While there was no other information available on the paper’s website, the tweet echoes a report in the Beijing News (link in Chinese) that Apple chief executive Tim Cook informed Lu last month that Apple would let China’s State Internet Information Office conduct “security checks” on all products that it sells on the mainland. China has been concerned that Apple devices like the iPhone enable the company – or worse, US intelligence agencies – to spy on Chinese citizens.
[…]
What would “security checks” entail? Apple hasn’t provided any information on the matter and did not respond to requests for comment. But analysts said the most likely interpretation is that the company is giving Beijing access to its operating system source code in return for being able to continue to do business in China – arguably Apple’s most important market, but one that has been imperiled by regulatory obstacles.
This whole story seems highly unlikely to me. If Apple were to give the Chinese government access to the iOS source code, it’d leak all around the web in no-time. Even if Apple could somehow get a 100% guarantee that there would be no leaks, this whole thing seems incredibly un-Apple. Then again – it may simply be a fait accompli for Apple; if the Chinese government demands source code access in order for Apple to keep operating in the Chinese market, Apple may simply have no choice but to comply.
Even if this story is true, the only possible way I could remotely see this work is Apple setting up a special, dedicated office on its own premises where Chinese government officials get a peek.
“If Apple were to give the Chinese government access to the iOS source code, it’d leak all around the web in no-time”
No, just no. The Chinese government have had access to Windows source code for a long time, yet nothing has leaked.
Indeed. China has had access to Microsoft source code for years. The important point though is that both parties were open about it from the start:
http://www.informationweek.com/software/operating-systems/china-get…
The Chinese government aren’t alone in such access. Governments across the world have agreements with Microsoft to view their source code, as do hundreds of companies and universities. Although such access existed long before then, the first highly publicised example of this was Microsoft’s Government Security Program way back in 2003:
http://www.eweek.com/c/a/Security/Microsoft-Launches-Government-Sec…
I recall a friend having access to source for – amongst other things – Winsock source as far back as 1995 when we were both doing our PhDs at Cambridge; this was through an agreement between the university and Microsoft and no news of it leaked as far as I know.
It wouldn’t be in the slightest bit surprising that Apple offers similar access to governments. Embarrassing perhaps, but not surprising.
Edited 2015-01-30 03:22 UTC
I’d like to know if we can the source code of many Chineses’ products to see if there is backdoors as well. I mean, routers, Android devices, etc.
But, they have the source code to Linux and that’s leaked all around the web. Oh no.
Apple has nothing to gain from this. I doubt it’s true. If it is true, screw the Chinese. So you don’t sell iPhones in China….big deal.
And just like that, apple would concede the market to it’s competitors? You might brush it off like a trivial matter, but I don’t know if they can really afford to. Or to put it more succinctly: I don’t know if they would be willing to give up profits from one of the biggest economies in the world.
I agree with Treza, assuming they have the source, China would have no incentive to leak it. Keeping it to themselves would be to their own advantage.
Edit: Also, they have a legitimate (even if somewhat hypocritical) concern. The software likely does have vulnerabilities (intentional or not) that hackers can use to conduct international espionage against Chinese. China, as a country, faces many of the same concerns over proprietary software that we do as individuals – we have no idea what hidden “features” are present.
Edited 2015-01-30 02:59 UTC
But then again, some parts of Africa are growing very nicely and see it as the “next China” in terms of economic potential. Even China sees Africa as the next China and have become more careful about who they deal with. They’re not as dictator friendly as people might think, as African dictators tend to be very unreliable in paying back loans or holding up their end of deals.
There sales just increased 70 over last year in china, it#s where most of those billions just came from… also other countries have to bend over backwards to appease the yanks… its about time that the yanks took it in the arse too
Stop seling in China?
FYI
If US companies are forced out of the Chinese market, it could significantly hurt some of the biggest American tech companies—notably Apple. Its recent earnings call revealed a blockbuster quarter for the company, during which it sold a whopping 74.4 million iPhones over 90 days—or 34,000 iPhones sold every hour, every day of the quarter. The market with the biggest growth? China, where revenue grew by 70 percent in the most recent quarter from a year earlier, which is more than triple the growth rate in America and Europe.
Apple will serve the source in a silver platter with hoisin sauce for all they care, because stockholders will surely vote for it (maybe some precautions will be made, chinese source could be different)
welcome to capitalism 101
I guess this would benefit Xiaomi (China’s clone of Apple). And then Xiaomi would sell Apple’s confidential data to companies in other countries.
Apple needs to change its strategies. I think it should go beyond the conventional hardwares such as laptops or smartphones and start creating new hardwares and online services.
neticspace,
Xiaomi is accused of copying apple’s UIs, but they can do that just as easily without access to apple’s code. I don’t think revealing apple’s code would give them much that their developers can’t already do just by looking at the iphone. Having to wade through millions of lines of apple code would probably only slow them down.
Apple’s code is however valuable to hackers who are looking for vulnerabilities. Either to exploit them, or to defend from them, or both.
Edited 2015-01-30 04:18 UTC
It’s also valuable to other manufacturers seeking interoperability. The iPhones use a lot of proprietary protocols that are incompatible with the rest of the world by design and they don’t publish the specs on purpose. With access to the source code one can retro engineer the protocols.
yeah, until they change them. Palm did a lot of reverse engineering on itunes to get the Palm pre to work with it. Its crazy to think that apple wouldn’t do that again.
spiderman,
Can you be more specific?
