Apple Consents to Product Security Audits from Chinese Government
Apple has reportedly agreed to allow China’s State Internet Information Office to run security audits on Apple products sold in China. While the exact nature of the security checks is unknown, it’s suggested that Chinese state officials and security experts will be granted access to iOS and OS X source code.
Apple CEO Tim Cook met with China’s information office director Lu Wei back in December. Cook reportedly told Wei,
There were rumors that Apple built back doors in its devices, and let third parties have data and access those devices, but that was never true and that we would never do that in the future either.
This statement echoes Cook’s open letter on privacy where he states, “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services.” However, Wei responded to Cook by saying,
It doesn’t matter what you say, you should let our internet safety department do a safety assessment. We need to reach our own conclusions to put the consumer at ease.
China to Audit Apple Products’ Security, Cause for Concern?
The historically secretive Apple has always been very protective of its products’ source code. However, with over 1.3 billion people, China is a huge market for many western companies, especially Apple. As a result, Apple appears to have bowed to pressure from the Chinese government to allow the state to run security checks on Apple products, or else risk future business in the country.
China has frequently criticised American technology companies about security, citing concerns about US backdoors after Edward Snowden’s revelations about the NSA. While Chinese state officials claim to have consumers in mind, trying to protect them from possible US surveillance, China is notorious for its own internet surveillance and censorship. As a result, many privacy advocates have expressed concern over Apple handing over so much detail about its products to the Chinese government.
Percy Alpha, the pseudonymous founder of GreatFire.org, stated, “Handing over source code [would] mean that the Chinese government will know exactly how an Apple software works.” With detailed knowledge of how iOS and OS X work behind the scenes, the Chinese government could find it easier to find vulnerabilities and exploit them, targeting both Chinese citizens and Apple product users worldwide. Back in October, Chinese hackers, possibly sponsored by the government, launched a man-in-the-middle attack targeting iCloud users in China.
However, not everyone believes that China’s security audit will have such drastically negative consequences. After all, the exact nature of the security checks is unknown, and Apple may not actually offer as much information to China as analysts speculate. Apple has already displayed its opposition to government surveillance by enabling stronger encryption in iOS 8 that not even the FBI can bypass.
Featured image from Shutterstock.