According to ACLU, Apple received 8,929 demands for user information from the government in 2017, while Google received 32,877 -- allegedly just a fraction of the demands made public. A blog post by the union claims that, "in light of companies closing technological loopholes, law enforcement continues to search for alternate vulnerabilities to exploit. As other backdoors in encrypted devices are closed, the software update system will be an increasingly appealing option to law enforcement."
The guidance urges software developers to consider what will happen if the ACLU's concerns are realized and authorities demand these kinds of updates, and includes tips on how to prepare and implement privacy-minded technical designs that limit the possibilities of what can be done, even with a government order.
"Software developers are users' first line of defense against unlawful government encroachment into their devices," says Abdullah Hasan, communications strategist with the ACLU. "And if users lose trust in software updates due to fears that the government is using software updates to break into devices, vulnerabilities won't be patched. This will endanger entire networks."