Generally speaking reverse engineering is done without source, since with the source there’s no need to reverse engineer.
Apple’s code could be helpful for an actual clone. However as far as I can tell they aren’t clones at all; under the hood they are built on top of android. Xiaomi’s “clones” are merely called such by the media because of their apple-like interface. So I really don’t believe apple’s code would provide Xiaomi with anything they’d need.
Edited 2015-01-30 15:52 UTC
Well for instance they may want to sell a charger compatible with iPhones but the phone may check if the charger is genuine Apple before actually charging the battery. With access to the source code, one could understand how it checks genuine Apple and build a charger that looks genuine Apple to the software.
I have no idea how iPhone chargers work and if they check that kind of stuff and actually I’ve never owned an iPhone but that’s just an academic example so you understand what I meant.
Reverse engineer is still needed even with the source code because the source code is not the protocol specification but it helps a lot to understand how the protocol works when you have it.
Edited 2015-01-30 21:47 UTC
spiderman,
I was actually looking for a concrete example rather than hypothetical. But even so, I don’t understand why Xiaomi would even want to spec apple proprietary connectors on their own phones, given that apple would be receiving the licensing royalties for “Xiaomi” accessories.
I can’t get behind your use of “reverse engineering” source code. Most software developers will have to understand pieces of source code that they’ve not written themselves, and do it many times in their career. But that’s not really reverse engineering, it’s just part of the learning phase. Reverse engineering is a much more specialized skillset. Anyways it’s just semantics, if you want to keep using the term that way then just be aware that most developers will be thinking of something else.
Edited 2015-01-31 16:08 UTC
Actually I was not talking about Xiaomi, more about the general hardware business in China, not necessarily Apple competitors but those who would want to make compatible devices.
BTW I was using the term “reverse engineering” in the same way as you do. There has been a little misunderstanding. Understanding what the source code does is not the reverse engineering. Understanding what does the thing it is talking to is, for instance a charger in my previous example. You have the code that checks for genuine Apple device by sending a challenge to the device for example and checks for a correct answer. The reverse engineering is trying to figure out how the device is supposed to answer when challenged by the software of which you have the source.
According to Snowden the US Govt also has backdoors into Apple’s software so nothing new here…just the media is deciding to report on the Chinese having access. It’s a shame but I imagine a company like Apple wouldn’t be allowed to be as successful as it is without giving into Big Brother.
Edited 2015-01-30 05:07 UTC
That would be Apples ending, much of IOS cannot be exposed to China and other special nations without violating a whole lot of National Security laws
http://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United…
A dedicated office wouldn’t make sense to the chinese government. How would they know they’re looking at the real thing?
That said, the story is senseless and I don’t believe one bit of it.
To have a higher level of certitude they should ask not only for iOS source but for the source of any firmware running on the phone including the baseband chipset.
They should also make sure that all binaries match 100% the source code. Since Apple does frequent updates thorough source code audit will be hard to accomplish.
They should also ask for hardware designs of the chipsets. Backdoors can be built into hardware.
Since most of the hardware is produced in China, they probably already have it.
The hardware is assembled in china. The components are made in Japan and Germany (mainly). Chinas part of the iPhones total value chain is less than 5%.. (Some calculates it as less than 3%)
Yea but they’re the ones manufacturing apple’s devices anyways, if anything it’s probably China’s back doors that we have to worry about.
[puts on tinfoil hat]
Edited 2015-01-30 15:24 UTC
that i was the real code
… just some modified code they want the chinese to thinnk is teh real code… all NSA/CIA/FBI backdoors removed
Then they can compile it and compare the binaries and call Apple on that. I don’t think Apple could get away with that. However I believe it is entirely possible that Apple would give them kind of obfuscated code like the binary blobs you find in the linux driver sources, but maybe more subtle.
No, the classic Ken Thompson hack is but one way around this challenge.
Being frequently asked how to recover the password for root, Ken provided a backdoor in Unix login.
He built the backdoor into the compiler, not the login code, so that verifying that the login code was “safe” and then recompiling it wouldn’t remove the backdoor.
He also built the compiler to include the backdoor code for login even when the backdoor code was removed from the compiler, so verifying that the compiler also had no backdoors and recompiling the compiler before recompiling login wouldn’t keep the backdoor out of login.
And this wasn’t even an original idea. He got the idea from a 1974 Air Force paper addressing possible Multics vulnerabilities.
It’s been 40 years, so we needn’t be so obvious about backdoors now. 😀
Read the technical details at http://cm.bell-labs.com/who/ken/trust.html .
Sounds to me as equally useless as the source code access Microsoft grants several goverments around the world.
Without the capability of building and installing the reviewed software or at least building and getting the exact same binary, what value does having access to the source have in terms of trust?
It’s completely meaningless that China or anyone has access to the source code for anything they want to verify in binary form. There is no way to verify the binary you are running came from the source code you are looking at. Source code access is meaningless.
This is important for more than operating systems. Consider black box electronic voting machines. That you verified some source code to not contain flaws or hacks literally means nothing.
1
Browser: Mozilla/4.0 (compatible; Synapse)