Report details security compromises Apple has made to placate China
A new investigation reveals some of the compromises that Apple has made in China to gain access to the booming market, including storing data on state-owned servers and censoring apps in the country that run afoul of local regulations.
Credit: Wang GangCredit: Wang Gang
China is a critical region for Apple, both in terms of product and services sales and because of a deep reliance on the country's supply chain. China, in short, helped Apple become the world's most valuable company.
However, The New York Times highlights all of the ways that the Chinese government has pressured Apple to make compromises that conflict with the Cupertino tech giant's stated values and principals.
Despite Apple's strong stance on protecting user privacy, for example, it stores all of its Chinese user data within the country's borders on servers that belong to a state-owned firm. According to security experts, that means it's essentially impossible for Apple to stop the Chinese government from obtaining access to user data.
Additionally, while U.S. regulations prohibit Apple from handing data over to Chinese authorities, the local storage of Apple data creates a loophole that allows it. A Chinese-based firm, Guizhou-Cloud Big Data (GCBD), is actually the legal owner of Apple iCloud customers in China. Because of that, Chinese authorities can demand access to data from GCBD rather than Apple, and the terms shield Apple from legal reprisal in the U.S., according to a person who helped create the arrangement.
Before that arrangement existed, Apple said it never provided data to the Chinese government. After Apple made GCBD the owner of the data, it says that it has provided iCloud contents for an undisclosed number of accounts in nine separate cases.
Apple pushed to keep encryption keys out of the country as part of the original agreement that saw Chinese data stored locally. Less than a year after striking the deal, however, Apple moved the digital keys out of the U.S. and into China, making it easier for Chinese government agencies to obtain user texts, emails and other information.
The company in a statement said it still controls the keys and uses advanced encryption technology -- more advanced than solutions used in other countries -- to keep them safe.
The compromises also exist on the App Store. According to The New York Times, Apple has an internal team that either rejects app submissions or pulls down apps that it believes could violate Chinese regulations.
Apple uses specialized tools and trains its reviewers to detect topics deemed off-limits in China. That includes mentions of the independence of Tibet or Taiwan, the Tiananmen Square incident, or the Dalai Lama.
Since 2017, about 55,000 apps have disappeared from the App Store in China, according to data provided by Sensor Tower. Some of those apps include foreign news outlets, encrypted messaging apps, and gay dating services, as well as platforms like VPNs that allow users to bypass internet restrictions.
For its part, Apple said it approved 91% of takedown requests, or 1,217 apps, from the Chinese government in a two-year period ending in June 2020. Apple's statistics might not tell the whole story, as its review apparatus could remove apps before they catch the eye of government officials.
In a statement to The New York Times, Apple said it follows laws in China and does everything that it can to protect the security and privacy of its customers' data in the country.
"We have never compromised the security of our users or their data in China or anywhere we operate," Apple said.
It also noted that it only removed apps to comply with Chinese regulations. "These decisions are not always easy, and we may not agree with the laws that shape them, but our priority remains creating the best user experience without violating the rules we are obligated to follow," the company added.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Credit: Wang GangCredit: Wang Gang
China is a critical region for Apple, both in terms of product and services sales and because of a deep reliance on the country's supply chain. China, in short, helped Apple become the world's most valuable company.
However, The New York Times highlights all of the ways that the Chinese government has pressured Apple to make compromises that conflict with the Cupertino tech giant's stated values and principals.
Despite Apple's strong stance on protecting user privacy, for example, it stores all of its Chinese user data within the country's borders on servers that belong to a state-owned firm. According to security experts, that means it's essentially impossible for Apple to stop the Chinese government from obtaining access to user data.
Additionally, while U.S. regulations prohibit Apple from handing data over to Chinese authorities, the local storage of Apple data creates a loophole that allows it. A Chinese-based firm, Guizhou-Cloud Big Data (GCBD), is actually the legal owner of Apple iCloud customers in China. Because of that, Chinese authorities can demand access to data from GCBD rather than Apple, and the terms shield Apple from legal reprisal in the U.S., according to a person who helped create the arrangement.
Before that arrangement existed, Apple said it never provided data to the Chinese government. After Apple made GCBD the owner of the data, it says that it has provided iCloud contents for an undisclosed number of accounts in nine separate cases.
Apple pushed to keep encryption keys out of the country as part of the original agreement that saw Chinese data stored locally. Less than a year after striking the deal, however, Apple moved the digital keys out of the U.S. and into China, making it easier for Chinese government agencies to obtain user texts, emails and other information.
The company in a statement said it still controls the keys and uses advanced encryption technology -- more advanced than solutions used in other countries -- to keep them safe.
The compromises also exist on the App Store. According to The New York Times, Apple has an internal team that either rejects app submissions or pulls down apps that it believes could violate Chinese regulations.
Apple uses specialized tools and trains its reviewers to detect topics deemed off-limits in China. That includes mentions of the independence of Tibet or Taiwan, the Tiananmen Square incident, or the Dalai Lama.
Since 2017, about 55,000 apps have disappeared from the App Store in China, according to data provided by Sensor Tower. Some of those apps include foreign news outlets, encrypted messaging apps, and gay dating services, as well as platforms like VPNs that allow users to bypass internet restrictions.
For its part, Apple said it approved 91% of takedown requests, or 1,217 apps, from the Chinese government in a two-year period ending in June 2020. Apple's statistics might not tell the whole story, as its review apparatus could remove apps before they catch the eye of government officials.
In a statement to The New York Times, Apple said it follows laws in China and does everything that it can to protect the security and privacy of its customers' data in the country.
"We have never compromised the security of our users or their data in China or anywhere we operate," Apple said.
It also noted that it only removed apps to comply with Chinese regulations. "These decisions are not always easy, and we may not agree with the laws that shape them, but our priority remains creating the best user experience without violating the rules we are obligated to follow," the company added.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Comments
How can Privacy be a core value if it's ignored in China? I notice there's no footnote on www.apple.com/privacy/ which says this core value is inapplicable in China.
If they took major issue with the privacy of Chinese citizens or thought it important enough to make a statement, take a stand, they would. That's not generally what American corporations do, nor what stockholders expect. China won't change just because Apple doesn't like it. They're big but not THAT big.
Privacy is ignored in all countries, however you want to live in the countries that won’t knock on your door at night and take you away… and across the world there are only a few countries that leave you alone for most part.
If you don’t like Apple for selling in Russia or China get a Android phone, most of world already has….
EDIT: So Apple’s response to the report indicates that due to complying with local laws, the data centre located in China provides separation from it’s Chinese customers and the rest of the world and they’re also using different encryption for these servers. This means that if these servers were ever compromised, it would not effect customers outside of China. It also means that they cannot use these compromised servers to traverse to other Apple networks as they’re entirely seperate. Seems like a good strategy to me.
Solution? Don’t born in China, maybe this is one of the reason why China’s birth rate is in negative area.
"we value your privacy and will work to protect it"
and
"unless you live in China".
Of course companies are required to follow the law in the countries in which they operate, but one could wish they were a tad more transparent about exactly what that means with regard to their stated principles.
Could it be that Apple operating in China is a good thing for the Chinese public and is in fact increasing their privacy, despite complying with Chinese laws? I know that Apple has increased privacy to myself, despite being in a western country over every other phone/ tablet/ laptop manufacturer. I can’t see that owning a Samsung phone running Android in China is more secure/ private than iPhone. It’s not only government that is a threat, but they’re the only entity with the power to make laws. Apple is effective against all other threats, thereby increasing security and privacy to the Chinese over choosing not to operate there.