Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Refutes Report On iPhone Threat To China's National Security

Posted by samzenpus on from the it-was-other-kids dept.

An anonymous reader writes "Apple has never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers," the company said Sunday in a bilingual statement on its China website. Users have to make the choice to enable the iPhones to calculate their locations, while "Apple does not track users' locations — Apple has never done so and has no plans to ever do so," the company said. The statement was in response to allegations by China's top state broadcaster that iOS7 software and its "Frequent Location" service posed a security risk. The data can be accessed easily, although labelled as "encrypted," and may lead to the disclosure of "state secrets," CCTV said.

29 of 134 comments (clear)

  1. When the great depression really hits by MikeRT · · Score: 4, Insightful

    The NSA's actions will be regarded as the modern Smoot-Hawley which set forth the collapse in sales in one of America's last major export industries that set it into motion.

    Though in fairness to the NSA, the American people are to blame for their "want my cake and eat it too" mentality on intelligence gathering. When it was discovered that the CIA did a lot of Really Bad Things because, shocker, that's par for the course in normal boots on the ground intelligence work we switched to electronics surveillance and created this mess.

  2. Of course not by qbast · · Score: 2

    Only No Such Agency gets the data so it is like no tracking at all.

    1. Re:Of course not by fizzer06 · · Score: 4, Interesting
      "We have also never allowed access to our servers,"

      Apple lies.

    2. Re:Of course not by jbmartin6 · · Score: 2

      Doubtless Apple's statement is true. Of course, accepting SQL queries over a TCP socket isn't 'allowed access to our servers' is it?

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  3. Never allowed access... by Anonymous Coward · · Score: 3, Funny

    Right, right... If you believe that, I have some government transparency to sell you.

  4. Why Apple Doesn't Track by Galaga88 · · Score: 3, Insightful

    As much as I love Apple's hardware and services their online services have always been pretty poor. Do we really think the company behind .Mac, or rather, MobileMe, er, iCloud would be competent enough to log and manage the amount of data this would require?

    1. Re:Why Apple Doesn't Track by Anonymous Coward · · Score: 2, Interesting

      Interesting point. They have a store called iTunes and it's not even on the web yet. (Amazon had web sales working in, what, 1995?) Every time I go to the iTunes site it wants me to download some special software, and they still can't make a sale without it.

      FFS, web browsers aren't exactly obscure anymore.

  5. noone trusts their cya legalese by Cardoor · · Score: 5, Insightful

    "As we have stated before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services."
    could just as easily mean, 'we havent worked WITH govt agencies.. but when they told us to step aside and let their devs in to commandeer a subroutine, we turned a blind/black-box eye'
    We have also never allowed access to our servers. And we never will. It’s something we feel very strongly about.
    oh, they 'feel strongly' about it? how comforting. and how do they define 'allow'? notice they dont say govt/others never HAD or HAVE access, just that it's not 'allowed'.. mmmkay..

    1. Re:noone trusts their cya legalese by Noah+Haders · · Score: 2, Insightful

      I'm not sure if this is a moving goalposts or no real scotsman issue. How can apple issue a denial that would satisfy people like you? Surely anything would be picked apart.

    2. Re:noone trusts their cya legalese by ArhcAngel · · Score: 2

      Or...the security holes in iOS are big enough to drive a Mac truck through so no request was ever needed.

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    3. Re:noone trusts their cya legalese by Cardoor · · Score: 4, Interesting

      people like me is funny. you're right. they probably can't, because as Charliemopps says in 'um...' below, and CeasedCaring says in 'Dear Apple', they lie, and are forced to lie. my point is to illustrate how easily their carefully crafted words can be obfuscating, so that perhaps some people who would otherwise be comforted by nice sounding denials don't take a simple statement at face value and instead, decide intelligently if the fact pattern supports their statements. if you are of the mind to believe and remain unawares, then godspeed.

    4. Re:noone trusts their cya legalese by AtariDatacenter · · Score: 4, Insightful

      Based on published information, we know that the NSA gets customer information by compelling companies to produce the records, or it taps the connections between their datacenters and it gets the data in transit). Apple didn't deny either -- neither one of those involve installing a backdoor or giving SERVER access.

      I think you're on the right track. There really is nothing that Apple can say to convince foreign users that their data is safe.

