Last month, Apple announced that it would hand over management of its Chinese iCloud data to a local, state-owned firm in China called Cloud Big Data Industrial Development Co (GCBD) at the end of February in order to comply with new laws.
Now, experts are reporting that Apple will also hold iCloud encryption keys for Chinese users in China itself, raising new concerns about government access. The new policy does not affect any iCloud users outside of China.
Compliance means Chinese authorities will have easier access to user data that’s stored in Apple’s iCloud service, especially now that, for the first time, Apple will store the keys for Chinese iClouds within China. Apple says it alone would control the encryption keys, and Chinese authorities do not have any “backdoor” to access data. Until now, such keys were exclusively stored in the US for all users. Starting February 28th, Apple’s operation of iCloud services in the country will transfer to GCBD.
Experts spoke to human rights activists who said there was fear that those in power could use the new rules to track down dissidents. In a statement, Apple said it “had to comply with recently introduced Chinese laws that require cloud services offered to Chinese citizens be operated by Chinese companies and that the data be stored in China.” Apple noted that its values don’t change even if it is “subjected to each country’s laws.”
Apple’s attempt to capitalize one of its largest growth markets has been a juggle between consumer rights and business opportunities. Last year, the company controversially removed VPN apps from its App Store in China, claiming to only be following the law in order to continue operating there. It’s also snuck in several nods to the Chinese market during its major product announcement keynotes, such as references to WeChat during its previous demonstrations of the Apple Watch. Apple chief executive Tim Cook is also due to co-chair the China Development Forum in March.