Apple has long positioned the iPhone as a bastion of privacy. The tech giant’s marketing campaigns have hammered home the message: “Your iPhone is your private domain. Privacy. That’s the iPhone way.”
However, recent court filings reveal a starkly different narrative. Apple’s legal team has stated, “Considering Apple’s comprehensive privacy disclosures, it would be unreasonable for a user to believe their activities within Apple’s apps would remain hidden from Apple.”
What Does Apple Know About You?
We delve into the data Apple collects and spotlight two recent disclosures: Apple’s clandestine data sharing with law enforcement and a security loophole potentially exploited by the Chinese government for political suppression.
Apple’s Access to Your Data
Contrary to the assertion that your iPhone activities remain on your iPhone, Apple persistently collects data from your device when you use Apple services, the App Store, or the Apple News or Stocks apps, each governed by its privacy policy.
Apple has access to all your data in iCloud Mail, Contacts, and Calendar. If you use these apps, end-to-end encryption is not an option.
By default, Apple can also view your photos, iCloud and Messages backups, notes, reminders, voice memos, and more. However, you can activate end-to-end encryption for this data by enabling Advanced Data Protection.
We previously discussed the limitations of Apple’s encryption in our article about iCloud privacy.
Apple’s Expanding Advertising Business
There’s a common belief that as a hardware company, Apple doesn’t need to amass personal data. But as computer and phone sales decelerate, the company is exploring new revenue streams.
From 2022 to 2023, Apple’s hardware sales plummeted by over $18 billion. Conversely, revenue from services, including advertising, has been on a steady uptick.
To serve targeted ads, Apple gathers information about your device, location, App Store searches, shows you watch, and books and articles you read.
Apple’s Covert Sharing of Push Notifications with Law Enforcement
In December 2023, a US senator disclosed that Apple had been served sealed court orders, compelling it to secretly share push notification data with law enforcement agencies in the US and undisclosed foreign countries. Apple maintains that federal authorities forbade them from revealing these surveillance requests.
Being a US-based company, Apple is susceptible to such clandestine surveillance. However, Apple did not implement even basic measures to safeguard users’ privacy, such as demanding a court order before divulging push notifications. The company discreetly updated its privacy policy in the wake of the controversy.
Contrastingly, Proton, headquartered in Switzerland, would be breaking the law if it complied with a foreign request without a valid Swiss court order. We not only insist on court orders but also frequently contest them.
AirDrop: A Potential Tool for Political Repression
In January, another incident came to light. Security researchers in Beijing discovered an Apple bug that enables attackers to identify senders via AirDrop. Chinese government officials reportedly used this to pinpoint individuals disseminating “inappropriate information”.
Interestingly, a German research group had alerted Apple to this very issue back in 2019, but the company failed to rectify the problem. The group eventually released an open-source fix in 2021, but Apple left the vulnerability unaddressed.
Enhancing Your iPhone Privacy
Despite the issues, Apple still offers superior privacy, robust security features, and an excellent user experience compared to other hardware manufacturers. If you’re an Apple user, there are several steps you can take to keep your data private.
- Activate Advanced Data Protection or disable iCloud syncing if not required. You can also enable Advanced Data Protection while deactivating iCloud specifically for services that don’t support end-to-end encryption, such as Mail or Calendar. Additionally, you can disable location tracking for apps that don’t require it.
- Switch to privacy-centric alternatives for Apple Mail, Calendar, iCloud, iMessage, and other apps. Signal is an encrypted messenger service. Proton provides end-to-end encrypted alternatives for email, calendar, cloud storage, and password management.