Apple Refutes Report On iPhone Threat To China's National Security 134
An anonymous reader writes "Apple has never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers," the company said Sunday in a bilingual statement on its China website. Users have to make the choice to enable the iPhones to calculate their locations, while "Apple does not track users' locations — Apple has never done so and has no plans to ever do so," the company said. The statement was in response to allegations by China's top state broadcaster that iOS7 software and its "Frequent Location" service posed a security risk. The data can be accessed easily, although labelled as "encrypted," and may lead to the disclosure of "state secrets," CCTV said.
Any cell phone is a security risk. (Score:1)
The reason China is "suddenly" afraid of the new iphone has nothing to do with security.
Re: (Score:2)
Apparently you are unaware of the fact that they tap all cellphones.
Re:Any cell phone is a security risk. (Score:5, Interesting)
Re: (Score:2, Insightful)
It's all about product protection for their home-grown models. iPhone is a big seller - China gets pennies on the profit dollar for mfg them.
Huawei models will no doubt get the Beijing security nod, nomatter what.
Re:Any cell phone is a security risk. (Score:5, Insightful)
I think that's exactly their viewpoint. It's a national risk because they can't spy on their own people with it.
Re:Any cell phone is a security risk. (Score:5, Insightful)
The Chinese security services are not as bad as the NSA. They freely admit that they monitor everything happening on their networks as they have no reason to hide it. In fact they are proud as it shows they are protecting their people.
There is a genuine security concern with any American products now, thanks to the NSA. Don't try to divert people by saying everyone else is as bad or making excuses. The NSA is harming US companies and US citizens through its actions, and other countries are right to treat it as a major security threat.
Re: (Score:2)
I'm Canadian, I already view U.S.A.-made products and services as being insecure because of all the NSA meddling.
Re: (Score:2)
Re: (Score:1)
I'm not sure why you would bring the war of 1812 to the table ? Care to enlighten me ?
Re: (Score:2)
how is that "not as bad"? it's just differently bad. they want to intimidate (though not quite as overtly as the USSR did), while the US wants to secretly disappear people. it's not a diversion. it's reality, and neither 'side' is that great, even though i'd much, much rather be in the US.
anyway, China has always clamped down on unlicensed cartography, and it is theoretically possible to use data mining to squeeze some location information out of the iPhone data. this really seems like a non-story to me, or
Re: (Score:2)
In China there is no law against what they are doing. In the US it violates the constitution.
Re: (Score:2)
i agree that the NSA's activities are unconstitutional, but what's the point in this context?
and, going on your ridiculous tangent, would you be perfectly fine with what the NSA were doing if the constitution were amended to allow it?
Re: (Score:2)
Re: (Score:2)
maybe iPhone is a risk because apple makes it hard for China to tap it.
They tap at the carriers. If you use SMS or voice, they have a record regardless of what phone or OS you're using.
Re: (Score:2)
Re:Any cell phone is a security risk. (Score:5, Interesting)
Protectionism isn't something the G8 generally likes and has come under fire lately. Based on some things i've seen lately, I believe China (and perhaps india) have been spanked for their usual nonsense.
So maybe those people are now trying a different approach, rather than the normal protectionism that chinese companies engage in (using only their own suppliers, designing out foreign chips, bringing all mfg and design work to them so that they can control the supply chain), they're trying to hide behind FUD.
Re: (Score:1)
G8 nations still engage in protectionism.
just look at the "buy american" provisions published by the DOT.
The Department of Transportation is committed to maximizing the economic benefits of the Obama Administration’s historic infrastructure investments through Buy America provisions that keep American companies healthy and families working.
http://www.dot.gov/highlights/buyamerica
Comment removed (Score:5, Insightful)
And how will we escape the next depression? (Score:2)
Last time, we went to war. And let's face it, military payloads are America's largest export industry.
Of course not (Score:3)
Re:Of course not (Score:5, Interesting)
Apple lies.
Re: (Score:3)
Re: (Score:2)
Never would hosting or sending data to NSA's server.
Never allowed access... (Score:3, Funny)
Right, right... If you believe that, I have some government transparency to sell you.
Why Apple Doesn't Track (Score:4, Insightful)
As much as I love Apple's hardware and services their online services have always been pretty poor. Do we really think the company behind .Mac, or rather, MobileMe, er, iCloud would be competent enough to log and manage the amount of data this would require?
