Apple shares Chinese users' iCloud data with state-owned telecom

There are some bad news for Chinese iCloud users – their account data will be tracked by governmental institution

Chinese citizens who use iCloud can be in trouble, as their data is now accessible by the governamental-based institution

Back in February 2018, Apple transferred^[1] various personal data of Chinese iCloud users to a China-based telecommunications company Guizhou-Cloud Big Data (GCBD). Knowing the sad situation of freedom of speech^[2] in the largest populated country in the world, personal information of its citizens browsing history and messages disclosure to the state might lead to severe consequences. Unfortunately, that's precisely what happened, as this data will now be owned by China Telecom.

While the move received criticism from human rights activists, who warned that it could be tremendously dangerous to protesters and government detractors, Apple responded that it had no choice but to oblige, in order to keep the business in China going. Nevertheless, it was clear that GCBD had apparent ties to the state before, during and after the information transfer.

The data handed over from the US servers consisted of photos, email and text messages, phone numbers and other information of 130 million Chinese users' iCloud accounts. The disclosure of such information might seriously compromise Chinese users' security and privacy.

Apple did try to deny the change

While Apple was storing all personal data of its users on the US servers, China passed National Security Law,^[3] which made the company oblige and transfer data to Guizhou-Cloud Big Data. Initially, Apple said that it is against such a change:

While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful. Our choice was to offer iCloud under the new laws or discontinue offering the service. We elected to continue offering iCloud as we felt that discontinuing the service would result in a bad user experience and less data security and privacy for our Chinese customers

Nevertheless, Apple agreed in the end, stating, that canceling the service to Chinese-based users “would result in a bad user experience and less data security and privacy for our Chinese customers.” They forgot to mention the profits they would lose, however. Well, in such situation, no high-profile organization wants to show itself as a financial benefit-seeking company, especially when we are talking about the safety of Chinese people.

Additionally, Apple tried to soften the situation by implying that, even if the data is stored on Chinese servers, the encryption keys are not, and there was no deal made with the Chinese government that would allow it to access this information.

However, the National Security Law also allows Chinese authorities to bypass any kind of encryption or other security measures that protect personal information in order to gain access to it.

Chinese iCloud users have a solution, although not many might opt for it

Although Apple was forced to hand over the data under the Chinese law but did not want to stop the service altogether, Chinese users may consider terminating all ties with the company because of the safety reasons. It is understandable, as censorship in China is quite extreme to any Western user. The internet is highly censored, and most popular platforms like Twitter, Google, and others are not allowed. Instead, the state replaced these sites with its own.

Chinese users often rely on the VPN^[4] usage or other identity-hiding features, not only to access Facebook and similar widely used platforms but also participate in the political debates such as infinitive ruling time of Xi Jinping,^[5] and movements for human rights. Now, with this iCloud data change, it is highly likely that many users will choose to leave the service altogether.

Apple users in China have another choice – to change the country location. Nevertheless, it is not clear how safe this move is. The only 100% secure method would be to delete the iCloud account and create a new one that is based in another location. This would ensure that the data would be stored on the US server.