Operating in China requires foreign technology companies to submit to strict government oversight and cybersecurity laws, and Apple has been criticized by civil rights activists for complying with the country’s complex rules targeting dissent.
In the past few years, Apple has been accused of bowing to Chinese censorship by removing a podcast app, a bundle of mobile games and a map app used by pro-democracy activists in Hong Kong.
More report, detailing Apple’s own relationship with the Chinese administration, continues to emerge, and a new report revealing the way it deals with local data could create another ethical nightmare for the company.
According to a large number of documents reviewed by The New York Times, Apple has ceded control of its data centers in Guiyang and Inner Mongolia to the Chinese government.
The documents provide rare insight into the concessions the company has made to do business in China, and they also provide a comprehensive insight into how Apple has surrendered to the mounting demands from the Chinese authorities.
Two decades ago, as Apple’s chief operating officer, Tim Cook spearheaded the company’s entry into China, a move that helped make Apple the most valuable company in the world and made it the clear heir to Steve Jobs.
Apple now collects almost all its products and generates a fifth of its revenue in the China region, and just as Cook discovered how to get China to work for Apple, China is making Apple work for the Chinese government.
The compromises have reportedly occurred in the wake of a 2016 law requiring all personal information and important data collected in China to remain in the country.
Apple moved its Chinese customers’ iCloud data from servers outside the country to the network of a Chinese state-owned company, known as GCBD.
The company did so on the advice of its team in China as part of a project known internally as the “Golden Gate”.
This allowed Apple to protect itself from US laws that prevent US companies from handing data over to Chinese law enforcement.
The location for storing Chinese customer data keys was a sticking point in the talks between Apple and Chinese officials, and Apple wanted to keep it in the US, while Chinese officials wanted it in China.
The Cybersecurity Act came into effect in June 2017, and the key storage location was deliberately left vague in an initial agreement between Apple and Chinese officials, but eight months later, the encryption keys were destined for China.
And Apple’s concessions have made it nearly impossible for it to block the Chinese government from accessing e-mails, photos, documents, contacts, and websites of millions of Chinese residents.
Concerned Apple executives told the New York Times that this move could put customer data at risk.
Chinese users are alerted to the changes as part of the new iCloud terms and conditions that have listed GCBD as the service provider and Apple as an additional party.
Apple told customers that the update was aimed at improving iCloud services in China and complying with Chinese regulations.
The terms and conditions included a new provision that would not appear in other countries: Apple and GCBD have access to all data they store through this service and can share this data between each other under applicable law.
The New York Times admitted that it did not see any evidence that the Chinese government had access to the information, but the documents indicate that Apple made concessions that would make it easier for the government to do so.
The problem is that officials can request this data from local companies under the laws, which are the same rules used to justify the ban imposed on Huawei by the United States and its allies.
Another concern is the type of encryption technology Apple is using in China.
The documents show that GCBD employees will have effective control of the servers, while Apple employees largely monitor the process from outside the country, and security experts said: This arrangement alone represents a threat that no engineer can solve.
The documents also show that Apple uses a different encryption technology in China than anywhere else in the world, and the digital keys that can decrypt iCloud data are usually stored via specialized devices, called HSM.
After the Chinese government rejected HSM devices, Apple planned to build new data storage security devices that use an older version of iOS and low-cost hardware originally built for the Apple TV.
The outdated technology has raised concerns among security experts that these devices could be easily penetrated by hackers.
The Chinese iCloud network is created, managed and monitored separately from all other networks, without any means to move to other networks outside the country, and this measure aims to prevent security breaches in China from spreading to the rest of Apple’s data centers.
Apple refutes the allegations in the report and said: It designed iCloud security in such a way that it alone controls the encryption keys, and isolated Chinese data centers because they are owned by the Chinese government.
She added that some of the documents seen by The New York Times are old and that Chinese data centers feature the latest and most sophisticated protection methods, and in addition, they keep all external parties separate from their internal network.
In addition to processing data, Apple also continues to proactively delete software at the request of Chinese censors.
An analysis by The New York Times found that tens of thousands of apps have disappeared from the Chinese app store over the past several years, more than previously known.
The deleted apps include foreign news services and encrypted messaging apps.
It also blocked apps from the Dalai Lama, the spiritual leader of Tibetan Buddhism who fled China in 1959 after a failed uprising against Chinese rule while hosting apps from a Chinese paramilitary group accused of detaining and mistreating the Uyghurs, a Muslim minority in China.
Apple opposed these figures, saying: Some developers are removing their own apps from China, and that since 2017 it has closed about 70 news apps in response to the demands of the Chinese government.
According to Apple, the majority of the apps it removed at the request of the Chinese government were related to gambling or pornography or were operating without a government license, such as loan services and live streaming apps.