Re: (Score:2)
Re: (Score:2, Interesting)
Interesting point. They have a store called iTunes and it's not even on the web yet. (Amazon had web sales working in, what, 1995?) Every time I go to the iTunes site it wants me to download some special software, and they still can't make a sale without it.
FFS, web browsers aren't exactly obscure anymore.
Re: (Score:2)
What if somebody else were logging this information?
noone trusts their cya legalese (Score:5, Insightful)
could just as easily mean, 'we havent worked WITH govt agencies.. but when they told us to step aside and let their devs in to commandeer a subroutine, we turned a blind/black-box eye'
We have also never allowed access to our servers. And we never will. It’s something we feel very strongly about.
oh, they 'feel strongly' about it? how comforting. and how do they define 'allow'? notice they dont say govt/others never HAD or HAVE access, just that it's not 'allowed'.. mmmkay..
Re: (Score:3, Insightful)
Re:noone trusts their cya legalese (Score:4, Interesting)
Re: (Score:1)
You lie and are forced to lie as well. Prove there is not an NSA agent there right now with a gun to your head.
Your credibility is as suspect as theirs.
Re: (Score:1)
i am advocating for using critical thought and not taking public statements at face value - regardless of the source.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Add in self written NSL, findings and other cute legal options to work with cadres of willing private sector staff.
Re: (Score:2)
Open source IOS for auditing and release the compile tools so we can build our own firmware and compare it to whats actualy on the phones
Because the recent security SNAFUs in Open Source software shows that that is enough.
Re: (Score:1)
He is right.... The GP's credibility is no better than apples.
Re: (Score:2)
Re:noone trusts their cya legalese (Score:5, Insightful)
Based on published information, we know that the NSA gets customer information by compelling companies to produce the records, or it taps the connections between their datacenters and it gets the data in transit). Apple didn't deny either -- neither one of those involve installing a backdoor or giving SERVER access.
I think you're on the right track. There really is nothing that Apple can say to convince foreign users that their data is safe.
Re: (Score:3)
it taps the connections between their datacenters and it gets the data in transit
...
There really is nothing that Apple can say to convince foreign users that their data is safe.
How can it be safe when the NSA is intercepting it? Some companies have said they are now encrypting data as it flows between datacentres, but we don't know how competent they are at doing it or if the NSA has some work-around. The bottom line is that any data stored in the USA has to be assumed to be compromised.
It's not just Apple, all US companies have this problem. It's hard to see how they can ever recover now.
Re: (Score:2)
Thats why Russia, China and other nations are now building their own cpu production lines, trying to build their own internal networks and removing data from any connected networks.
They have also worked out what can be activated for law enforcement per user can also be used by other countries clandestine services.
The consumer software is tame, the encryption junk and known to revert to plain text. The reach of updates
Re: (Score:1)
how about, "we haven't worked with govt agencies, and no govt agency created code or hardware exists in our devices or servers. the govt has never had, or will ever have, access to our servers."
they can't say that, because they know it is false.
Re: (Score:2)
"we haven't worked with govt agencies, and no govt agency created code or hardware exists in our devices or servers. the govt has never had, or will ever have, access to our servers."
Which would all be obviously false. For example, Apple will regularly work together with the FTC. The open source code that Apple uses comes from all kinds of places, you can bet there is some created by a government agency. And every government employee can get an Apple Id and get access to the App Store or iCloud servers.
This is what our leaders don't understand (Score:2)
The issue here is trust. Once you betray it, you never fully get it back. Ever.
This is why US companies need to fight this tooth and nail. Because when the truth finally does come out ( and it always does eventually ) it's pretty much THEIR ass that is left hanging in the wind. Regardless if the company is innocent or not, if the trust is gone, so are you. The government picks up the tab
Re: (Score:2)
I'm not sure if this is a moving goalposts or no real scotsman issue. How can apple issue a denial that would satisfy people like you? Surely anything would be picked apart.
"Whenever you access an online service, that online service will know your approximate geographical location to city level, and also the intervening network infrastructure (cellphone towers &c.) will know. This is common to ALL mobile devices. Also, whenever your device is set to connect to networks (cellphone, wifi, bluetooth, ...) then those networks also know your approximate location. Again, this is common to all mobile devices.
