An in-depth report from The New York Times claims Apple has compromised iCloud privacy and security protections in China in order to continue being allowed to build and sell its devices in the country.
The report says Apple complied with a 2016 law that requires all personal information and data collected in China to be kept in China. Apple has built a China data center and relocated its Chinese customers’ iCloud data to the China data center, which is managed by a Chinese company.
Apple had fought against the Chinese government’s move to gain more control over Chinese users’ data, but Apple was eventually forced to bow before its Chinese overlords. The dispute was over Apple wanting to keep the digital key that can unlock iCloud encryption inside US borders, while Chinese officials wanted them kept in China.
The encryption keys ended up being stored in China, which reportedly “surprised” two unnamed Apple executives who were involved in the negotiations and who said that the decision could potentially endanger customer data.
While there is no evidence that the Chinese government has access to the data, some security experts say China could demand the data or simply take it without asking Apple. Especially since a third-party Chinese company manages customer data on Apple’s behalf.
“The Chinese are serial iPhone breakers,” said Ross J. Anderson, a University of Cambridge cybersecurity researcher who reviewed the documents. “I’m convinced that they will have the ability to break into the servers.”
An Apple spokesperson told The New York Times that it “never compromised” the security of users or user data in China “or anywhere we operate.” Apple says it has control of the encryption keys connected to Chinese customers’ data, and that the Chinese data center uses the most advanced encryption technology available, even more advanced than what Apple uses in other countries.
Apple has also obeyed Chinese regulators by removing apps from the Chinese App Store when requested by the Chinese government after China began requiring an official license to release an app.
“These decisions are not always easy, and we may not agree with the laws that shape them,” Apple said. “But our priority remains creating the best user experience without violating the rules we are obligated to follow.”
