All the recent talk about Apple, 'the guys who care about your privacy', has seen them go from "what happen on your iPhone stays on your iPhone" to "but it's all about the children!"

So let's start with CSAM (child sexual abuse material), of course we need to protect our children, and I am sure Apple is trying to do just that, however, the road to hell is paved with good intentions. And let's get this out of the way, Apple was never your friend. And this is where things getting tricky with CSAM.

By doing this on a country by country basis, the hashed file being uploaded to your phone was not prepared by, nor can it be verified by Apple, but it was given to them!. Now let's assume for now that the file only has CSAM hashes on it at this time, what guarantees that this will be the case in the future?

What if a government gives Apple a file that includes other hashes. Perhaps a picture of Winnie the Pooh in China or a picture of an activist they want to locate?

Let's rewind to the mass demonstrations in Hong Kong 2 years back. Apple pulled an app from the store that tracked the locations of both police and demonstrators. Apple's justification was that the app encouraged illegal activities. This, unsurprisingly, was after a vitriolic piece in the People’s Daily (the mouthpiece newspaper of the Chinese Communist Party) stating that:

“Letting poisonous software have its way is a betrayal of the Chinese people’s feelings”.

It showed that Apple would bend to the Chinese Government, after all profits before people, right? However, consider that people could have used the app to avoid getting in to the clashes on their way to work or a Mother not wanting their children to get teargassed?

Consider also that Apple makes most of its hardware in China, and they can't just pull out of their largest market (with the cheapest child labor!) And it didn't stop with the 'crowd' app  as the New York Times app, VPN apps and other news apps were also removed from the Chinese app store.

The new iCloud + Privacy Relay has just launched, but has already been removed in some countries. It shows Apple follows the dictats pf oppressive Governmental 'requests' and guidelines.

Working condition violations have never been a big concern for Apple as these date back so far it is almost ignored yet numerous pieces have appeared over the years exposing these and data manipulation. Below are a selection of some of these, just to give you a flavor for their 'hidden' corporate culture:

Apple's rotten timeline

IT’S OFFICIAL: Apple Has Brainwashed The Whole Country -- How Else To Explain The Lack Of Outrage Over Apple’s Secret Location Tracking?

Business InsiderHenry Blodget

How to make cheap iPhones and undercut Foxconn: 12-hour workdays, unpaid overtime and no holidays

A report out this morning alleges that working conditions at three Chinese factories operated by Pegatron, a Taiwanese manufacturer of Apple products, violate both Apple’s…

QuartzLeo Mirani

https://www.washingtonpost.com/news/the-switch/wp/2013/12/18/research-shows-how-macbook-webcams-can-spy-on-their-users-without-warning/

Researchers challenge Apple’s claim of unbreakable iMessage encryption

A close look at Apple’s iMessage system shows the company could easily intercept communications on the service despite its assurances to the contrary, researchers claimed Thursday at a security conference.

MacworldJeremy Kirk

Apple ‘failing to protect Chinese factory workers’

Poor treatment of workers in the Chinese factories which make Apple products is discovered by an undercover BBC Panorama investigation.

BBC NewsRichard Bilton

The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud

As nude celebrity photos spilled onto the web over the weekend, blame for the scandal has rotated from the scumbag hackers who stole the images to a researcher who released a tool used to crack victims’ iCloud passwords to Apple, whose security flaws may have made that cracking exploit possible in t…

WIREDCondé Nast

Also in 2014 FSecure discovered - Bob and Alice Discover a Mac OPSEC Issue

GitHub - fix-macosx/yosemite-phone-home: Corpus of data automatically shared with Apple by a standard installation of OS X Yosemite.

Corpus of data automatically shared with Apple by a standard installation of OS X Yosemite. - GitHub - fix-macosx/yosemite-phone-home: Corpus of data automatically shared with Apple by a standard i...

GitHubfix-macosx

Most vulnerable operating systems and applications in 2014

An average of 19 vulnerabilities per day were reported in 2014, according to the data from the National Vulnerability Database (NVD). In this article, I look at some of the trends and key findings for 2014 based on the NVD’s database.

GFI BlogCristian Florian

Edward Snowden says secret Apple spyware is the reason he won’t use an iPhone

Is Apple’s wildly popular iPhone series hiding spyware that can collect information about users without their knowledge. As thoroughly as developers have dug through Apple’s iOS code over the past seven and a half years, one would think functionality like that would have been unearthed by now. Accor…

BGRZach Epstein

Apple under fire again for working conditions at Chinese factories

BBC investigation finds excessive hours and other problems persist despite promises to clean up act after Foxconn suicides

The GuardianAgence France-Presse

Apple warned 6 months ago that iCloud was vulnerable to brute-force attacks

A security research reported the bug in iCloud’s security to Apple back in March.

The Daily DotDell Cameron

Undocumented iOS Features left Hidden Backdoors Open in 600 Million Apple Devices

The Hacker News is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.

The Hacker NewsMohit Kumar

Apple Upgrade Tracks Customers Even When Marketing Apps Are Off

Apple’s Bluetooth-based customer tracking system, iBeacon, just got better, if you ask marketers. But privacy researchers aren’t so sure.

NPRMartin Kaste

Ex-NSA Researcher Finds Sneaky Way Past Apple Mac’s Gatekeeper

An ex-NSA staffer claims to have found a new way to bypass Apple Mac OS X security mechanisms, in particular the Gatekeeper tool. The problem is exacerbated by the fact that many software providers aren’t encrypting their downloads, including all major anti-virus vendors for Apple’s desktop OS.

ForbesThomas Brewster

Apple begins storing users’ personal data on servers in China

Apple Inc <AAPL.O> has begun keeping the personal data of some Chinese users on servers in mainland China, marking the first time the tech giant is storing user data on Chinese soil.

