Report details security compromises Apple has made to placate China

Posted:
in General Discussion edited May 2021
A new investigation reveals some of the compromises that Apple has made in China to gain access to the booming market, including storing data on state-owned servers and censoring apps in the country that run afoul of local regulations.

Credit: Wang GangCredit: Wang Gang
Credit: Wang GangCredit: Wang Gang


China is a critical region for Apple, both in terms of product and services sales and because of a deep reliance on the country's supply chain. China, in short, helped Apple become the world's most valuable company.

However, The New York Times highlights all of the ways that the Chinese government has pressured Apple to make compromises that conflict with the Cupertino tech giant's stated values and principals.

Despite Apple's strong stance on protecting user privacy, for example, it stores all of its Chinese user data within the country's borders on servers that belong to a state-owned firm. According to security experts, that means it's essentially impossible for Apple to stop the Chinese government from obtaining access to user data.

Additionally, while U.S. regulations prohibit Apple from handing data over to Chinese authorities, the local storage of Apple data creates a loophole that allows it. A Chinese-based firm, Guizhou-Cloud Big Data (GCBD), is actually the legal owner of Apple iCloud customers in China. Because of that, Chinese authorities can demand access to data from GCBD rather than Apple, and the terms shield Apple from legal reprisal in the U.S., according to a person who helped create the arrangement.

Before that arrangement existed, Apple said it never provided data to the Chinese government. After Apple made GCBD the owner of the data, it says that it has provided iCloud contents for an undisclosed number of accounts in nine separate cases.

Apple pushed to keep encryption keys out of the country as part of the original agreement that saw Chinese data stored locally. Less than a year after striking the deal, however, Apple moved the digital keys out of the U.S. and into China, making it easier for Chinese government agencies to obtain user texts, emails and other information.

The company in a statement said it still controls the keys and uses advanced encryption technology -- more advanced than solutions used in other countries -- to keep them safe.

The compromises also exist on the App Store. According to The New York Times, Apple has an internal team that either rejects app submissions or pulls down apps that it believes could violate Chinese regulations.

Apple uses specialized tools and trains its reviewers to detect topics deemed off-limits in China. That includes mentions of the independence of Tibet or Taiwan, the Tiananmen Square incident, or the Dalai Lama.

Since 2017, about 55,000 apps have disappeared from the App Store in China, according to data provided by Sensor Tower. Some of those apps include foreign news outlets, encrypted messaging apps, and gay dating services, as well as platforms like VPNs that allow users to bypass internet restrictions.

For its part, Apple said it approved 91% of takedown requests, or 1,217 apps, from the Chinese government in a two-year period ending in June 2020. Apple's statistics might not tell the whole story, as its review apparatus could remove apps before they catch the eye of government officials.

In a statement to The New York Times, Apple said it follows laws in China and does everything that it can to protect the security and privacy of its customers' data in the country.

"We have never compromised the security of our users or their data in China or anywhere we operate," Apple said.

It also noted that it only removed apps to comply with Chinese regulations. "These decisions are not always easy, and we may not agree with the laws that shape them, but our priority remains creating the best user experience without violating the rules we are obligated to follow," the company added.

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.

Comments

  • Reply 1 of 13
    I’m not sure why this is even a story. Every company has to follow the local laws of the country it is operating in. This doesn’t stop Apple providing the very best privacy and security that those local laws allow.
    FileMakerFellerradarthekatmike1GeorgeBMacwatto_cobra
  • Reply 2 of 13
    I'm reminded of Joel Spolsky's witticism: they're not being asked to walk a fine line, it's a line of negative width.
    IreneWtwokatmewwatto_cobra
  • Reply 3 of 13
    22july201322july2013 Posts: 3,683member
    I’m not sure why this is even a story. Every company has to follow the local laws of the country it is operating in. This doesn’t stop Apple providing the very best privacy and security that those local laws allow.
    It's not an important story to people who are American, but it is an important story to people who are Chinese or who are concerned about human rights worldwide. I'm concerned about the latter, and I'm sad that Apple hasn't explained its policies for differences in its privacy controls worldwide. It feels like Apple is covering up for China, or for itself, to avoid bad press. I wish Apple would be open about its privacy policies worldwide. Here's what Apple says about Privacy:
    https://www.apple.com/privacy/
    Privacy is a fundamental human right. At Apple, it’s also one of our core values. 
    How can Privacy be a core value if it's ignored in China? I notice there's no footnote on www.apple.com/privacy/ which says this core value is inapplicable in China.
    twokatmewharrywinter
  • Reply 4 of 13
    gatorguygatorguy Posts: 24,554member
    I’m not sure why this is even a story. Every company has to follow the local laws of the country it is operating in. This doesn’t stop Apple providing the very best privacy and security that those local laws allow.
    It's a story only because there is no requirement that Apple do business in China if they find the requirements too onerous. Yes Apple is a for-profit, and on balance the money to be made from business there outweighs any compromise of their stated "core values". Profit is profit is profit, no apologies needed.  