Beyond that, your iPhone internally knows your location through various
Re: (Score:2)
Re: (Score:2)
so you basically want apple to make a flip phone.
No not at all! Where did you get that from? (and actually, even back in 2002 I remember having WAP and IMAP on my phone, so they also divulged my location).
What I want is (1) for Apple to continue to be truthful, (2) for the "don't let app/webpage feature use my location" to be trustworthy with respect to apps and to all the various ways that location can be deduced (bluetooth, wifi, cellular, GPS), and (3) for COMPLETE disclosure of the other times when the iOS system keeps a record of those location-relat
Re: (Score:2)
The gag orders have made speech entirely pointless. It is not legal for this company to tell us the truth without going to jail because their right of free speech has been suspended. That make every statement about the subject entirely meaningless, because anyone who knows the truth is prohibited by law from saying anything about it, or even insinuating the truth via omission.
Free speech was fun, free speech is over. It's lost all meaning now.
Re: (Score:2)
Re: (Score:2)
It looks like it's impossible for Apple to issue an honest denial, because...
http://www.zdziarski.com/blog/... [zdziarski.com]
there are actually back-doors specifically built into iOS devices -- back doors not used by any Apple software on the device, not usable by genius-bar or any user-benefitting scenario, but still that make it possible for "someone" to get at a lot of the personal data.
Quote: "Why do we need a packet-sniffer running on 600 million personal iOS devices?"
Quote: "com.apple.mobile_file_relay - exposes muc
Re: (Score:2)
Just curious, but have you ever actually read a 'chinese news media report'? I certainly haven't. I suspect your comment is merely your nationalistic prejudice rearing up defensively.
IMHO, it's western governments that publish spin (i.e. lie, or mislead, or obfuscate). The (ex-)communist countries simply don't allow anything to be published about politically controversial issues.
Re: (Score:3)
Re: (Score:1)
That, or they are under a national security letter that tells them to lie about all this shit.
Re: (Score:2)
I would assume that Apple doesn't aim statements like this at paranoids. Fact is: Apple either acts in a way that a normal, non-paranoid person would expect from a statement like this and are speaking the truth, or they are not and they are lying, but it would be utterly pointless for Apple to make carefully crafted statements that are literally true but misleadi
Re: (Score:1)
otherwise, why not just use plain-speak without gaping holes? im sure many people here could very easily craft a release that would suffice, but that would require them to say things that they cannot without lying.
p.s. find it fascinating that with the ma
Re: (Score:2)
pointless to do so? have you ever worked at a large public corporation with a legal dept? im guessing no.. this release went through many iterations internally to ensure technical veracity, but that could nonetheless appear to demonstrate transparency.
I am working at a large public corporation with a legal department.
Every legal department will tell you that a statement that is technically correct but entirely misleading will give you not the slightest legal protection. More important for Apple, making a statement that is technically correct but entirely misleading would mean that the shit hits the fan even harder when things get out. And things get out.
Re: (Score:1)
Re: (Score:2)
pointless to do so? have you ever worked at a large public corporation with a legal dept? im guessing no.. this release went through many iterations internally to ensure technical veracity, but that could nonetheless appear to demonstrate transparency.
Just figured out... The first post that I replied to state that Apple _might_ be misleading the public. You are stating, without the slightest evidence, as a plain fact that they are indeed misleading the public. You also are stating, without the slightest evidence, that their lawyers are not clever enough to produce a sufficiently misleading statement on their first attempt, but that they needed many iterations to do so.
In other words, without the slightest evidence you are claiming that Apple is lying
Re: (Score:1)
i started to type a further reply, but i think what ive written so far is enough. if you dont grok, cest la vie. cheers
Re: (Score:2)
could just as easily mean, 'we havent worked WITH govt agencies.. but when they told us to step aside and let their devs in to commandeer a subroutine, we turned a blind/black-box eye'
Pretty sure giving them any access to any box or building would legally meet the definition of "working with."
You have to give credit to Apple for making these statements, because if it comes out that they did help the government, these open letters could be used as ammo against them in a class action lawsuit. So either Apple is stupid for making these claims when a no comment would be a better option legally, or they're not actually working with the government.
