact that WIRED is anchoring a major weekly security roundup with this topic in 2025 suggests the issue has moved from niche researcher concern to mainstream threat.
Compare this to the broader FBI warnings about Chinese-developed apps like CapCut and Temu. Those warnings focused on data being collected and routed to servers where foreign governments could access it. The push notification story flips that concern domestically: the question is not whether China can see your data, but whether your own government can, and the answer appears to be yes, through infrastructure operated by companies most Americans trust completely.
The Anthropic Mythos Preview story also fits into a pattern of AI companies trying to control the disclosure of dangerous capabilities before they become public. OpenAI followed a similar strategy with GPT-4's system card, releasing safety benchmarks alongside the model to shape the narrative. Anthropic is going a step further by restricting access entirely to a vetted group. Whether that approach actually contains risk or simply delays it is the question the security community is actively debating. You can follow related AI news as that debate develops over the coming weeks.
FAQ
Q: Can the FBI really read my push notifications? A: The FBI can compel Apple and Google to hand over push notification metadata through legal processes like subpoenas or National Security Letters. That metadata includes device identifiers, timestamps, and in some cases notification content, because push notifications are not end-to-end encrypted between sender and recipient. The notification provider sits in the middle and can see what passes through.
Q: How do I protect myself from push notification surveillance? A: The most direct step is limiting which apps have notification permissions, since fewer apps sending notifications means less metadata generated. Using apps that implement their own end-to-end encrypted notification content, such as Signal, provides stronger protection. Checking guides on privacy tools can help you build a more complete defense strategy.
Q: What is Anthropic's Project Glasswing and why does it matter? A: Project Glasswing is a consortium of a few dozen major tech and financial organizations, including Apple, Microsoft, and Google, that Anthropic has granted early access to its Claude Mythos Preview model. The model has advanced hacking and cybersecurity capabilities that Anthropic wants evaluated and contained before those capabilities appear in less controlled AI systems. The goal is to use the early-access period to improve software defenses industry-wide.
The convergence of push notification surveillance, AI-powered hacking tools, and state-sponsored cyberattacks on US infrastructure in a single week is not a coincidence. It is a snapshot of how interconnected and fragile digital security has become. Paying attention to which companies hold your data, and who can legally compel them to share it, is now a basic requirement of digital life. Subscribe to the AI Agents Daily weekly newsletter for daily updates on AI agents, tools, and automation.
Get stories like this daily
Free briefing. Curated from 50+ sources. 5-minute read every morning.
