Operating in China requires foreign tech companies to submit to the government's strict censorship and cybersecurity laws. Just ask Apple. The iPhone maker has been reproached by civil rights activists over its compliance with the country's convoluted rules that target dissent. In the past few years, Apple has been accused of acquiescing to Chinese censors to remove a podcast app, a raft of mobile games and a map app used by Hong Kong's pro-democracy campaigners. Worryingly, more revelations detailing its cozy relationship with the Chinese administration keep surfacing. A damaging new report uncovering the way it handles local data could create another ethical nightmare for the company.
According to a slew of documents reviewed by the The New York Times, Apple has "ceded control" of its data centers in Guiyang — which is reportedly due to be completed next month — and in the Inner Mongolia region to the Chinese government.
The compromises reportedly occurred in the aftermath of a law passed in 2016 that required all “personal information and important data” collected in China to remain in the country. Subsequently, Apple allegedly moved the iCloud data of its Chinese customers from servers located outside the country to the network of a Chinese state-owned company, known as Guizhou-Cloud Big Data (GCBD). It did this on the advice of its China team, according to the Times, as part of a project known internally as “Golden Gate.” This also allegedly allowed Apple to protect itself from American laws, which forbid US companies from handing over data to Chinese law enforcement.
Apple reportedly butted heads with the Chinese government over encryption, but eventually moved the digital keys that unlock customers' private information from the US to China. Alarmed Apple execs told the Times that the move could "jeopardize customers’ data."
It alerted Chinese users to the changes as part of new iCloud terms and conditions that listed GCBD as the service provider and Apple as “an additional party.” Apple told customers the update was to “improve iCloud services in China mainland and comply with Chinese regulations.”
However, the publication admitted that it had seen no proof that the Chinese government had accessed the information. But, the underlying issue is that officials can still demand that data from local companies under the country's strict surveillance laws — the same rules that were partly used to justify bans against Huawei by the US and its allies.
Another, arguably bigger, concern is the type of encryption tech Apple is using in China. After the Chinese government basically prohibited its current iCloud system, Apple allegedly planned to build new security devices for data storage that used an older version of iOS and a low-cost hardware originally built for the Apple TV. Needless to say, the dated tech has security experts spooked that the hardware modules pose a cybersecurity minefield and could be easily breached by hackers.
Apple refutes the allegations made in the report. The company said it designed the iCloud security “in such a way that only Apple has control of the encryption keys.” It added that some of the documents viewed by the Times were outdated and that its Chinese data centers “feature our very latest and most sophisticated protections.” In addition, the company said it keeps all third parties disconnected from its internal network.
Beyond its data handling, Apple also continues to proactively delete software at the behest of China's censors. A Times analysis found that tens of thousands of apps have disappeared from Apple’s Chinese App Store over the past several years, more than previously known. They include foreign news services, gay dating and encrypted messaging apps. It also blocked apps about the Dalai Lama, the spiritual head of Tibetan Buddhism who fled China in 1959 after a failed uprising against Chinese rule.
Apple disputed those figures to the Times, saying that some developers remove their own apps from China. It said that since 2017 it had taken down 70 news apps in response to Chinese government demands. According to Apple, the majority of the apps it removed for the Chinese government were related to gambling or pornography or were operating without a government license, such as loan services and livestreaming apps.