From everything I hear, it's the second option
Re: (Score:2)
"As we have stated before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services."
We already know that Apple does key escrow of iMessage. Their security guidance documentation is very straightforward except it dances around the iMessage key escrow section like the cha-cha just came on the turntable, and then goes back to normal. Warrant canary much?
Apple could have created that all on their own, perhaps for noble purposes (being the ben
Dear Apple, (Score:5, Insightful)
Re: (Score:3)
Yep. There is a difference between "refute" and "rebut". The former is frequently used when the latter is more accurate.
Re: (Score:1)
Also, I would bet they are 'legally' required to deny these things.
um... (Score:5, Interesting)
Apple failed to mention the bit about, if a US government agency had contacted them and requested information or for a backdoor to be put into their device, they'd be required by federal law to lie about it or face charges of treason. In fact, given how unrestrained the NSA is at this time, this press release may have even been written at the request of a national security letter. It's terrifying that this is where we're at... but here we are none the less.
Next up, the NSA releases a statement: "Edward Snowden is a traitor and a jerk! Look how he's hurting nice companies like Apple!"
Re: (Score:2)
Apple failed to mention the bit about, if a US government agency had contacted them and requested information or for a backdoor to be put into their device, they'd be required by federal law to lie about it or face charges of treason.
That's not true. They could keep quiet; there is nothing in the current (unconstitutional) laws by which they can be required to make any statement at all.
Re: (Score:3)
You know, I think Apple, Google, and a few other companies could get away with calling their bluff. If Tim Cook or Larry Page had a press conference to announce that they'd received a hush order from the NSA, that they refused to honor it, and that it was against their company policy to spy on Americans (all while waving a flag and talking about apple-pie-eating eagles), I don't think much could be done about it. Can you imagine the firestorm if someone tried to have those guys arrested for "protecting aver
Apple refutes China but stays mum on... (Score:2)
Re: (Score:2, Interesting)
You mean that metal with nickel in it might cause people who are allergic to nickel to have a response?
How shocking.
Re: (Score:2)
You mean that metal with nickel in it might cause people who are allergic to nickel to have a response?
How shocking.
I don't think any shorts were reported so shocks were not responsible for the rashes.
Re: (Score:2)
& So, Other handset makers allow ... (Score:3)
What? To who? When?
And which OS is designed in a more secure way to protect users?
As an example, what OS has the supermajority of banking malware?
We need to answer all the questions. Consumers really SHOULD know.
Someone is lying. (Score:1)
Snowden reveal something curious about Apple gear.
Curious in that Apple iPhone was the only piece of gear that could be relied upon to be cracked. Any model.
That strongly suggests cooperation with intelligence agencies in the west.
If I was China I would ban western products.
Re: (Score:2)
If I was China I would ban western products.
That is China's goal. It is just their stated reasons that are suspect.
Re:Someone is lying. (Score:5, Insightful)
If it was so easy, why does it take physical access to break into one, and why does Law Enforcement have a huge waiting list at Apple to break into them? (And only partial success, at that)?
If they can be reliably cracked, then there is no need to send the phone back to Apple for extraction of data - they could just extract it right then and there, no Apple involvement at all. Because Apple makes it highly inconvenient to get at it, after all.
Of course, if you're talking about jailbreaking, well, that's not utterly reliable, either (few existed for iOS6, and iOS7 has some by questionable Chinese places seeking to make money selling pirated apps). Of course, it also helps there is massive interest in cracking it - I mean, with so many devices out there, there is an army of people who will want to break into it.
But all the jailbreaks tended to require actual access to the device - if it was locked in any way you couldn't do it - no longer can you just create a hacked IPSW and flash it in.
Re: (Score:2)
Think back to other nations using junk encryption in the past?
Engima, aspects of Japans war time codes, the Soviet Unions re use of one time pads in the 1940's early 1950's, the German efforts against US (M-209) and UK War Office Cypher (~4-figure codebooks) and so many other national systems.
Re: (Score:2)
Curious in that Apple iPhone was the only piece of gear that could be relied upon to be cracked. Any model.
Emphasis on "was". Up to about iPhone 3G.
