Last week, Google’s Project Zero, a team of security analysts tasked with finding zero-day vulnerabilities, discovered one of the largest reported iPhone hacks to date – hacks that sources close to the matter later said were likely part of a Chinese state-sponsored attack targeting the Uighur Muslim community in the country’s Xinjiang region.
In its response to this incident, Apple ignored the probable privacy and human rights violations perpetrated by the Chinese government and instead used its statement on the matter as an opportunity to criticize Google’s Project Zero – a free service that Google provides to help companies find bugs and vulnerabilities in their products.
In the statement, Apple acknowledges that the attack “affected fewer than a dozen websites that focus on content related to the Uighur community” – an acknowledgement that suggests Apple is also aware of the reports that the hacks were likely linked to the Chinese state. However, there’s no direct mention of China anywhere in the statement.
Instead, Apple’s statement largely focuses on protecting its brand and on how it believes the original Google post created the “false impression” of “mass exploitation” and stoked “fear among all iPhone users that their devices had been compromised.” It makes two main claims when pushing back against Google’s report:
- The attack was narrowly focused and not broad as Google implies
- The websites distributing malware that enabled iPhones to be hacked were operational for around two months and not two years as Google had implied
Apple has long touted that it believes “privacy is a fundamental human right.” However, when it comes to China, Apple’s actions often don’t match this mantra.
China’s use of the internet to censor information and surveil its citizens is well documented with many human rights and digital rights groups raising awareness of how the Chinese state often uses the internet against its people. China’s targeting of the Uighur Muslim community in the country’s Xinjiang region through the internet is particularly notorious with the Electronic Frontier Foundation (EFF) describing it as “the world’s laboratory for internet repression” – a reference to China’s history of imprisoning bloggers and online publishers in the area, quarantining the internet in the region, and engaging in other oppressive practices.
Despite the overwhelming number of examples showing how China uses the internet to oppress its people, Apple’s drive to grow its business in the country has led to it consistently turning a blind eye to these human rights violations and making decisions that help the Chinese government censor content and spy on its citizens.
In 2017, Apple bowed to pressure from Beijing cyber regulators and removed virtual private network (VPN) services from its app store in China. VPNs are a valuable tool for Chinese users which allow them to protect their privacy by hiding their browsing activity from state surveillance operations and also bypass the “Great Firewall” of China – a firewall that blocks access to many international sites inside the country.
In 2018, Apple moved the operation of its iCloud service in China to a state-run company – a decision that made it easier for Chinese authorities to surveil Chinese Apple customers through the data they store in their iCloud account which often includes text messages, emails, and other personal communications.
In June of this year, Apple started censoring Chinese language podcasts in China during the same week as the thirtieth anniversary of the Tiananmen Square massacre. And in April, Apple Music complied with demands from the Chinese government to remove a famous song from the Hong Kong singer Jacky Cheung which mentioned the Tiananmen Square massacre.