    If they took major issue with the privacy of Chinese citizens or thought it important enough to make a statement, take a stand, they would. That's not generally what American corporations do, nor what stockholders expect. China won't change just because Apple doesn't like it. They're big but not THAT big. 
    IreneWtwokatmewGeorgeBMac
  • Reply 5 of 13
    radarthekatradarthekat Posts: 3,895moderator
    gatorguy said:
    I’m not sure why this is even a story. Every company has to follow the local laws of the country it is operating in. This doesn’t stop Apple providing the very best privacy and security that those local laws allow.
    It's a story only because there is no requirement that Apple do business in China if they find the requirements too onerous. Yes Apple is a for-profit, and on balance the money to be made from business there outweighs any compromise of their stated "core values". Profit is profit is profit, no apologies needed.  

    If they took major issue with the privacy of Chinese citizens or thought it important enough to make a statement, take a stand, they would. That's not generally what American corporations do, nor what stockholders expect. China won't change just because Apple doesn't like it. They're big but not THAT big. 
    That’s a very jaded and simplistic view of the matter and I suspect you know that.  By pulling out of China based on principal Apple would be ceding critical ground to Chinese technology companies and other technology companies that do business there.  This would strengthen those companies immensely.  Only they would have access to Chinese-made components, China’s manufacturing and assembly factories and workforce and the immense Chinese market.  Apple would be greatly harmed and would diminish as an American competitor to the SE Asian technology juggernauts.  Would this serve America?  

    Bigger question: would this serve or further harm privacy for not just Chinese citizens but citizens globally who buy the 85% Android market share smartphones that would be far more subject to Chinese hegemony?  I think the answer is clear.  Apple’s philosophy is to engage and try to create change rather than walk away and give up any opportunity to be a positive influence. By remaining a strong competitor in all markets Apple stays relevant in markets outside China where’s there’s still plenty of battle space to make progress.  
    edited May 2021 mike1dewmetheotherphil123Gotwokatmewbadmonk
  • Reply 6 of 13
    danoxdanox Posts: 3,229member
    I’m not sure why this is even a story. Every company has to follow the local laws of the country it is operating in. This doesn’t stop Apple providing the very best privacy and security that those local laws allow.
    It's not an important story to people who are American, but it is an important story to people who are Chinese or who are concerned about human rights worldwide. I'm concerned about the latter, and I'm sad that Apple hasn't explained its policies for differences in its privacy controls worldwide. It feels like Apple is covering up for China, or for itself, to avoid bad press. I wish Apple would be open about its privacy policies worldwide. Here's what Apple says about Privacy:
    https://www.apple.com/privacy/
    Privacy is a fundamental human right. At Apple, it’s also one of our core values. 
    How can Privacy be a core value if it's ignored in China? I notice there's no footnote on www.apple.com/privacy/ which says this core value is inapplicable in China.

    Privacy is ignored in all countries, however you want to live in the countries that won’t knock on your door at night and take you away… and across the world there are only a few countries that leave you alone for most part.

    If you don’t like Apple for selling in Russia or China get a Android phone, most of world already has….
    edited May 2021 radarthekatGeorgeBMac
  • Reply 7 of 13
    gatorguy said:
    I’m not sure why this is even a story. Every company has to follow the local laws of the country it is operating in. This doesn’t stop Apple providing the very best privacy and security that those local laws allow.
    It's a story only because there is no requirement that Apple do business in China if they find the requirements too onerous. Yes Apple is a for-profit, and on balance the money to be made from business there outweighs any compromise of their stated "core values". Profit is profit is profit, no apologies needed.  

    If they took major issue with the privacy of Chinese citizens or thought it important enough to make a statement, take a stand, they would. That's not generally what American corporations do, nor what stockholders expect. China won't change just because Apple doesn't like it. They're big but not THAT big. 
    Indeed, it’s easy to sow racism towards China and their culture but it’s convenient to ignore the privacy violations of western countries such as the 5 eyes security agencies. Pretty much every trans global internet cable comes into the UK and is tapped at source by the GCHQ. They’re doing real-time storage and 30 day data retention of pretty much the entire worlds internet and phone communications (code name Tempora). This is then shared amongst the 5 eyes intelligence community. The US doesn’t have to spy on it’s own citizens when the UK does it for them.