There are two major changes nowadays. Change one is permanent full disk encryption. Change two is activation. You can only activate a wiped phone. When you buy a used phone, the seller could hand you their AppleId and password (which would be a stupid thing to do), so you wouldn't activate the phone yourself and would have whatever software is on the phone. But you would instead wipe the phone, activate it with your own AppleId and password, and whatever was on th
Re: (Score:2)
You actually think full disk encryption with a 4 digit PIN actually protects your data?
LOL, you really need to read up on Dummy's Guide to Tech Security.
Well, you can use a longer password on an iPhone - maybe not on whatever you use.
Re: (Score:2)
The parent didn't link to a direct source for his claim, but this was talked about during the 30th chaos communication congress [youtube.com] (a really interesting conference, by the way. You can find other talks here [media.ccc.de]).
Yeah. That'll work. (Score:2)
Since when have things like factual information and exposure of lies ever made a difference to the Chinese? (or Apple for that matter?)
Re: (Score:2)
Then find the sites some gather at that have cooling systems or use vast amounts of power.
If the person has weaknesses eg gambling or some other interest that sets them apart you and they can travel, another nations security services can make them an offer.
The tame imported consumer tech software layer is just for getting calls, web 2.0 insight and locations making the sorting of staff more easy.
Sounds like an over-reaction. (Score:3)
I know that the NSA could easily be tapping iPhones and have backdoors into them (and probably do) but this seems like a colossal over-reaction by the Chinese media. CCTV is claiming that the "Frequent Locations" feature could somehow be used to leak state secrets, but that doesn't make sense for any number of reasons:
1. According to the ZDNet article, the feature in question is entirely opt-in and disabled by default. They don't seem to have proof that the switch is merely for show (as in, it's transmitting the data regardless of whether or not you've opted in) which means there's a very easy fix for this - don't turn it on, or turn it off if it's on.
2. Also from the ZDNet article, the feature apparently causes the phone to keep a local copy of location data in regards to frequently-visited areas for use in other applications. It's not clear whether this data is actually transmitted anywhere - Apple said the device only keeps a local copy, but with the NSA around it's entirely possible it transmits it somewhere. If what Apple is saying is true, obtaining a copy of the data requires physical access to the device. If you've had your phone stolen and didn't lock it, chances are that you have much bigger privacy concerns than someone obtaining your location data, especially if you're in the Chinese government.
3. CCTV claims that the device can somehow be used to leak state secrets, but this seems like FUD. The only way I could see this happening (and being useful) is if someone who works on a submarine or other restricted area (nuclear sites, missile silos, etc) happened to have their phone stolen or was intentionally giving their phone to someone, but I'm fairly certain their military doesn't allow outside devices into restricted areas (the US military sure doesn't) and if someone's intentionally giving away the data that's another problem altogether.
Couple this with the fact that China has smartphone manufacturers located in-country that only sell within China, and you have what looks like FUD designed to get people to stop switching to the iPhone and instead buy a phone made by a state-friendly manufacturer.
For software developers (Score:4, Insightful)
To a software developer it should be obvious that if Apple wanted to spy on you, the presence or absence of this feature wouldn't make the slightest difference whatsoever. If Apple can secretly send data that were openly collected on your phone, they could equally easily secretly send data that was secretly collected on your phone.
To a non-developer, it should be equally obvious that there are hundreds of features with the same national security implications, like word processors, spreadsheets, note-taking applications and so on and so on. Probably applications that are far more dangerous. I would expect a word processor to contain much juicier information than a location log.
Re: (Score:2)
there are a number of places that sell girls ballet costumes that could be used to distract somebody with security clearance therefore we must monitor/regulate access to these stores selling "terror supplies"!
just about anything can be somehow used to "violate National Security" with minimal work and the correct context.
No security through obscurity (Score:1)
Denial is not refutation (Score:3)
That is a denial of the accusation, not a refuation of it.
Now I will grant that they probably CAN'T refute it, and that this does not mean that the accusation is true. That doesn't make a denial a refutation.
Back it up Apple (Score:1)
Such a meaningless statement because it isn't backed up by any consequences. How about "Apple will pay 1 billion US dollars to any individual or organization that has any information collected by Apple provided to any government organization, direct or indirect". At least then anyone compromised by Apple will be able to afford a good legal defense.
Weasel words (Score:1)
What about government contractors?
"We have also never allowed access to our servers,"
So does Apple lease servers?