    5. Re:noone trusts their cya legalese by AmiMoJo · · Score: 2

      it taps the connections between their datacenters and it gets the data in transit

      ...

      There really is nothing that Apple can say to convince foreign users that their data is safe.

      How can it be safe when the NSA is intercepting it? Some companies have said they are now encrypting data as it flows between datacentres, but we don't know how competent they are at doing it or if the NSA has some work-around. The bottom line is that any data stored in the USA has to be assumed to be compromised.

      It's not just Apple, all US companies have this problem. It's hard to see how they can ever recover now.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  6. Dear Apple, by CeasedCaring · · Score: 5, Insightful

    Saying it ain't so don't make it not so.

    1. Re:Dear Apple, by gtall · · Score: 2

      Yep. There is a difference between "refute" and "rebut". The former is frequently used when the latter is more accurate.

  7. Re:Any cell phone is a security risk. by Noah+Haders · · Score: 4, Interesting

    maybe iPhone is a risk because apple makes it hard for China to tap it.

  8. um... by Charliemopps · · Score: 5, Interesting

    Apple failed to mention the bit about, if a US government agency had contacted them and requested information or for a backdoor to be put into their device, they'd be required by federal law to lie about it or face charges of treason. In fact, given how unrestrained the NSA is at this time, this press release may have even been written at the request of a national security letter. It's terrifying that this is where we're at... but here we are none the less.

    Next up, the NSA releases a statement: "Edward Snowden is a traitor and a jerk! Look how he's hurting nice companies like Apple!"

    1. Re:um... by Just+Some+Guy · · Score: 2

      You know, I think Apple, Google, and a few other companies could get away with calling their bluff. If Tim Cook or Larry Page had a press conference to announce that they'd received a hush order from the NSA, that they refused to honor it, and that it was against their company policy to spy on Americans (all while waving a flag and talking about apple-pie-eating eagles), I don't think much could be done about it. Can you imagine the firestorm if someone tried to have those guys arrested for "protecting average Americans like you and me against government oppression", which is what the front page of Google News would say for the next month?

      --
      Dewey, what part of this looks like authorities should be involved?
  9. Re:Any cell phone is a security risk. by Anonymous Coward · · Score: 2, Insightful

    It's all about product protection for their home-grown models. iPhone is a big seller - China gets pennies on the profit dollar for mfg them.

    Huawei models will no doubt get the Beijing security nod, nomatter what.

  10. Re:Any cell phone is a security risk. by ArcadeMan · · Score: 4, Insightful

    I think that's exactly their viewpoint. It's a national risk because they can't spy on their own people with it.

    --
    Get free satoshi (Bitcoin) and Dogecoins
  11. & So, Other handset makers allow ... by BoRegardless · · Score: 2

    What? To who? When?

    And which OS is designed in a more secure way to protect users?

    As an example, what OS has the supermajority of banking malware?

    We need to answer all the questions. Consumers really SHOULD know.

  12. Re:Apple refutes China but stays mum on... by Anonymous Coward · · Score: 2, Interesting

    You mean that metal with nickel in it might cause people who are allergic to nickel to have a response?

    How shocking.

  13. Sounds like an over-reaction. by timrod · · Score: 2

    I know that the NSA could easily be tapping iPhones and have backdoors into them (and probably do) but this seems like a colossal over-reaction by the Chinese media. CCTV is claiming that the "Frequent Locations" feature could somehow be used to leak state secrets, but that doesn't make sense for any number of reasons:

    1. According to the ZDNet article, the feature in question is entirely opt-in and disabled by default. They don't seem to have proof that the switch is merely for show (as in, it's transmitting the data regardless of whether or not you've opted in) which means there's a very easy fix for this - don't turn it on, or turn it off if it's on.

    2. Also from the ZDNet article, the feature apparently causes the phone to keep a local copy of location data in regards to frequently-visited areas for use in other applications. It's not clear whether this data is actually transmitted anywhere - Apple said the device only keeps a local copy, but with the NSA around it's entirely possible it transmits it somewhere. If what Apple is saying is true, obtaining a copy of the data requires physical access to the device. If you've had your phone stolen and didn't lock it, chances are that you have much bigger privacy concerns than someone obtaining your location data, especially if you're in the Chinese government.