    What’s Apple to do? Not sell in the US, UK, New Zealand, Australia or Canada? Yeah, that’ll show them.


    EDIT: So Apple’s response to the report indicates that due to complying with local laws, the data centre located in China provides separation from it’s Chinese customers and the rest of the world and they’re also using different encryption for these servers. This means that if these servers were ever compromised, it would not effect customers outside of China. It also means that they cannot use these compromised servers to traverse to other Apple networks as they’re entirely seperate. Seems like a good strategy to me.
    edited May 2021 radarthekathydrogentwokatmewGeorgeBMac
  • Reply 8 of 13
    viclauyycviclauyyc Posts: 849member
    Being a Chinese from mainland Chinese means you give away your human rights along with many other things even before inception. This is a known fact.

    Solution? Don’t born in China, maybe this is one of the reason why China’s birth rate is in negative area. 
    twokatmewharrywinter
  • Reply 9 of 13
    22july201322july2013 Posts: 3,683member
    danox said:
    I’m not sure why this is even a story. Every company has to follow the local laws of the country it is operating in. This doesn’t stop Apple providing the very best privacy and security that those local laws allow.
    It's not an important story to people who are American, but it is an important story to people who are Chinese or who are concerned about human rights worldwide. I'm concerned about the latter, and I'm sad that Apple hasn't explained its policies for differences in its privacy controls worldwide. It feels like Apple is covering up for China, or for itself, to avoid bad press. I wish Apple would be open about its privacy policies worldwide. Here's what Apple says about Privacy:
    https://www.apple.com/privacy/
    Privacy is a fundamental human right. At Apple, it’s also one of our core values. 
    How can Privacy be a core value if it's ignored in China? I notice there's no footnote on www.apple.com/privacy/ which says this core value is inapplicable in China.

    Privacy is ignored in all countries, however you want to live in the countries that won’t knock on your door at night and take you away… and across the world there are only a few countries that leave you alone for most part.

    If you don’t like Apple for selling in Russia or China get a Android phone, most of world already has….
    Wow did you misunderstand me. I never said Apple shouldn't sell phones in China. Read what I wrote again. I said "I wish Apple would be open about its privacy policies worldwide." I just wanted Apple to be honest. The quote I cited for you from Apple's website proves they are not being honest. Don't misunderstand me next time.
  • Reply 10 of 13
    beowulfschmidtbeowulfschmidt Posts: 2,295member
    I’m not sure why this is even a story. Every company has to follow the local laws of the country it is operating in. This doesn’t stop Apple providing the very best privacy and security that those local laws allow.
    It's a story because of the disconnect between Apple's public stance of
          "we value your privacy and will work to protect it"
    and
          "unless you live in China".

    Of course companies are required to follow the law in the countries in which they operate, but one could wish they were a tad more transparent about exactly what that means with regard to their stated principles.
    edited May 2021 muthuk_vanalingamharrywinter
  • Reply 11 of 13
    This is a bit of a stretch. iPhone users are ONLY at risk if they're chatting with users who've listed their country as China. Publicly, there are no other security holes right now, so it's perfectly safe to chat with users in every other country.
    gatorguywatto_cobra
  • Reply 12 of 13
    I’m not sure why this is even a story. Every company has to follow the local laws of the country it is operating in. This doesn’t stop Apple providing the very best privacy and security that those local laws allow.
    It's a story because of the disconnect between Apple's public stance of
          "we value your privacy and will work to protect it"
    and
          "unless you live in China".

    Of course companies are required to follow the law in the countries in which they operate, but one could wish they were a tad more transparent about exactly what that means with regard to their stated principles.

    And that is fine, but do we have any evidence that Apple is reducing privacy as a whole to the Chinese? I don’t mean in relation to other countries laws, I mean in relation to Chinese laws?

    Could it be that Apple operating in China is a good thing for the Chinese public and is in fact increasing their privacy, despite complying with Chinese laws? I know that Apple has increased privacy to myself, despite being in a western country over every other phone/ tablet/ laptop manufacturer. I can’t see that owning a Samsung phone running Android in China is more secure/ private than iPhone. It’s not only government that is a threat, but they’re the only entity with the power to make laws. Apple is effective against all other threats, thereby increasing security and privacy to the Chinese over choosing not to operate there.
    edited May 2021
  • Reply 13 of 13
    crowleycrowley Posts: 10,453member
    Another example of why the walled garden is problematic: when it combines with an authoritarian regime, it becomes a trap.
Sign In or Register to comment.