Apple may have compromised everyone's security for access to China
Apple is said to have given the Chinese government access to the software used in its iPhones to conduct "security checks" meant to ensure the privacy of China's citizens. The revelation comes courtesy of a tweet from one of China's state-run publications and a Beijing News report claiming Apple chief executive Tim Cook authorized the checks.
China's government originally delayed the launch of Apple's latest iPhones within the country because it feared they might be used by foreign governments to aid surveillance. Then, after it cleared the devices for use in its country, the government is believed to have performed man-in-the-middle attacks on citizens using iCloud and similar tools.
Some fear Apple may have provided the source code to the operating system used in its iPhones and iPads. If that's true, the security of those devices has been severely harmed. Percy Alpha, a member of the GreatFire censorship watchdog, told Quartz that it could allow China to discover vulnerabilities in Apple's software that it could later exploit.
This would mark the first time Apple and China have conspired to compromise the security and privacy of people outside the country, but it's not the first time people inside China have had to worry about Apple's cozy relationship with the government. As I explained in September 2014 when the latest iPhones debuted in China:
The government expects to receive any data it requests from companies with servers on its soils, and Apple revealed in August that it stores customer data in China through a partnership with China Telecom, a state-owned wireless service provider. Apple claims that China Telecom can’t access the information on the servers because all of the relevant encryption keys are kept on servers in other countries.Perhaps something is being lost in translation here, or maybe the Chinese government is using its media organizations to make claims that aren't exactly truthful. But if Apple really did provide access to the iPhone operating system's source code, it should admit as much so people know the degree to which their security may be compromised, all for the sake of Apple's business ambitions.
And even if the company hasn't done anything untoward, it should still reveal what it's allowed the Chinese government to learn about its software. This doesn't just affect the Chinese citizens who purchased the latest iPhones -- it represents a risk to everyone who uses iOS devices. The one thing Apple can't do is pretend these allegations aren't being bandied about. Unfortunately, that's what we've come to expect from Cupertino.
[Illustration by Hallie Bateman for Pando]