Apple refutes claims of compromising iCloud user security in China
According to a recent report by The New York Times, Apple has compromised the privacy and security protection of iCloud users in one of its biggest markets for Apple products, China. Citing 17 interviews with current and former employees and internal documents from the company, the report focuses on Apple's relationship with the Chinese government. However, the US technology company has refuted the claims.
Back in 2017, Apple announced new data centers in China built in partnership with a Chinese state-owned company, GCBD, to comply with the tougher new Chinese cybersecurity laws. The step allegedly allowed Apple to move iCloud data of Chinese consumers from servers outside the country and into China while abiding by American laws, which forbid US companies from sharing data with Chinese law enforcement.
Usually, the digital keys that can decrypt the iCloud data are stored on hardware security modules, which are specialized devices made by a French technology company called Thales. However, China allegedly disapproved of Thales devices leading to Apple eventually planning on building new security devices for data storage and low-cost hardware that was originally built for Apple TV.
The report suggests Apple made a "series of compromises to meet the authorities' demands," thereby making iCloud data in China vulnerable to the country's government. It added that the location of the keys "was left intentionally vague" in 2017, and, eight months later they were being stored in China. However, the report highlighted it has no evidence that China's government has accessed the data.
Apple has refuted these claims and stated that it has designed the iCloud security "in such a way that only Apple has control of the encryption keys." An Apple spokesperson has clarified that the company used its most advanced encryption technology in China—more advanced than what it used in other countries. Additionally, Apple claimed that it keeps all third parties disconnected from its networks.
According to a Times analysis, around 55,000 apps have disappeared from Apple's App Store in China since 2017, while most of them are available in other countries. Stating that some developers removed their own apps from China, Apple has disputed Times figures. Reportedly, Apple also blocked apps about the Dalai Lama along with tools that help organize pro-democracy protests and skirt internet restrictions.
In 2017, Chinese authorities uncovered a data-selling scam worth over $7.36 million, where iPhone users' private data was sold in black markets. Authorities suspected 22 people, including 20 from Apple's "direct sales outlets" in China and companies Apple outsourced services to. Those detained used to charge between $1.50 and $26.50 for pieces of illegally gathered data.