The state-run People’s Daily is trumpeting a big win by the Chinese internet czar Lu Wei:
While there was no other information available on the paper’s website, the tweet echoes a report in the Beijing News (link in Chinese) that Apple chief executive Tim Cook informed Lu last month that Apple would let China’s State Internet Information Office conduct “security checks” on all products that it sells on the mainland. China has been concerned that Apple devices like the iPhone enable the company—or worse, US intelligence agencies—to spy on Chinese citizens.
“There were rumors that Apple built back doors in its devices, and let third parties have data and access those devices, but that was never true and that we would never do that in the future either,” Cook reportedly said. Lu Wei responded, according to the Beijing News, by saying: “It doesn’t matter what you say, you should let our internet safety department do a safety assessment. We need to reach our own conclusions to put the consumer at ease.”
What would “security checks” entail? Apple hasn’t provided any information on the matter and did not respond to requests for comment. But analysts said the most likely interpretation is that the company is giving Beijing access to its operating system source code in return for being able to continue to do business in China—arguably Apple’s most important market, but one that has been imperiled by regulatory obstacles.
“Handing over source code [would] mean that the Chinese government will know exactly how an Apple software works,” said Percy Alpha, a pseudonymous founder of the anti-censorship group GreatFire.org.
Inside knowledge would make it much easier for the Chinese government to find bugs and vulnerabilities in Apple’s products, he said, and “the government can then exploit such vulnerabilities to hack iPhone or MacBooks.” Hackers tried to infiltrate Apple’s iCloud servers in China in October, according to GreatFire, in an attempt to steal user credentials. In November, Apple blocked access to apps that were designed to steal data from Chinese iPhone users.
Most alarmingly, Alpha added, an agreement would mean that “Apple users world-wide are much more vulnerable to spying from the Chinese government.”
An Apple spokesman did not reply to an emailed request for comment. A voicemail left on Apple’s “media hotline” number in Hong Kong was not returned, nor was a email sent to the company’s PR team in Hong Kong.
Other analysts agreed Apple had probably promised to turn over its source code to China’s government, but disagreed about the consequences.
The access would allow the Chinese government to “run spot checks” on how Apple is protecting user information, and to determine whether other intelligence agencies are trying to snoop on China, said Ben Cavender, a principal at China Market Research Group in Shanghai.
If that is in fact what has been agreed, it’s a landmark deal, Cavender said, and Apple has not generally provided such information to other governments.
“This is a unique situation where China is such an important market to Apple, and they need to be in it. They don’t have the leverage they might ordinarily have,” he said. Still, Cavendish said any agreement would be limited in scope.
“I find it improbable that the Chinese government will have access to anything outside China,” Cavender said. And if the Chinese government did manage to snoop Apple users or services outside the country, “someone at Apple would probably notice,” he said, which would limit the risk for Apple’s worldwide customer base.
Inside China, users are likely to be blasé about any attempts by the government to use its access to snoop on Apple users. “People here kind of operate under the assumption that the government is already looking at what they’re doing,” Cavender said.