![Saints Row IV [sriv_legacy] by Deep Silver](https://www.gameindustry.eu/images/cover_h/206420_library_600x900.jpg)
Surveillance of Push-messages and Google Firebase
Push notifications are smartphone alerts from apps that run through intermediary gateways (such as Google's Firebase Cloud Messaging and Apple's Push Notification Service).
Push messages are essential components of programs on smartphones, and app developers use these gateways, providing tech giants with insights into the usage behavior of their customers. This facilitates governments in monitoring individuals through data requests. Connections to these services become active as soon as an application is launched on a mobile device. They communicate with Google or Apple servers and often remain active throughout the entire usage period.
These requests aim to link users with specific accounts or devices by accessing data, including unencrypted notification content sent through intermediary gateways such as Google's Firebase Cloud Messaging. This method of data collection can link devices to Apple or Google accounts.
The Firebase platform is exploited by cybercriminals and malicious actors.
For example, the DoNot Team APT ( known for developing Android malware), used Firebase messages to control compromised devices and send URLs for downloading payloads. This approach allowed the attackers to maintain control over malware on a device, even if the command-and-control server was shut down.
Security researchers have found that exposed Google Firebase databases are often discoverable through many search engines (although not through Google's own search engine).
These cloud databases, if misconfigured, lack proper authentication or access controls and are accessible to anyone wanting to access and copy the data. Vulnerabilities have led to instances where personal information, including passwords and health information, and other data were left unprotected. Google has been repeatedly criticized for lack of transparency and for not responding adequately to the issue.
There is no official statement from the Department of Justice.
Firebase Cloud Messaging (FCM) by Google
Apple's Push Notification Service (APNs)
The hosts files offered on these pages have long blocked Firebase services. Regardless of government surveillance, Firebase services are equipped with analytics and trackers, as illustrated in the following example with Google Analytics V4.
Governments spying Apple and Googleusers
Wyden seeks answers from Justice
Push messages are essential components of programs on smartphones, and app developers use these gateways, providing tech giants with insights into the usage behavior of their customers. This facilitates governments in monitoring individuals through data requests. Connections to these services become active as soon as an application is launched on a mobile device. They communicate with Google or Apple servers and often remain active throughout the entire usage period.
These requests aim to link users with specific accounts or devices by accessing data, including unencrypted notification content sent through intermediary gateways such as Google's Firebase Cloud Messaging. This method of data collection can link devices to Apple or Google accounts.
Malware and Cybersecurity Threats
The Firebase platform is exploited by cybercriminals and malicious actors.
For example, the DoNot Team APT ( known for developing Android malware), used Firebase messages to control compromised devices and send URLs for downloading payloads. This approach allowed the attackers to maintain control over malware on a device, even if the command-and-control server was shut down.
Exposed Databases and Configuration Issues
Security researchers have found that exposed Google Firebase databases are often discoverable through many search engines (although not through Google's own search engine).
These cloud databases, if misconfigured, lack proper authentication or access controls and are accessible to anyone wanting to access and copy the data. Vulnerabilities have led to instances where personal information, including passwords and health information, and other data were left unprotected. Google has been repeatedly criticized for lack of transparency and for not responding adequately to the issue.
Apple: "In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests."
Google said that it shared Wyden's "commitment to keeping users informed about these requests."
There is no official statement from the Department of Justice.
Firebase Cloud Messaging (FCM) by Google
- Purpose: FCM is a messaging solution provided by Google that allows developers to send messages, including push notifications, to Android, iOS, and web applications.
- Functionality: FCM acts as an intermediary between the app's server and users' end devices. It enables the sending of messages to registered devices, whether the app is open or running in the background.
- Support:In addition to push notifications, FCM offers features such as data messages, multicast messages, and the ability to target audiences based on various criteria.
Apple's Push Notification Service (APNs)
- Purpose: APNs is Apple's push notification service, enabling developers to send push notifications to iOS devices, including iPhones and iPads.
- Functionality: APNs establishes secure and efficient communication between the app's server and Apple devices. It allows the sending of notifications even when the app is not active.
- Security: APNs uses encryption to ensure the security of transmitted data. Each app receives a unique identifier used for identification on Apple devices.
The hosts files offered on these pages have long blocked Firebase services. Regardless of government surveillance, Firebase services are equipped with analytics and trackers, as illustrated in the following example with Google Analytics V4.
firebase.googleapis.com
firebaselogging.googleapis.com
firebaseremoteconfig.googleapis.com
firebaseinstallations.googleapis.com
tveweb-appsvcs-aetnd-com-8ff57.firebaseapp.com
walkthrough-tool.firebaseapp.com
walkthrough-tool.firebaseio.comhttps://firebaseinstallations.googleapis.com/v1/projects/walkthrough-tool/installations
https://firebase.googleapis.com/v1alpha/projects/-/apps/xxxxxx/
{
"name": "xxxx",
"fid": "xxxxx",
"refreshToken": "xxxxx",
"authToken": {
"token": xxxxx",
"expiresIn": "604800s"
}
}
{
"projectId": "walkthrough-tool",
"appId": "xxxxx",
"databaseURL": "https://walkthrough-tool.firebaseio.com",
"storageBucket": "walkthrough-tool.appspot.com",
"locationId": "asia-northeast1",
"authDomain": "walkthrough-tool.firebaseapp.com",
"messagingSenderId": "xxxx",
"measurementId": "G-9Q92J04VDB"
}Explanation of the Raw Data
- projectId
The project ID in Firebase that identifies this specific project (here: walkthrough-tool). - appId
The app ID associated with the Firebase app. - databaseURL
The URL of the Firebase Realtime Database used to access the database. - storageBucket
The storage location under Google App Engine for uploaded files (such as images, videos, etc.) in Firebase. - locationId
The geographic location of the Firebase services, in this case, Asia (asia-northeast1). - authDomain
The domain used for authentication in Firebase. - messagingSenderId
A unique ID for sending messages (e.g., push notifications). - measurementId
This is the measurement ID for Google Analytics 4 (GA4). It establishes the connection between Firebase and GA4 and is used to track events and other app data in GA4.
Sources
Governments spying Apple and Googleusers
Wyden seeks answers from Justice
Your opinion is important – please leave a comment!
0 Comments
