Report details security compromises Apple has made to placate China

article thumbnail

A new investigation reveals some of the compromises that Apple has made in China to gain access to the booming market, including storing data on state-owned servers and censoring apps in the country that run afoul of local regulations.

China is a critical region for Apple, both in terms of product and services sales and because of a deep reliance on the country's supply chain. China, in short, helped Apple become the world's most valuable company.

However, The New York Times highlights all of the ways that the Chinese government has pressured Apple to make compromises that conflict with the Cupertino tech giant's stated values and principals.

Despite Apple's strong stance on protecting user privacy, for example, it stores all of its Chinese user data within the country's borders on servers that belong to a state-owned firm. According to security experts, that means it's essentially impossible for Apple to stop the Chinese government from obtaining access to user data.

Additionally, while U.S. regulations prohibit Apple from handing data over to Chinese authorities, the local storage of Apple data creates a loophole that allows it. A Chinese-based firm, Guizhou-Cloud Big Data (GCBD), is actually the legal owner of Apple iCloud customers in China. Because of that, Chinese authorities can demand access to data from GCBD rather than Apple, and the terms shield Apple from legal reprisal in the U.S., according to a person who helped create the arrangement.

Before that arrangement existed, Apple said it never provided data to the Chinese government. After Apple made GCBD the owner of the data, it says that it has provided iCloud contents for an undisclosed number of accounts in nine separate cases.

Apple pushed to keep encryption keys out of the country as part of the original agreement that saw Chinese data stored locally. Less than a year after striking the deal, however, Apple moved the digital keys out of the U.S. and into China, making it easier for Chinese government agencies to obtain user texts, emails and other information.

The company in a statement said it still controls the keys and uses advanced encryption technology — more advanced than solutions used in other countries — to keep them safe.

The compromises also exist on the App Store. According to The New York Times, Apple has an internal team that either rejects app submissions or pulls down apps that it believes could violate Chinese regulations.

Apple uses specialized tools and trains its reviewers to detect topics deemed off-limits in China. That includes mentions of the independence of Tibet or Taiwan, the Tiananmen Square incident, or the Dalai Lama.

Since 2017, about 55,000 apps have disappeared from the App Store in China, according to data provided by Sensor Tower. Some of those apps include foreign news outlets, encrypted messaging apps, and gay dating services, as well as platforms like VPNs that allow users to bypass internet restrictions.

For its part, Apple said it approved 91% of takedown requests, or 1,217 apps, from the Chinese government in a two-year period ending in June 2020. Apple's statistics might not tell the whole story, as its review apparatus could remove apps before they catch the eye of government officials.

In a statement to The New York Times, Apple said it follows laws in China and does everything that it can to protect the security and privacy of its customers' data in the country.

"We have never compromised the security of our users or their data in China or anywhere we operate," Apple said.

It also noted that it only removed apps to comply with Chinese regulations. "These decisions are not always easy, and we may not agree with the laws that shape them, but our priority remains creating the best user experience without violating the rules we are obligated to follow," the company added.

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.

 

Latest News





Latest Videos








Latest Reviews



article thumbnail

What to expect from WWDC 2021 - and what not to