Apple refutes claims of compromising iCloud user security in China
What's the story
According to a recent report by The New York Times, Apple has compromised the privacy and security protection of iCloud users in one of its biggest markets for Apple products, China.
Citing 17 interviews with current and former employees and internal documents from the company, the report focuses on Apple's relationship with the Chinese government.
However, the US technology company has refuted the claims.
Cybersecurity law
Overseas business groups labeled the Chinese law as 'overly vague'
Back in 2017, Apple announced new data centers in China built in partnership with a Chinese state-owned company, GCBD, to comply with the tougher new Chinese cybersecurity laws.
The step allegedly allowed Apple to move iCloud data of Chinese consumers from servers outside the country and into China while abiding by American laws, which forbid US companies from sharing data with Chinese law enforcement.
Compromises
Where do the encryption keys to unlock the data lie?
Usually, the digital keys that can decrypt the iCloud data are stored on hardware security modules, which are specialized devices made by a French technology company called Thales.
However, China allegedly disapproved of Thales devices leading to Apple eventually planning on building new security devices for data storage and low-cost hardware that was originally built for Apple TV.
Details
No evidence is available that China's government has accessed data
The report suggests Apple made a "series of compromises to meet the authorities' demands," thereby making iCloud data in China vulnerable to the country's government.
It added that the location of the keys "was left intentionally vague" in 2017, and, eight months later they were being stored in China.
However, the report highlighted it has no evidence that China's government has accessed the data.
Apple's stance
Apple refutes claims; says it controls keys protecting Chinese data
Apple has refuted these claims and stated that it has designed the iCloud security "in such a way that only Apple has control of the encryption keys."
An Apple spokesperson has clarified that the company used its most advanced encryption technology in China—more advanced than what it used in other countries.
Additionally, Apple claimed that it keeps all third parties disconnected from its networks.
Long-time criticism
Apple has been criticized for removing software at China's behest
According to a Times analysis, around 55,000 apps have disappeared from Apple's App Store in China since 2017, while most of them are available in other countries.
Stating that some developers removed their own apps from China, Apple has disputed Times figures.
Reportedly, Apple also blocked apps about the Dalai Lama along with tools that help organize pro-democracy protests and skirt internet restrictions.
2017 Scam
Apple suppliers sold iPhone users' private data in black market
In 2017, Chinese authorities uncovered a data-selling scam worth over $7.36 million, where iPhone users' private data was sold in black markets.
Authorities suspected 22 people, including 20 from Apple's "direct sales outlets" in China and companies Apple outsourced services to.
Those detained used to charge between $1.50 and $26.50 for pieces of illegally gathered data.