ReutersGerry Shih, Paul Carsten

Attacks accessing Mac keychain without permission date back to 2011

Technique lets rogue apps ask for keychain access, then click OK.

Ars TechnicaDan Goodin

Safari bug saves Web page URLs in Private mode | MacIssues

MacIssuesTopher Kessler

https://www.blackhat.com/presentations/bh-usa-09/CHEN/BHUSA09-Chen-RevAppleFirm-PAPER.pdf

Apple Admits Siri Voice Data is Being shared with Third Parties

The Hacker News is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.

The Hacker NewsWang Wei

Apple is under fire for “excessive overtime” and illegal working conditions in another Chinese factory

When Apple cuts costs, workers pay.

QuartzAnanya Bhattacharya

Latest Foxconn Worker Deaths Build Case For Apple To Move Operations From China

Sadly, Chinese factory workers have once again fallen victim to this whole global mass manufacturing cycle. There’s no doubt that the world’s most valuable company can do more.

ForbesBen Sin

Life and death in Apple’s forbidden city

In an extract from his new book, Brian Merchant reveals how he gained access to Longhua, the vast complex where iPhones are made and where, in 2010, unhappy workers started killing themselves

The GuardianBrian Merchant

Apple might be helping governments spy on users in real time

Two unrelated reports suggest that Apple might have the technical capability of mass spying on its customers in a certain area and feeding the obtained information to intelligence agencies that would be able to take immediate measures. Apple has long maintained that the privacy and security for its …

BGRChris Smith

Suicide at Chinese iPhone factory reignites concern over working conditions

A US-based Chinese workers’ rights organisation has claimed that a factory worker at a firm that produces Apple’s iPhones in China, died after jumping from a building on Saturday.

The TelegraphJamie Fullerton

My phone is spying on me, so I decided to spy on it

Do you know what personal details your phone is sharing about you when you’re not looking? We decided to try to find out for sure. What do you think we’ll find?

ABC News

Apple, Foxconn Broke a Chinese Labor Law to Build Latest iPhones

Apple Inc. and manufacturing partner Foxconn violated a Chinese labor rule by using too many temporary staff in the world’s largest iPhone factory, the companies confirmed following a report that also alleged harsh working conditions.

BloombergMark Gurman

Apple bans Hong Kong protest location app

The smartphone app provides information about the location of police and where tear gas was being used.

BBC NewsBBC News

Apple Pulls Hong Kong Protest App From App Store Following Chinese Criticism [Updated]

Apple News

MacRumorsTim Hardwick

Apple contractors ‘regularly hear confidential details’ on Siri recordings

Workers hear drug deals, medical details and people having sex, says whistleblower

The GuardianAlex Hern

Opinion: Apple’s relationship with China is turning into a massive liability

Apple’s relationship with China has never been an easy one. Indeed, I wrote a piece a couple of years ago arguing that the company was in a no-win position

9to5MacBen Lovejoy

The Washington Post in 2019 - It’s the middle of the night. Do you know who your iPhone is talking to?

The Verge reported in 2019 Apple’s hired contractors are listening to your recorded Siri conversations, too

One very bad Apple

Why is Apple’s commitment to privacy going down the drain?

Normcore TechVicki Boykis

https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garman.pdf

Also in 2020 TheNextWeb reported The FBI is cracking iPhone 11s without Apple’s help, so why does it need a backdoor?

Interesting discussion about facebook and others apps capabilities inside iOS, take it with a grain of salt.

Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources

Apple Inc <AAPL.O> dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

ReutersJoseph Menn

Against the Cult of Apple

The backlash against Big Tech has spared the purveyor of beautiful crystal prisons. Apple doesn’t deserve a pass.

SlateCory Doctorow

Apple fined for slowing down old iPhones

Apple agrees to pay a £21m fine in France for not making it clear that it slowed down old iPhones.

BBC NewsBBC News

The issue doesn't end if a Government request comes in, but also with false positives.

Of course this then goes to a human review, but do you feel comfortable that your private pictures, perhaps even of your own children, are being reviewed by someone at Apple? And it does lead to the next big question "if our pictures are E2EE and "not even Apple can see them" how is the human reviewing even possible?"

Let's not forget Pegasus…

Pegasus - The flying Trojan horse?!? NSO’s spyware

Introduction The background to the latest government sponsored attack on privatecommunications via NSO Pegasus July 2021 - Amnesty International and The Citizen Lab[https://www.citizenlab.co/] publish a report indicating the widespread usage ofthe NSO Group’s Pegasus software. Pegasus is defi…

Decentralize.TodayBig H

All in all this is not a flattering look at your 'privacy partner', Apple! No, Apple is not your friend, Apple is great at marketing, it started in 1984 where Apple claimed this is why 1984 will never be like 1984. The problem is that them now in 2021 is so much further ahead of Orwell's nightmarish Blueprint! Do you really want to trust Apple in its closed garden setup with this new method to 'protect children'?

Don't get me wrong, I want to believe, but a lot of things can be going awry. I am not saying it will, and if it is only "appropriate and approved" CSAM hashes that are scanned by the phone or device and nothing else can ever be added then all well and good, Apple claims there is "almost no way to get a false positive" and that sounds good but in the end we need to trust that Apple will not add anything else, nor that governments will force them to send one more hash...

Apple addressed these concerns in a rushed FAQ file:

https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf

However, all I read out of this is "trust us"! But why would we? They failed people in Hong Kong before where one wrong hash reported to a bad government can cost lives. And it is something I just don't feel comfortable recommending. Thankfully we have options, such as Linux, GrapheneOS or CalyxOS.

Till we meet again in another episode of EXPOSED!