Amidst ever-growing fears of cyber-terrorism and government surveillance, just how secure is the private information you keep on your iPhone?
Do you ever worry that Siri might know too much about you? That the FBI could be reading all your embarrassing iMessages? Does Tim Cook watch from the shadows while you sleep? Apple has recently expanded on its ‘commitment to your privacy‘ website to further detail exactly how the company values and protects your security.
Since Edward Snowdon leaked classified information about global surveillance programs in 2013, the general public has become much more actively concerned with privacy issues. Since then, Apple has really stepped up its stance on the matter; CEO Tim Cook believes that “a great customer experience shouldn’t come at the expense of your privacy.” Big talk, but do the company’s actions mirror his words? Let’s find out.
Firstly, Apple does its best to ensure nobody can intercept your communications in transit: both FaceTime and iMessages use secure end-to-end encryption that only the sender and recipient can interpret. Safari in iOS 9 now allows for third-party content blockers, empowering users to block not just unwanted ads but also unsolicited tracking of your web browsing.
Apple use anonymous randomly generated identifiers when sending requests to its servers for processing, so your information can’t be traced back to you or your device. When planning a journey in Maps, for example, Apple uses two generic, random IDs – one for each half of the trip – to query its servers for directions. Small chunks of data (never the whole journey) are stored to improve the service, but crucially nothing is tied back to you. Nobody knows where you’re going or where you’ve been.
This type of careful encryption is also used for other features that store your private data, especially those that deal with health tracking or location data. Siri requests are completely anonymized (and encrypted) when processed via Apple’s servers. All of the personal information Siri learns about you is stored securely on-device, and can be wiped any time by restarting or deactivating the digital assistant from Settings.
Sometimes the police or the FBI will ask for help hacking into an iPhone as part of an investigation, but Apple isn’t comfortable enabling easy access to personal information. The company confirmed to a federal judge that it’s “impossible” to access private data on locked iPhones running iOS 8 and above, as the “keys” to access the data are encrypted securely on the device itself. Meaning Apple wouldn’t be able to crack the code even if it wanted to.
More than 90% of iPhones now run iOS 8 or above, designed to encrypt “virtually everything” within the smartphone itself rather than in the cloud. Apple has said that while it could technically “break in” to access data on older iPhones (the few still running iOS 7 or earlier), it would never do so unless forced to by law. Apple declines around three-quarters of government information requests, and reveals as little information as possible if it is forced to comply.
Recently, Silicon Valley’s biggest tech companies – including Apple, Google, Microsoft and Facebook – successfully fought a proposition from the U.S. government to allow “back door” access into their phones for use in federal investigations. Apple and co., along with some of the world’s leading cryptographers, argued that any attempt to add in government-only access to encrypted files would inherently weaken security for everyone.
The U.K. government is trying to push through a similar bill as we speak, and there’s talk of Apple withdrawing sales from the region entirely rather than compromising on its encryption standards if it passes into law. It’s not possible to create a system that only the “good guys” can use – a built-in weakness will always be a weakness, no matter the intent. Any kind of access intended only for law enforcement agencies could be exploited by hackers and cyber-terrorists.
Apple continue to make technological improvements to security. Six-digit passcodes are now the norm on iOS, and combined with the “Secure Enclave” chip in the iPhone 5s and above create an almost unbreakable level of security. The addition of Touch ID and two-step verification really help, adding additional layers of protection to your devices. Both are optional features, but we would strongly recommend setting them up if you can.
Meanwhile, with other features Apple take every liberty to keep your data safe. When so much of your life – passwords, contacts, photos, communications, finances etc. – is kept on a device that slips into your pocket, it’s important that nobody can access it without your permission. Apple Pay, once approved by your bank, doesn’t store any card numbers at all. It uses a Device Account Number and a dynamic security code to make each transaction so no significant information can be compromised or intercepted.
It’s easy to think of the biggest corporation in the world as some huge, evil beast – but Apple has shown recently that on moral and social issues it’s got its finger on the pulse. Apple under Tim Cook has planted a million trees in China, scored consistently highly on the Human Rights Campaign’s Corporate Equality Index, and taken a stand against potential government snooping.
Cook’s open letter on privacy makes a thinly-veiled jab at the way competitors like Google and Facebook make their money through targeted ads: “our business model is very straightforward. We sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t ‘monetize’ the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you.”
The bottom line is that Apple has no need for your information. Its hard-nosed stance against harvesting and distributing data is admirable, and short of a huge worldwide cover-up, we think the company can be trusted to deliver on its promises. Apple is actively trying to reduce the amount of information it collects about users, and uses clever obfuscation techniques to anonymize any data it does need.
All this doesn’t mean you should be negligent with your data – and there’s nothing wrong with a healthy pinch of cynicism towards huge corporations. Compared to the competition, though, we think Apple makes a decent security guard. There’s nowhere safer to store your digital life than an iPhone – just don’t set your passcode to 1234.
— TapSmart (@TapSmart) November 16, 2015