    3. CCTV claims that the device can somehow be used to leak state secrets, but this seems like FUD. The only way I could see this happening (and being useful) is if someone who works on a submarine or other restricted area (nuclear sites, missile silos, etc) happened to have their phone stolen or was intentionally giving their phone to someone, but I'm fairly certain their military doesn't allow outside devices into restricted areas (the US military sure doesn't) and if someone's intentionally giving away the data that's another problem altogether.

    Couple this with the fact that China has smartphone manufacturers located in-country that only sell within China, and you have what looks like FUD designed to get people to stop switching to the iPhone and instead buy a phone made by a state-friendly manufacturer.

  14. For software developers by gnasher719 · · Score: 3, Insightful

    The actual claim that the Chinese make is that a new feature in iOS collects location data on the phone (which it does), and if the phone gets stolen or hacked, someone might see that data and that could have all kinds of consequences, worst case consequences for China's national security. So there was _no_ claim that Apple was involved or helping in any spying at all.

    To a software developer it should be obvious that if Apple wanted to spy on you, the presence or absence of this feature wouldn't make the slightest difference whatsoever. If Apple can secretly send data that were openly collected on your phone, they could equally easily secretly send data that was secretly collected on your phone.

    To a non-developer, it should be equally obvious that there are hundreds of features with the same national security implications, like word processors, spreadsheets, note-taking applications and so on and so on. Probably applications that are far more dangerous. I would expect a word processor to contain much juicier information than a location log.

  15. Re:Someone is lying. by tlhIngan · · Score: 4, Insightful

    Curious in that Apple iPhone was the only piece of gear that could be relied upon to be cracked. Any model.

    If it was so easy, why does it take physical access to break into one, and why does Law Enforcement have a huge waiting list at Apple to break into them? (And only partial success, at that)?

    If they can be reliably cracked, then there is no need to send the phone back to Apple for extraction of data - they could just extract it right then and there, no Apple involvement at all. Because Apple makes it highly inconvenient to get at it, after all.

    Of course, if you're talking about jailbreaking, well, that's not utterly reliable, either (few existed for iOS6, and iOS7 has some by questionable Chinese places seeking to make money selling pirated apps). Of course, it also helps there is massive interest in cracking it - I mean, with so many devices out there, there is an army of people who will want to break into it.

    But all the jailbreaks tended to require actual access to the device - if it was locked in any way you couldn't do it - no longer can you just create a hacked IPSW and flash it in.

  16. This is what our leaders don't understand by nehumanuscrede · · Score: 2

    The damage caused to the intelligence community is only a fraction of the damage US corporations will have to endure.

    The issue here is trust. Once you betray it, you never fully get it back. Ever.

    This is why US companies need to fight this tooth and nail. Because when the truth finally does come out ( and it always does eventually ) it's pretty much THEIR ass that is left hanging in the wind. Regardless if the company is innocent or not, if the trust is gone, so are you. The government picks up the tab for the intelligence community so a trust issue there isn't going to cause them to go bankrupt. Take this into consideration the next time the government knocks on your door and asks for " help " in tracking the bad guys.

    It's similar to how I see Law Enforcement anymore. They're not all bad people, but the few idiots they cover for or allow to wear the badge destroys the trust I have in them as a whole. To the point where I no longer trust any of them sadly.

  17. Re:Any cell phone is a security risk. by Austerity+Empowers · · Score: 5, Interesting

    Protectionism isn't something the G8 generally likes and has come under fire lately. Based on some things i've seen lately, I believe China (and perhaps india) have been spanked for their usual nonsense.

    So maybe those people are now trying a different approach, rather than the normal protectionism that chinese companies engage in (using only their own suppliers, designing out foreign chips, bringing all mfg and design work to them so that they can control the supply chain), they're trying to hide behind FUD.

  18. Re:Any cell phone is a security risk. by AmiMoJo · · Score: 4, Insightful

    The Chinese security services are not as bad as the NSA. They freely admit that they monitor everything happening on their networks as they have no reason to hide it. In fact they are proud as it shows they are protecting their people.

    There is a genuine security concern with any American products now, thanks to the NSA. Don't try to divert people by saying everyone else is as bad or making excuses. The NSA is harming US companies and US citizens through its actions, and other countries are right to treat it as a major security threat.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  19. Denial is not refutation by HiThere · · Score: 2

    That is a denial of the accusation, not a refuation of it.

    Now I will grant that they probably CAN'T refute it, and that this does not mean that the accusation is true. That doesn't make a denial a refutation.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.