Surveillance You Didn't Sign Up For

How Downloading Apps Can Put You on a Government Watchlist

In today’s digital world, downloading an app feels harmless. Quick and easy. With a few taps, you’ve got a new tool to track your workouts, manage finances, or report local events.

But ….. what if the simple act of downloading an app, especially one related to activism or reporting government activity, puts you under surveillance?

This is not paranoia. It’s reality. It’s happening right now!

The App Notification Leak That Exposed the Truth

In 2023, U.S. Senator Ron Wyden revealed that Apple and Google were mandated to secretly share push notification metadata with the U.S. government without a warrant. Without public knowledge, federal agencies were requesting data on who received notifications from which apps, and when.

Think about that for a moment: even if you didn’t open the app or click anything, just receiving a notification meant your activity was tracked and handed to law enforcement without a warrant.

Apple and Google Spying on Phone Notifications for Governments

A Real-World Example: The ICE Reporting App

From today’s headlines (June/July 2025), an app used to report or warn communities about potential immigration raids, like the “ICE Reporting” app (not endorsing this activity, just using it as an a real world example).

Now picture this:

• An ICE operation happens in a neighborhood.

• A government agency geofences the area, pulling location data on all phones nearby.

• They ask Apple or Google, “Which of these phones had the ICE Reporting app installed?”

• If your phone matches, you could be flagged - even if you were just passing by or simply downloading the app to see what its all about.

In the eyes of surveillance logic, you are now a potential informant, protester, or civil agitator.

Tinfoil hat moment: Is the ICE Reporting App a trojan horse to find informants?

Metadata: The Digital Trail You Didn't Know You Left

You don’t have to post. You don’t have to share. You don’t even have to open the app. You just need to install it to be tracked.

Apps send silent push notifications, even when idle for internal updates and actions. Its a battery efficient way for an app to get new data from the app’s server and send telemetry data back to the mothership. Governments don’t need to break encryption to learn who is engaging with what, they just need the notification metadata.

What is a Silent Notification?

A silent push notification is a type of message sent to your phone or app that doesn’t show any alert, sound, or message to you directly. You don’t even know your app received a silent push notification.

Instead, it runs quietly in the background. The app gets the message and can do things like:

• update its content (e.g., refreshing news or syncing emails),

• track usage or analytics,

• or prepare something before you open the app.

You won’t see anything pop up, but the app is working behind the scenes thanks to that silent message. It's like someone sneaking into your kitchen and refilling the cookie jar without waking you up. They are supposed to be helpful, invisible, and quiet but they also constantly keep track of you.

The Chilling Effect of App Surveillance

These revelations are not just privacy concerns. It’s a threat civic engagement. When people realize the government is watching what apps they install, they start to hesitate.

• Thinking of installing an app for protesting or organizing? Now you might not.

• Want to report local misconduct? You might fear retaliation.

• Simply care about a cause? That app might make you a suspect.

This is precisely how surveillance chills free expression.

Don’t Let App Providers Fool You

Many App providers try to tell you because you are on an iPhone or an Android device their app is private and secure. The trigger for writing this article was reading a GrapheneOS Twitter (X I suppose) thread debunking ICE Reporting app claims they only run on iPhone so the government can’t track you. This is false.

Apple collects detailed telemetry, including which apps are installed on each device, tied to identifiable Apple accounts. If a government agency, such as the U.S. Department of Homeland Security, requests that data, Apple can and will disclose which users have installed a particular app. Plain and simple.

In contrast, Android, while often criticized for its ties to Google, offers more flexibility for developers. Android apps can implement their own Push Notification systems and users can install apps from outside the Google Play Store altogether. But for the “normal” Android user, this is rare.

Neither iOS nor Android can completely anonymize user behavior in high-risk scenarios, but blanket claims that iPhones are significantly safer from surveillance are misleading and technically inaccurate.

Bottom Line: Apps that could put you on the government watch list should be open source so the developer community can review the code and ensure there are no backdoors or extra tracking functions. These apps need to be able to be installed not using the Apple App Store or Google Play Store but sideloaded (or use F-Droid) on an alternate Android OS (like GrapheneOS). If you are getting apps from an “App Store” you are being tracked. 100%.

How to Protect Yourself

To participate in modern society its almost impossible not to have a digital footprint. Being 100% anonymous is hard, here are steps you can take to minimized your digital footprint depending on your desired privacy activity profile.

• Use open-source apps that are transparent about what they do (like F-Droid apps on Android). iPhone do not have this option.

• Disable push notifications for sensitive apps. Fewer alerts = less data.

• Avoid using your main phone number or email when registering politically sensitive apps. For example use Proton Email with the random private email generator for a disposable email and Rivur Chat for virtual phone numbers.

• Review app permissions and don’t allow access unless necessary services like location services or contacts are actually required.

• Use app sandboxing tools like Shelter to isolate activity. Shelter can:

  • Install apps inside a work profile for isolation

  • "Freeze" apps inside the work profile to prevent them from running or being woken up when you are not actively using them

  • Install two copies of the same app on the same device for different privacy profiles

• For “high risk” activities use a separate phone that is not an iPhone or and Android phone with Google Play Services.

• I will be writing more about using Proton Email, Rivur Chat and Shelter on how to help reduce your digital footprint in a follow up Substack.

Final Thoughts: This Is About Power, Not Safety

We’re told that surveillance is about safety. But this is not targeted criminal investigation, it’s pre-emptive suspicion. Because its installed, you are a suspect.

If an app provider is saying we protect your privacy because of the phone its installed on, beware!

• First rule, always consider all your phone and app activity is being sold to a third-party data broker to anyone with a budget, including law enforcement. Since most laws haven’t caught up to this ecosystem, agencies don’t even need a warrant, they just need a purchase order.

• Second rule, they are turning your phone, a device you trust, into a witness against you.

• Third rule, use cash, have in-person relationships, enjoy nature, stay private, don’t feed the data monster, and take care.

Sources

• Senator Ron Wyden’s official statement

• EFF: “Push Notifications Are a Privacy Nightmare”

• TechCrunch: Apple, Google admit sharing push notification metadata