China is one of the biggest markets in the world for Apple’s products. In its recent quarterly results, the company registered a whopping $17.7 billion in iPhone sales in the region.
However, this stellar business performance comes at a cost of user privacy and ceding control over its own ecosystem. According to a new report from The New York Times, Apple gave in to China’s multiple demands, including custom hardware for iCloud and app removals.
The report noted that Tim Cook caved in to China’s demand of storing iCloud data of China-based customers in the country —Apple wanted to keep that data in the US. While storing user data locally is a common practice across the globe, Apple allegedly handed over iCloud’s encryption key to China and made it easier to retrieve user data.
This is unlike Apple in the US, where it has constantly battled with authorities to keep their hands off iPhone users’ data. The NYT report noted that the iPhone maker created a special loophole to give the government access to data: it partnered with a government-affiliated Guizhou-Cloud Big Data as a service provider. Plus, it made changes to the iCloud service agreement that included the clause, “Apple and GCBD will have access to all data that you store on this service.”
Apple doesn’t have to cater to the Chinese government’s requests directly, but GCBD can comply with all demands. The NYT report also observed that while GCBD workers retained a large set of controls on how iCloud worked in China, Apple just observed the operations from outside the country.
Apple usually stores iCloud’s encryption key on a special device called the hardware security modules (HSM). Thales, a French company, makes such devices for Apple, but for China, the tech giant, made its own HSM based on Apple TV. The firm has refuted this claim and said that its data centers are equipped with the most sophisticated set of protection. However, it didn’t specify if it has upgraded to Thales-made HSMs.
Ok let’s talk about the concrete technical bits. Big parts of iCloud rely on special devices called Hardware Security Modules, or HSMs. These are specialized computers that store keys. In the US, Apple uses Thales HSMs.
— Matthew Green (@matthew_d_green) May 17, 2021
The company is also trying to isolate the rest of the iCloud network by designing a new set of data centers for China that will be operated in a silo.
The NYT report says that Apple has a set of tools and personnel, including an internal Wiki list, Chinese language specialists, and lawyers to keep a check on apps that mentioned certain banned subjects. These topics include Tiananmen Square, Dalai Lama, and independence for Tibet.
In January-June 2020 time period, Apple has removed nearly 200 apps from the China app store. In 2019, the company removed 391 for legal violations.
Apple has been criticized for its business dealings and censorship in China for a long time. In 2018, iPhones reportedly started crashing if you sent the word “Taiwan” or the Taiwanese flag emoji. In 2019, the company banned the app that warned Hong Kong citizens about police activity. There’s also been a lot of chatter related to how Apple suppliers in China engage workers from a Muslim minority community into forced labor.
This new story sheds more light on how the tech giant has different stands regarding privacy in China and the US.
You can read the entire NYT report here.